Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Plis plis plis.. Help me..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Plis plis plis.. Help me..

Unread postby Dangica » October 5th, 2007, 9:57 am

Hi, helper..
3 days ago my comp was infected by some spyware or virus, i don't know, i can't figure it. The thing I know that my comp had a problem is there are a fake pop up message that telling that My Computer was infected, and something about can't open file name printer.exe. Also I couldn't open the task manager, properties my comp, and control panel is hide from start menu.

I've try SmithFraudFix, I can open the task manager again and the pop-up message didn't come again, but I can't open the properties My computer,& still no Control Panel in start menu. Every time i click it, it said there's a restriction.. Anyway, I also can't restore it in system restore.
And when I try to fix in spybot-search and destroy, my computer get error, the screen was blank.

Anyway, this is my HijackThis Log..

Can you help me find out the problems and fix it, please...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:06, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97224F77-3FEE-4D00-8F27-572B366293D6}: NameServer = 202.134.2.5,202.134.0.155
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB69C402-F8D2-4642-9A8E-2BF8198205F4}: NameServer = 202.155.36.178
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: hadjajr.ini
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 14261 bytes
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am
Advertisement
Register to Remove

Unread postby random/random » October 6th, 2007, 12:21 pm

Right click here and click save link as
Save it as resetteatimer.bat to your desktop

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Double click on resetteatimer.bat and wait for it to finish

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Combofix log

Unread postby Dangica » October 9th, 2007, 9:04 am

ComboFix 07-10-09.3 - TOSHIBA 2007-10-09 19:57:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.457 [GMT 7:00]
Running from: C:\Documents and Settings\TOSHIBA\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ranggaraybusuk.exe.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 19:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 18:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-09 16:08 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-09 16:08 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-07 04:41 <DIR> d-------- C:\WINDOWS\pss
2007-10-04 22:21 <DIR> d-------- C:\WINDOWS\A5W_DATA
2007-10-04 22:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 22:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-10-04 22:21 <DIR> d-------- C:\Program Files\Common Files\Novell Files
2007-10-04 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cerience
2007-10-04 20:17 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-04 20:17 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-04 20:17 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-04 18:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2
2007-10-03 14:28 4,934 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-03 05:32 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-03 05:31 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-10-02 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 23:51 <DIR> d-------- C:\Program Files\SEMD60
2007-10-01 23:37 <DIR> d-------- C:\WINDOWS\Baystate
2007-09-25 16:44 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-09-25 16:40 <DIR> d-------- C:\Program Files\Cerience
2007-09-25 16:28 <DIR> d-------- C:\Documents and Settings\TOSHIBA\Application Data\iSilo
2007-09-25 16:27 <DIR> d-------- C:\Program Files\iSilo
2007-09-09 23:05 <DIR> d-------- C:\Documents and Settings\TOSHIBA\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 15:20 --------- d-----w C:\Program Files\Roller Rush
2007-10-04 15:20 --------- d-----w C:\Program Files\Mario Forever
2007-10-04 15:20 --------- d-----w C:\Program Files\Golf Adventure Galaxy
2007-10-04 15:20 --------- d-----w C:\Program Files\Garden Dreams
2007-10-04 15:20 --------- d-----w C:\Program Files\DivX
2007-10-04 15:20 --------- d-----w C:\Program Files\CheboMan
2007-10-02 15:50 --------- d-----w C:\Program Files\Lavasoft
2007-10-02 14:18 --------- d-----w C:\Program Files\Yahoo!
2007-10-01 12:41 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Image Zone Express
2007-10-01 11:15 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\SiteAdvisor
2007-09-29 07:21 --------- d-----w C:\Program Files\Prayer
2007-09-25 09:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 10:53 --------- d-----w C:\Program Files\Toshiba Games
2007-09-14 06:56 --------- d-----w C:\Program Files\DOSBox-0.63
2007-09-08 18:26 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-09-06 14:03 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Yahoo!
2007-09-06 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-17 16:46 300 ----a-w C:\Documents and Settings\TOSHIBA\Application Data\wklnhst.dat
2007-08-17 10:34 --------- d-----w C:\Program Files\iColorFolder
2007-08-17 08:33 --------- d-----w C:\Program Files\IrfanView
2007-08-17 07:41 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\IrfanView
2007-08-16 18:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-08-08 20:36 532,480 ----a-w C:\WINDOWS\system32\The Simpsons Movie.scr
2007-07-30 12:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 12:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 12:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 12:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 12:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 12:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 12:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 12:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-11 03:26 254,680 ----a-w C:\Program Files\wddu.exe
2007-03-11 17:45 251 ----a-w C:\Program Files\wt3d.ini
2007-04-01 11:37:27 0 --sha-w C:\WINDOWS\ms.config.exe
2007-04-01 11:37:27 0 --sha-w C:\WINDOWS\ms.config`.exe
2007-04-01 11:37:27 0 --sha-w C:\WINDOWS\rm.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TDispVol"="TDispVol.exe" [2005-03-12 06:03 C:\WINDOWS\system32\TDispVol.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 12:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 12:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 12:55]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 05:02]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 15:34]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 15:32]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 18:37]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 21:29 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 03:25]
"TPSMain"="TPSMain.exe" [2005-06-01 12:00 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 07:13]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 20:20]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 08:37]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-06 03:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-29 02:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 09:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 22:50]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 05:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 17:59]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-16 16:56]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 06:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RepliGo Assistant"="C:\Program Files\Cerience\RepliGo\RepliGoMon.exe" [2004-03-20 04:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 15:32]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-03-15 01:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\TOSHIBA\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-04 18:36:30]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-21 00:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [2007-03-27 08:01:47]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 23:31:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dcebe1c-d92e-11db-ab8f-0018de0685ce}]
Auto\command - infrom.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38b1c1f6-dc17-11db-ab99-0018de0685ce}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe r4n694-24y.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64416484-e6fa-11db-a38d-0018de0685ce}]
Auto\command - E:\infrom.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36e5b3a-dbfe-11db-ab97-00a0d1507fd8}]
Auto\command - infrom.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c994ad40-3e42-11dc-a465-0018de0685ce}]
Auto\command - infrom.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f98b9d91-e7da-11db-a391-0018de0685ce}]
AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-14 18:19:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-06-30 18:00:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-09 12:49:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-09 13:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{440B4034-AD3A-4136-87D1-97120773906B}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 19:59:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 20:00:26
C:\ComboFix-quarantined-files.txt ... 2007-10-09 20:00
.
--- E O F ---
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

HijackThis log

Unread postby Dangica » October 9th, 2007, 9:04 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:52, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97224F77-3FEE-4D00-8F27-572B366293D6}: NameServer = 202.134.2.5,202.134.0.155
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB69C402-F8D2-4642-9A8E-2BF8198205F4}: NameServer = 202.155.36.178
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 13726 bytes
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

Unread postby Dangica » October 9th, 2007, 9:14 am

FYI, now the control panel has show, and i can open it. But, before I open the properties of my com, the restriction message still came, when i click ok, the system properties show. What's up with that? Thank you anyway
;)
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

Unread postby random/random » October 9th, 2007, 3:20 pm

FYI, now the control panel has show, and i can open it. But, before I open the properties of my com, the restriction message still came, when i click ok, the system properties show. What's up with that? Thank you anyway


I'm not sure quite what you mean by that, please explain in more detail

You're running HijackThis from within a zip file, please extract it to a permanent folder such as C:\HJT

Then please upload these files:

C:\Program Files\wddu.exe
C:\Program Files\wt3d.ini

To either jotti or virustotal

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: Select all
    File::
    C:\WINDOWS\ms.config.exe
    C:\WINDOWS\ms.config`.exe
    C:\WINDOWS\rm.exe
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dcebe1c-d92e-11db-ab8f-0018de0685ce}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38b1c1f6-dc17-11db-ab99-0018de0685ce}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64416484-e6fa-11db-a38d-0018de0685ce}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a36e5b3a-dbfe-11db-ab97-00a0d1507fd8}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c994ad40-3e42-11dc-a465-0018de0685ce}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby Dangica » October 10th, 2007, 2:28 am

I'm sorry if my english isn't really good.. :oops:

You know my problems are I can't open the control panel,control panel was hide from start menu, I can't open the properties of my computer, and also a restriction box that always showed up when i try to open control panel and properties.

after doing your 1st solution, the control panel isn't hiding anymore. And I can open it. I also can open the properties but before the properties box open the restriction box still showed up.

And after doing you 2nd solution, the restriction box never show up again.

Thank you so much for your help! :) :) :)

Anyway i've upload the files, and the report is those are not virus.

And this is the log..

ComboFix 07-10-09.3 - TOSHIBA 2007-10-10 13:11:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.430 [GMT 7:00]
Running from: C:\Documents and Settings\TOSHIBA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TOSHIBA\Desktop\CFscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\ms.config.exe
C:\WINDOWS\ms.config`.exe
C:\WINDOWS\rm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ms.config.exe
C:\WINDOWS\ms.config`.exe
C:\WINDOWS\rm.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 12:59 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-09 19:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 18:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-09 16:08 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-09 16:08 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-07 04:41 <DIR> d-------- C:\WINDOWS\pss
2007-10-04 22:21 <DIR> d-------- C:\WINDOWS\A5W_DATA
2007-10-04 22:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 22:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-10-04 22:21 <DIR> d-------- C:\Program Files\Common Files\Novell Files
2007-10-04 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cerience
2007-10-04 20:17 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-04 20:17 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-04 20:17 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-04 18:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2
2007-10-03 14:28 4,934 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-03 05:32 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-10-03 05:31 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-10-02 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 23:51 <DIR> d-------- C:\Program Files\SEMD60
2007-10-01 23:37 <DIR> d-------- C:\WINDOWS\Baystate
2007-09-25 16:44 1,009,152 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-09-25 16:40 <DIR> d-------- C:\Program Files\Cerience
2007-09-25 16:28 <DIR> d-------- C:\Documents and Settings\TOSHIBA\Application Data\iSilo
2007-09-25 16:27 <DIR> d-------- C:\Program Files\iSilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-09 21:26 --------- d-----w C:\Program Files\DOSBox-0.63
2007-10-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 15:20 --------- d-----w C:\Program Files\Roller Rush
2007-10-04 15:20 --------- d-----w C:\Program Files\Mario Forever
2007-10-04 15:20 --------- d-----w C:\Program Files\Golf Adventure Galaxy
2007-10-04 15:20 --------- d-----w C:\Program Files\Garden Dreams
2007-10-04 15:20 --------- d-----w C:\Program Files\DivX
2007-10-04 15:20 --------- d-----w C:\Program Files\CheboMan
2007-10-02 15:50 --------- d-----w C:\Program Files\Lavasoft
2007-10-02 14:18 --------- d-----w C:\Program Files\Yahoo!
2007-10-01 12:41 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Image Zone Express
2007-10-01 11:15 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\SiteAdvisor
2007-09-29 07:21 --------- d-----w C:\Program Files\Prayer
2007-09-25 09:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 10:53 --------- d-----w C:\Program Files\Toshiba Games
2007-09-09 16:05 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Talkback
2007-09-08 18:26 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-09-06 14:03 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\Yahoo!
2007-09-06 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-17 16:46 300 ----a-w C:\Documents and Settings\TOSHIBA\Application Data\wklnhst.dat
2007-08-17 10:34 --------- d-----w C:\Program Files\iColorFolder
2007-08-17 08:33 --------- d-----w C:\Program Files\IrfanView
2007-08-17 07:41 --------- d-----w C:\Documents and Settings\TOSHIBA\Application Data\IrfanView
2007-08-16 18:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-08-08 20:36 532,480 ----a-w C:\WINDOWS\system32\The Simpsons Movie.scr
2007-07-30 12:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 12:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 12:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 12:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 12:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 12:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 12:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 12:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-11 03:26 254,680 ----a-w C:\Program Files\wddu.exe
2007-03-11 17:45 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_20.00.00,64 )))))))))))))))))))))))))))))))))))))))))
.
----a-r 17,891,112 2006-10-27 08:07:36 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
----a-r 2,939,704 2006-10-27 08:16:46 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
----a-r 12,813,096 2006-10-27 08:16:48 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
----a-r 263,520 2006-10-26 13:55:44 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
----a-r 272,744 2006-10-26 13:55:44 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
----a-r 17,483,560 2006-10-27 08:23:08 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
----a-r 8,140,480 2004-03-22 12:58:02 C:\WINDOWS\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.6361\OWC11.DLL
----a-r 1,165,584 2007-10-10 03:41:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-10 03:41:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-10 03:41:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-10 03:41:16 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-10 03:41:15 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 135,168 2007-10-10 03:40:45 C:\WINDOWS\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\spuninst.exe
------w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\advpack.dll
------w 214,528 2006-10-17 05:57:50 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\dxtrans.dll
------w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\extmgr.dll
------w 61,952 2006-10-17 05:58:20 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\icardie.dll
------w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ie4uinit.exe
------w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ieakeng.dll
------w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ieaksie.dll
------w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ieakui.dll
------w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ieapfltr.dll
------w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\iedkcs32.dll
------w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ieframe.dll
------w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\iernonce.dll
------w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\iertutil.dll
------w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\ieudinit.exe
------w 625,152 2007-06-27 08:27:30 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\iexplore.exe
------w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\jsproxy.dll
------w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\msfeeds.dll
------w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\msfeedsbs.dll
------w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\mshtml.dll
------w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\mshtmled.dll
------w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\msrating.dll
------w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\mstime.dll
------w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\occache.dll
------w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\url.dll
------w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\urlmon.dll
------w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\webcheck.dll
------w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2gdr\wininet.dll
------w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\advpack.dll
------w 214,528 2006-10-17 05:57:50 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\dxtrans.dll
------w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\extmgr.dll
------w 61,952 2006-10-17 05:58:20 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\icardie.dll
------w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ie4uinit.exe
------w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ieakeng.dll
------w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ieaksie.dll
------w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ieakui.dll
------w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ieapfltr.dll
------w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\iedkcs32.dll
------w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ieframe.dll
------w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\iernonce.dll
------w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\iertutil.dll
------w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\ieudinit.exe
------w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\jsproxy.dll
------w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\msfeeds.dll
------w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\msfeedsbs.dll
------w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\mshtml.dll
------w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\mshtmled.dll
------w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\msrating.dll
------w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\mstime.dll
------w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\occache.dll
------w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\url.dll
------w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\urlmon.dll
------w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\webcheck.dll
------w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\backup\sp2qfe\wininet.dll
------w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\sp2qfe\ieapfltr.dat
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\f348633361604b38c5043cb154093e26\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\spuninst.exe
------w 683,520 2007-05-16 15:12:02 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\backup\sp2gdr\inetcomm.dll
------w 683,520 2007-05-16 15:12:02 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\backup\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\update\updspapi.dll
----a-w 166,976 2007-10-09 16:18:20 C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d.exe
.
----a-r 1,165,584 2007-10-09 11:20:38 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
----a-r 20,240 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
----a-r 159,504 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
----a-r 184,080 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
----a-r 217,864 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
----a-r 18,704 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
----a-r 35,088 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
----a-r 845,584 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
----a-r 922,384 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
----a-r 272,648 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
----a-r 888,080 2007-10-09 11:20:39 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
----a-r 1,172,240 2007-10-09 11:20:38 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
----a-r 135,168 2007-04-21 11:22:54 C:\WINDOWS\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TDispVol"="TDispVol.exe" [2005-03-12 06:03 C:\WINDOWS\system32\TDispVol.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 12:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 12:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 12:55]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 05:02]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 15:34]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 15:32]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 18:37]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 21:29 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 03:25]
"TPSMain"="TPSMain.exe" [2005-06-01 12:00 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 07:13]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 20:20]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 08:37]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-06 03:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-29 02:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 09:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 22:50]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 05:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 17:59]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-16 16:56]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 06:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RepliGo Assistant"="C:\Program Files\Cerience\RepliGo\RepliGoMon.exe" [2004-03-20 04:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 15:32]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-03-15 01:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\TOSHIBA\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-04 18:36:30]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-21 00:57:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [2007-03-27 08:01:47]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 23:31:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f98b9d91-e7da-11db-a391-0018de0685ce}]
AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-08-14 18:19:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-06-30 18:00:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-10 05:53:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-09 14:10:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{440B4034-AD3A-4136-87D1-97120773906B}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 13:14:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 13:15:22
C:\ComboFix-quarantined-files.txt ... 2007-10-10 13:15
C:\ComboFix2.txt ... 2007-10-09 20:00
.
--- E O F ---

Is there anything I should do?
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

Unread postby random/random » October 10th, 2007, 12:35 pm

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby Dangica » October 12th, 2007, 3:59 am

I've up date the Java.

anyway, i've try to scan from ESET. But everytime it scan to C:\WORKSSETUP\OFFICE\FILES\PFILES\MSOFFICE\OFFICE11\1033\WDREADME, the scan is stop..

I wait for 3 hour but still not finish yet..

Is it always like that?
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

Unread postby random/random » October 12th, 2007, 2:52 pm

Go to Start, Run and type cmd and hit <Enter>
When the command window comes up, type :
chkdsk c:
hit <Enter> again.
Maximize the command window, and wait for the scan to finish.
Read the results carefully to see if it says that it found problems with your file system.
------------------------------------------------------------------------
IF it has found any problems with your file system,
Go To Start, Run and type cmd
hit <Enter>
Type this into the command window at the prompt:
chkdsk c: /F <==notice the /F, with one space between c: and /F
hit <Enter>
You will get a message that the volume is locked, and a request to do the repair on Reboot.
Answer Y
Then type exit to close the Command window.
Go to Start, Turn Off Computer and choose Reboot
It will scan again and make the repairs as the first part of the reboot process.

After it reboots, run the first sequence again (without the /F parameter), and see if it still shows an error.
Tell me what it found originally, and if there was a problem, whether the final sequence showed no errors.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby Dangica » October 13th, 2007, 10:14 am

The error still found even after the final sequence..
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

Unread postby random/random » October 13th, 2007, 10:18 am

If chkdsk can't fix the errors, then that may well be the sign of a failing harddrive

As such, I suggest you make sure that all your important files are backed up, and consider replacing the harddrive
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby Dangica » October 13th, 2007, 10:25 am

change the hardisk? :shock: Really?
what problem can cause if I didn't Replace it?
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am

Unread postby random/random » October 13th, 2007, 1:19 pm

A harddrive stores all your data, programs, etc

So when it fails, you lose anything that you had on it

Since that includes the OS, the PC won't boot until you replace the harddrive and reinstall the OS
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby Dangica » October 16th, 2007, 1:45 am

OIC... :)
Thanks a lot anyway for your help.. :) :) :)
Dangica
Active Member
 
Posts: 9
Joined: October 5th, 2007, 9:45 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware