Tech Support Forum - View Single Post

threehundred · 08-10-2008, 02:45 PM

The .bat files were not created by the user. Also, the antivirus has expired. Since she will be renewing, which antivirus would you suggest? I am unable to find McAfee anywhere on the computer to adjust settings like firewall, etc. I do know it is there because it shows up in the windows security center.

Below are the two logs requested:

ComboFix 08-08-10.01 - Holly 2008-08-10 16:21:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.346 [GMT -4:00]
Running from: C:\Users\Holly\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\#SharedObjects\FRCTDF6G\interclick.com
C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\#SharedObjects\FRCTDF6G\interclick.com\ud.sol
C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\Holly\ctfmon.exe
C:\Users\Holly\svchost.exe
C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\#SharedObjects\6QDGRXES\interclick.com
C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\#SharedObjects\6QDGRXES\interclick.com\ud.sol
C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.

2008-08-04 22:06 . 2008-08-04 22:06 <DIR> d-------- C:\Deckard
2008-08-04 22:02 . 2008-08-04 22:02 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-04 21:55 . 2008-08-04 21:55 <DIR> d-------- C:\Users\All Users\TEMP
2008-08-04 21:55 . 2008-08-04 21:55 <DIR> d-------- C:\ProgramData\TEMP
2008-08-04 21:55 . 2008-08-04 21:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-04 17:06 . 2008-08-04 17:06 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-08-04 17:06 . 2008-08-04 17:06 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-08-04 17:06 . 2008-08-04 17:06 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-08-04 17:05 . 2008-08-04 17:05 2,923,520 --a------ C:\Windows\explorer.exe
2008-08-04 17:05 . 2008-08-04 17:05 714,240 --a------ C:\Windows\System32\timedate.cpl
2008-08-04 17:05 . 2008-08-04 17:05 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2008-08-04 17:05 . 2008-08-04 17:05 542,720 --a------ C:\Windows\System32\sysmain.dll
2008-08-04 17:05 . 2008-08-04 17:05 258,232 --a------ C:\Windows\System32\drivers\acpi.sys
2008-08-04 17:05 . 2008-08-04 17:05 28,344 --a------ C:\Windows\System32\drivers\battc.sys
2008-08-04 17:05 . 2008-08-04 17:05 24,064 --a------ C:\Windows\System32\wtsapi32.dll
2008-08-04 17:05 . 2008-08-04 17:05 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys
2008-08-04 17:05 . 2008-08-04 17:05 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys
2008-08-04 17:04 . 2008-08-04 17:05 1,655,289 --a------ C:\Windows\System32\wlan.tmf
2008-08-04 17:04 . 2008-08-04 17:04 502,784 --a------ C:\Windows\System32\wlansvc.dll
2008-08-04 17:04 . 2008-08-04 17:04 297,984 --a------ C:\Windows\System32\wlansec.dll
2008-08-04 17:04 . 2008-08-04 17:04 290,816 --a------ C:\Windows\System32\wlanmsm.dll
2008-08-04 17:04 . 2008-08-04 17:04 67,584 --a------ C:\Windows\System32\wlanhlp.dll
2008-08-04 17:04 . 2008-08-04 17:04 47,104 --a------ C:\Windows\System32\wlanapi.dll
2008-08-04 17:03 . 2008-08-04 17:03 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-08-04 17:03 . 2008-08-04 17:03 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-08-04 17:02 . 2008-08-04 17:02 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-08-04 17:02 . 2008-08-04 17:02 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-08-04 16:55 . 2008-08-04 16:56 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-08-04 16:55 . 2008-08-04 16:55 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-08-04 16:55 . 2008-08-04 16:55 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-08-04 16:54 . 2008-08-04 16:54 414,208 --a------ C:\Windows\System32\msscp.dll
2008-08-04 16:53 . 2008-08-04 16:53 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-08-04 16:53 . 2008-08-04 16:53 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-08-04 16:53 . 2008-08-04 16:53 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-08-04 16:53 . 2008-08-04 16:53 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-08-04 16:53 . 2008-08-04 16:53 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-08-04 16:52 . 2008-08-04 16:52 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-08-04 16:52 . 2008-08-04 16:52 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-08-04 16:52 . 2008-08-04 16:52 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-08-04 16:52 . 2008-08-04 16:52 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-08-04 16:52 . 2008-08-04 16:52 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-08-04 16:52 . 2008-08-04 16:52 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-08-04 16:52 . 2008-08-04 16:52 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-08-04 16:52 . 2008-08-04 16:52 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-08-04 16:52 . 2008-08-04 16:52 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-08-04 16:50 . 2008-08-04 16:50 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-04 16:50 . 2008-08-04 16:50 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-08-04 16:50 . 2008-08-04 16:50 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-08-04 16:50 . 2008-08-04 16:50 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-08-04 16:50 . 2008-08-04 16:50 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-08-04 16:50 . 2008-08-04 16:50 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-08-04 16:50 . 2008-08-04 16:50 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-08-04 16:50 . 2008-08-04 16:50 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-08-04 16:49 . 2008-08-04 16:49 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-08-04 16:49 . 2008-08-04 16:49 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-08-04 16:49 . 2008-08-04 16:49 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-08-04 16:49 . 2008-08-04 16:49 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-08-04 16:49 . 2008-08-04 16:49 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-08-04 16:49 . 2008-08-04 16:49 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2008-08-04 16:49 . 2008-08-04 16:49 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-08-04 16:49 . 2008-08-04 16:49 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-08-04 16:49 . 2008-08-04 16:49 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-08-04 16:49 . 2008-08-04 16:49 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-08-04 16:47 . 2008-08-04 16:47 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-08-04 16:47 . 2008-08-04 16:47 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-08-04 16:47 . 2008-08-04 16:47 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-08-04 16:47 . 2008-08-04 16:47 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-08-04 16:47 . 2008-08-04 16:47 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-08-04 16:45 . 2008-08-04 16:45 9,845,248 --a------ C:\Windows\System32\NlsData000a.dll
2008-08-04 16:45 . 2008-08-04 16:45 6,917,120 --a------ C:\Windows\System32\NlsLexicons0c1a.dll
2008-08-04 16:45 . 2008-08-04 16:45 4,493,312 --a------ C:\Windows\System32\NlsData0816.dll
2008-08-04 16:45 . 2008-08-04 16:45 4,493,312 --a------ C:\Windows\System32\NlsData0416.dll
2008-08-04 16:45 . 2008-08-04 16:45 4,493,312 --a------ C:\Windows\System32\NlsData0414.dll
2008-08-04 16:45 . 2008-08-04 16:45 2,641,408 --a------ C:\Windows\System32\NlsData000c.dll
2008-08-04 16:45 . 2008-08-04 16:45 2,340,864 --a------ C:\Windows\System32\NlsData000d.dll
2008-08-04 16:45 . 2008-08-04 16:45 1,963,520 --a------ C:\Windows\System32\NlsData0c1a.dll
2008-08-04 16:45 . 2008-08-04 16:45 1,963,520 --a------ C:\Windows\System32\NlsData081a.dll
2008-08-04 16:45 . 2008-08-04 16:45 1,963,520 --a------ C:\Windows\System32\NlsData000f.dll
2008-08-04 16:45 . 2008-08-04 16:45 797,696 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-04 16:40 . 2008-08-04 16:40 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-08-04 16:37 . 2008-08-04 16:37 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2008-08-04 16:37 . 2008-08-04 16:37 13,312 --a------ C:\Windows\System32\drivers\sffdisk.sys
2008-08-04 16:37 . 2008-08-04 16:37 12,800 --a------ C:\Windows\System32\drivers\sffp_sd.sys
2008-08-04 16:36 . 2008-08-04 16:36 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-08-04 16:35 . 2008-08-04 16:35 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-08-04 16:35 . 2008-08-04 16:35 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-08-04 16:35 . 2008-08-04 16:35 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-08-04 16:35 . 2008-08-04 16:35 2,048 --a------ C:\Windows\System32\asferror.dll
2008-08-04 16:34 . 2008-08-04 16:34 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-08-04 16:34 . 2008-08-04 16:34 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-08-04 16:34 . 2008-08-04 16:34 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-08-04 16:34 . 2008-08-04 16:34 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-08-04 16:34 . 2008-08-04 16:34 223,232 --a------ C:\Windows\System32\SLC.dll
2008-08-04 16:34 . 2008-08-04 16:34 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-08-04 16:34 . 2008-08-04 16:34 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-08-04 16:34 . 2008-08-04 16:34 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-08-04 16:34 . 2008-08-04 16:34 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-08-04 16:33 . 2008-08-04 16:33 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-08-04 16:33 . 2008-08-04 16:33 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-08-04 16:30 . 2008-08-04 16:30 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-04 16:30 . 2008-08-04 16:30 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-08-04 16:30 . 2008-08-04 16:30 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-04 16:30 . 2008-08-04 16:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-08-04 16:29 . 2008-08-04 16:29 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-08-04 16:28 . 2008-08-04 16:28 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-08-04 16:28 . 2008-08-04 16:28 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-08-04 16:27 . 2008-08-04 16:27 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-08-04 16:27 . 2008-08-04 16:27 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-08-04 16:25 . 2008-08-04 16:25 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-08-04 16:25 . 2008-08-04 16:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-08-04 16:25 . 2008-08-04 16:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-08-04 16:25 . 2008-08-04 16:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-08-04 16:25 . 2008-08-04 16:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-08-04 16:24 . 2008-08-04 16:24 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-08-04 16:24 . 2008-08-04 16:24 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-08-04 16:24 . 2008-08-04 16:24 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-08-04 16:24 . 2008-08-04 16:24 5,120 --a------ C:\Windows\System32\wmi.dll
2008-08-04 16:19 . 2008-08-04 16:19 633,856 --a------ C:\Windows\System32\user32.dll
2008-08-04 16:19 . 2008-08-04 16:19 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-04 16:17 . 2008-08-04 16:17 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-08-04 15:16 . 2008-08-04 15:16 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-08-04 15:16 . 2008-08-04 15:16 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-08-04 15:16 . 2008-08-04 15:16 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-08-04 15:16 . 2008-08-04 15:16 43,352 --a------ C:\Windows\System32\wups2.dll
2008-08-04 15:15 . 2008-08-04 15:15 549,720 --a------ C:\Windows\System32\wuapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 03:02 147,456 ----a-w C:\Users\Holly\vbzip10.dll
2008-08-05 03:02 --------- d-----w C:\Users\Holly\AppData\Roaming\LimeWire
2008-08-05 02:54 174 --sha-w C:\Program Files\desktop.ini
2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Mail
2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Defender
2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Calendar
2008-08-04 20:46 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-08-04 20:39 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-04 20:31 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-08-04 20:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-08-04 20:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-08-04 20:28 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-08-04 20:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-08-04 20:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-08-04 20:21 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-08-04 20:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-08-04 20:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-08-04 20:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-08-02 16:52 --------- d-----w C:\Program Files\LimeWire
2008-07-30 02:18 --------- d-----w C:\Users\Holly\AppData\Roaming\Move Networks
2008-07-30 02:18 --------- d-----w C:\Program Files\Yahoo!
2008-07-30 02:18 --------- d-----w C:\Program Files\Internet Offers
2008-07-30 02:18 --------- d-----w C:\Program Files\illiminable
2008-07-30 02:18 --------- d-----w C:\Program Files\Google
2008-07-30 02:18 --------- d-----w C:\Program Files\dvdSanta
2008-07-30 02:18 --------- d-----w C:\Program Files\DivX
2008-07-30 02:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-07-30 02:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-29 00:44 --------- d-----w C:\ProgramData\YAHOO
2008-07-26 00:45 --------- d-----w C:\Users\Rett\AppData\Roaming\LimeWire
2008-07-21 01:41 --------- d-----w C:\Users\Malorie\AppData\Roaming\LimeWire
2008-07-09 01:11 511 ----a-w C:\Users\Holly\977.bat
2008-07-06 12:28 510 ----a-w C:\Users\Holly\72.bat
2008-07-03 20:12 511 ----a-w C:\Users\Holly\213.bat
2008-01-29 23:39 74 ----a-w C:\Users\Holly\n.bat
2007-12-23 05:10 278,538 ----a-w C:\Users\Holly\Setup.exe
2007-05-24 01:14 262,144 ----a-w C:\ProgramData\ntuser.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 17:22 417792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 23:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 23:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 23:13 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 16:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 05:41 188416]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 11:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 19:06 421888]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 20:14 34352]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 08:34 176128]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 13:57 3784704 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]

C:\Users\Malorie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 14:46:56 147456]

C:\Users\Rett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 14:46:56 147456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 05:15:54 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{C116E19A-60C0-47F9-9BAB-6C6BDEF5E836}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{09557353-EFED-4298-969C-3C4C6C8EA901}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{324F5534-C43A-436A-86BA-0C03D963A787}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E2A9832-E68C-4705-A52B-17DC1BF8AAF4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E0DBAB60-E7BB-45D0-AD3A-9408E83A63CB}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E0A1D70A-3A58-4566-B004-8C8C889E7BEB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 09:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 09:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 09:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655b8bb4-375e-11dc-be07-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe
\shell\readme\command - notepad readme.txt
\shell\Setup\command - D:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac1c6111-5b12-11dc-aa8f-001b381ccf47}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Host Process - C:\Users\Holly\svchost.exe
HKCU-Run-LSA Shellu - C:\Users\Holly\lsass.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\9qs3b3m9.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 16:26:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????q??R??????^?8?^?p?^???^???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-10 16:28:37
ComboFix-quarantined-files.txt 2008-08-10 20:28:33

Pre-Run: 41,113,829,376 bytes free
Post-Run: 41,352,093,696 bytes free

280 --- E O F --- 2008-08-08 05:38:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:11 PM, on 8/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6716 bytes

08-10-2008, 02:45 PM	#4 (permalink)
threehundred Registered User Join Date: Nov 2007 Posts: 13 OS: Win XP Service Pack 2	Re: Possible Vundo Infection The .bat files were not created by the user. Also, the antivirus has expired. Since she will be renewing, which antivirus would you suggest? I am unable to find McAfee anywhere on the computer to adjust settings like firewall, etc. I do know it is there because it shows up in the windows security center. Below are the two logs requested: ComboFix 08-08-10.01 - Holly 2008-08-10 16:21:49.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.346 [GMT -4:00] Running from: C:\Users\Holly\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\#SharedObjects\FRCTDF6G\interclick.com C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\#SharedObjects\FRCTDF6G\interclick.com\ud.sol C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Users\Holly\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Users\Holly\ctfmon.exe C:\Users\Holly\svchost.exe C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\#SharedObjects\6QDGRXES\interclick.com C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\#SharedObjects\6QDGRXES\interclick.com\ud.sol C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Users\Rett\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol . ((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 ))))))))))))))))))))))))))))))) . 2008-08-04 22:06 . 2008-08-04 22:06 <DIR> d-------- C:\Deckard 2008-08-04 22:02 . 2008-08-04 22:02 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-08-04 21:55 . 2008-08-04 21:55 <DIR> d-------- C:\Users\All Users\TEMP 2008-08-04 21:55 . 2008-08-04 21:55 <DIR> d-------- C:\ProgramData\TEMP 2008-08-04 21:55 . 2008-08-04 21:55 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-08-04 17:06 . 2008-08-04 17:06 205,824 --a------ C:\Windows\System32\msoeacct.dll 2008-08-04 17:06 . 2008-08-04 17:06 87,040 --a------ C:\Windows\System32\msoert2.dll 2008-08-04 17:06 . 2008-08-04 17:06 39,424 --a------ C:\Windows\System32\ACCTRES.dll 2008-08-04 17:05 . 2008-08-04 17:05 2,923,520 --a------ C:\Windows\explorer.exe 2008-08-04 17:05 . 2008-08-04 17:05 714,240 --a------ C:\Windows\System32\timedate.cpl 2008-08-04 17:05 . 2008-08-04 17:05 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr 2008-08-04 17:05 . 2008-08-04 17:05 542,720 --a------ C:\Windows\System32\sysmain.dll 2008-08-04 17:05 . 2008-08-04 17:05 258,232 --a------ C:\Windows\System32\drivers\acpi.sys 2008-08-04 17:05 . 2008-08-04 17:05 28,344 --a------ C:\Windows\System32\drivers\battc.sys 2008-08-04 17:05 . 2008-08-04 17:05 24,064 --a------ C:\Windows\System32\wtsapi32.dll 2008-08-04 17:05 . 2008-08-04 17:05 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys 2008-08-04 17:05 . 2008-08-04 17:05 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys 2008-08-04 17:04 . 2008-08-04 17:05 1,655,289 --a------ C:\Windows\System32\wlan.tmf 2008-08-04 17:04 . 2008-08-04 17:04 502,784 --a------ C:\Windows\System32\wlansvc.dll 2008-08-04 17:04 . 2008-08-04 17:04 297,984 --a------ C:\Windows\System32\wlansec.dll 2008-08-04 17:04 . 2008-08-04 17:04 290,816 --a------ C:\Windows\System32\wlanmsm.dll 2008-08-04 17:04 . 2008-08-04 17:04 67,584 --a------ C:\Windows\System32\wlanhlp.dll 2008-08-04 17:04 . 2008-08-04 17:04 47,104 --a------ C:\Windows\System32\wlanapi.dll 2008-08-04 17:03 . 2008-08-04 17:03 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-08-04 17:03 . 2008-08-04 17:03 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-08-04 17:02 . 2008-08-04 17:02 376,320 --a------ C:\Windows\System32\winsrv.dll 2008-08-04 17:02 . 2008-08-04 17:02 49,664 --a------ C:\Windows\System32\csrsrv.dll 2008-08-04 16:55 . 2008-08-04 16:56 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-08-04 16:55 . 2008-08-04 16:55 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-08-04 16:55 . 2008-08-04 16:55 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-08-04 16:54 . 2008-08-04 16:54 414,208 --a------ C:\Windows\System32\msscp.dll 2008-08-04 16:53 . 2008-08-04 16:53 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-08-04 16:53 . 2008-08-04 16:53 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-08-04 16:53 . 2008-08-04 16:53 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-08-04 16:53 . 2008-08-04 16:53 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-08-04 16:53 . 2008-08-04 16:53 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-08-04 16:52 . 2008-08-04 16:52 396,800 --a------ C:\Windows\System32\MPSSVC.dll 2008-08-04 16:52 . 2008-08-04 16:52 392,192 --a------ C:\Windows\System32\FirewallAPI.dll 2008-08-04 16:52 . 2008-08-04 16:52 178,688 --a------ C:\Windows\System32\iphlpsvc.dll 2008-08-04 16:52 . 2008-08-04 16:52 86,016 --a------ C:\Windows\System32\icfupgd.dll 2008-08-04 16:52 . 2008-08-04 16:52 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys 2008-08-04 16:52 . 2008-08-04 16:52 61,952 --a------ C:\Windows\System32\cmifw.dll 2008-08-04 16:52 . 2008-08-04 16:52 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys 2008-08-04 16:52 . 2008-08-04 16:52 16,896 --a------ C:\Windows\System32\wfapigp.dll 2008-08-04 16:52 . 2008-08-04 16:52 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS 2008-08-04 16:50 . 2008-08-04 16:50 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-08-04 16:50 . 2008-08-04 16:50 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-08-04 16:50 . 2008-08-04 16:50 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-08-04 16:50 . 2008-08-04 16:50 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-08-04 16:50 . 2008-08-04 16:50 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-08-04 16:50 . 2008-08-04 16:50 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-08-04 16:50 . 2008-08-04 16:50 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-08-04 16:50 . 2008-08-04 16:50 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-08-04 16:49 . 2008-08-04 16:49 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2008-08-04 16:49 . 2008-08-04 16:49 224,768 --a------ C:\Windows\System32\drivers\usbport.sys 2008-08-04 16:49 . 2008-08-04 16:49 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys 2008-08-04 16:49 . 2008-08-04 16:49 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys 2008-08-04 16:49 . 2008-08-04 16:49 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys 2008-08-04 16:49 . 2008-08-04 16:49 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys 2008-08-04 16:49 . 2008-08-04 16:49 8,704 --a------ C:\Windows\System32\hcrstco.dll 2008-08-04 16:49 . 2008-08-04 16:49 8,704 --a------ C:\Windows\System32\hccoin.dll 2008-08-04 16:49 . 2008-08-04 16:49 5,888 --a------ C:\Windows\System32\drivers\usbd.sys 2008-08-04 16:49 . 2008-08-04 16:49 2,048 --a------ C:\Windows\System32\msxml3r.dll 2008-08-04 16:47 . 2008-08-04 16:47 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-08-04 16:47 . 2008-08-04 16:47 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-08-04 16:47 . 2008-08-04 16:47 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-08-04 16:47 . 2008-08-04 16:47 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-08-04 16:47 . 2008-08-04 16:47 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-08-04 16:45 . 2008-08-04 16:45 9,845,248 --a------ C:\Windows\System32\NlsData000a.dll 2008-08-04 16:45 . 2008-08-04 16:45 6,917,120 --a------ C:\Windows\System32\NlsLexicons0c1a.dll 2008-08-04 16:45 . 2008-08-04 16:45 4,493,312 --a------ C:\Windows\System32\NlsData0816.dll 2008-08-04 16:45 . 2008-08-04 16:45 4,493,312 --a------ C:\Windows\System32\NlsData0416.dll 2008-08-04 16:45 . 2008-08-04 16:45 4,493,312 --a------ C:\Windows\System32\NlsData0414.dll 2008-08-04 16:45 . 2008-08-04 16:45 2,641,408 --a------ C:\Windows\System32\NlsData000c.dll 2008-08-04 16:45 . 2008-08-04 16:45 2,340,864 --a------ C:\Windows\System32\NlsData000d.dll 2008-08-04 16:45 . 2008-08-04 16:45 1,963,520 --a------ C:\Windows\System32\NlsData0c1a.dll 2008-08-04 16:45 . 2008-08-04 16:45 1,963,520 --a------ C:\Windows\System32\NlsData081a.dll 2008-08-04 16:45 . 2008-08-04 16:45 1,963,520 --a------ C:\Windows\System32\NlsData000f.dll 2008-08-04 16:45 . 2008-08-04 16:45 797,696 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-08-04 16:40 . 2008-08-04 16:40 1,585,664 --a------ C:\Windows\System32\setupapi.dll 2008-08-04 16:37 . 2008-08-04 16:37 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys 2008-08-04 16:37 . 2008-08-04 16:37 13,312 --a------ C:\Windows\System32\drivers\sffdisk.sys 2008-08-04 16:37 . 2008-08-04 16:37 12,800 --a------ C:\Windows\System32\drivers\sffp_sd.sys 2008-08-04 16:36 . 2008-08-04 16:36 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-08-04 16:35 . 2008-08-04 16:35 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-08-04 16:35 . 2008-08-04 16:35 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-08-04 16:35 . 2008-08-04 16:35 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-08-04 16:35 . 2008-08-04 16:35 2,048 --a------ C:\Windows\System32\asferror.dll 2008-08-04 16:34 . 2008-08-04 16:34 2,605,568 --a------ C:\Windows\System32\SLsvc.exe 2008-08-04 16:34 . 2008-08-04 16:34 566,784 --a------ C:\Windows\System32\SLCommDlg.dll 2008-08-04 16:34 . 2008-08-04 16:34 351,232 --a------ C:\Windows\System32\SLUI.exe 2008-08-04 16:34 . 2008-08-04 16:34 268,288 --a------ C:\Windows\System32\mcbuilder.exe 2008-08-04 16:34 . 2008-08-04 16:34 223,232 --a------ C:\Windows\System32\SLC.dll 2008-08-04 16:34 . 2008-08-04 16:34 186,368 --a------ C:\Windows\System32\SLLUA.exe 2008-08-04 16:34 . 2008-08-04 16:34 57,856 --a------ C:\Windows\System32\SLUINotify.dll 2008-08-04 16:34 . 2008-08-04 16:34 39,936 --a------ C:\Windows\System32\slcinst.dll 2008-08-04 16:34 . 2008-08-04 16:34 33,280 --a------ C:\Windows\System32\slwmi.dll 2008-08-04 16:33 . 2008-08-04 16:33 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-08-04 16:33 . 2008-08-04 16:33 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-08-04 16:30 . 2008-08-04 16:30 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-08-04 16:30 . 2008-08-04 16:30 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-08-04 16:30 . 2008-08-04 16:30 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-08-04 16:30 . 2008-08-04 16:30 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-08-04 16:29 . 2008-08-04 16:29 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-08-04 16:28 . 2008-08-04 16:28 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-08-04 16:28 . 2008-08-04 16:28 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-08-04 16:27 . 2008-08-04 16:27 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-08-04 16:27 . 2008-08-04 16:27 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-08-04 16:25 . 2008-08-04 16:25 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2008-08-04 16:25 . 2008-08-04 16:25 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-08-04 16:25 . 2008-08-04 16:25 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-08-04 16:25 . 2008-08-04 16:25 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-08-04 16:25 . 2008-08-04 16:25 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-08-04 16:24 . 2008-08-04 16:24 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-08-04 16:24 . 2008-08-04 16:24 152,576 --a------ C:\Windows\System32\imagehlp.dll 2008-08-04 16:24 . 2008-08-04 16:24 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys 2008-08-04 16:24 . 2008-08-04 16:24 5,120 --a------ C:\Windows\System32\wmi.dll 2008-08-04 16:19 . 2008-08-04 16:19 633,856 --a------ C:\Windows\System32\user32.dll 2008-08-04 16:19 . 2008-08-04 16:19 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-04 16:17 . 2008-08-04 16:17 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-08-04 15:16 . 2008-08-04 15:16 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-08-04 15:16 . 2008-08-04 15:16 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-08-04 15:16 . 2008-08-04 15:16 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-08-04 15:16 . 2008-08-04 15:16 43,352 --a------ C:\Windows\System32\wups2.dll 2008-08-04 15:15 . 2008-08-04 15:15 549,720 --a------ C:\Windows\System32\wuapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-05 03:02 147,456 ----a-w C:\Users\Holly\vbzip10.dll 2008-08-05 03:02 --------- d-----w C:\Users\Holly\AppData\Roaming\LimeWire 2008-08-05 02:54 174 --sha-w C:\Program Files\desktop.ini 2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Mail 2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Defender 2008-08-05 02:49 --------- d-----w C:\Program Files\Windows Calendar 2008-08-04 20:46 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-08-04 20:39 944,184 ----a-w C:\Windows\System32\winload.exe 2008-08-04 20:31 88,576 ----a-w C:\Windows\System32\avifil32.dll 2008-08-04 20:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-08-04 20:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-08-04 20:28 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-08-04 20:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-08-04 20:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-08-04 20:21 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-08-04 20:21 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-08-04 20:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-08-04 20:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-08-02 16:52 --------- d-----w C:\Program Files\LimeWire 2008-07-30 02:18 --------- d-----w C:\Users\Holly\AppData\Roaming\Move Networks 2008-07-30 02:18 --------- d-----w C:\Program Files\Yahoo! 2008-07-30 02:18 --------- d-----w C:\Program Files\Internet Offers 2008-07-30 02:18 --------- d-----w C:\Program Files\illiminable 2008-07-30 02:18 --------- d-----w C:\Program Files\Google 2008-07-30 02:18 --------- d-----w C:\Program Files\dvdSanta 2008-07-30 02:18 --------- d-----w C:\Program Files\DivX 2008-07-30 02:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-07-30 02:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-07-29 00:44 --------- d-----w C:\ProgramData\YAHOO 2008-07-26 00:45 --------- d-----w C:\Users\Rett\AppData\Roaming\LimeWire 2008-07-21 01:41 --------- d-----w C:\Users\Malorie\AppData\Roaming\LimeWire 2008-07-09 01:11 511 ----a-w C:\Users\Holly\977.bat 2008-07-06 12:28 510 ----a-w C:\Users\Holly\72.bat 2008-07-03 20:12 511 ----a-w C:\Users\Holly\213.bat 2008-01-29 23:39 74 ----a-w C:\Users\Holly\n.bat 2007-12-23 05:10 278,538 ----a-w C:\Users\Holly\Setup.exe 2007-05-24 01:14 262,144 ----a-w C:\ProgramData\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 17:22 417792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 23:14 98304] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 23:17 106496] "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 23:13 81920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 16:50 815104] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 05:41 188416] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 11:06 413696] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 19:06 421888] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 20:14 34352] "Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104] "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 08:34 176128] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 13:57 3784704 C:\Windows\RtHDVCpl.exe] "NDSTray.exe"="NDSTray.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968] C:\Users\Malorie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 14:46:56 147456] C:\Users\Rett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-18 14:46:56 147456] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 05:15:54 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{C116E19A-60C0-47F9-9BAB-6C6BDEF5E836}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox "{09557353-EFED-4298-969C-3C4C6C8EA901}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox "{324F5534-C43A-436A-86BA-0C03D963A787}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6E2A9832-E68C-4705-A52B-17DC1BF8AAF4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E0DBAB60-E7BB-45D0-AD3A-9408E83A63CB}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{E0A1D70A-3A58-4566-B004-8C8C889E7BEB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe::Enabled:NIE - Toshiba Software Upgrades Engine "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe::Enabled:Toshiba Software Upgrades Pinger R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 09:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 09:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 09:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655b8bb4-375e-11dc-be07-806e6f6e6963}] \shell\AutoRun\command - D:\autorun.exe \shell\readme\command - notepad readme.txt \shell\Setup\command - D:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac1c6111-5b12-11dc-aa8f-001b381ccf47}] \shell\AutoRun\command - F:\LaunchU3.exe -a Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-Host Process - C:\Users\Holly\svchost.exe HKCU-Run-LSA Shellu - C:\Users\Holly\lsass.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\9qs3b3m9.default\ ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-10 16:26:21 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????q??R??????^?8?^?p?^???^??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-10 16:28:37 ComboFix-quarantined-files.txt 2008-08-10 20:28:33 Pre-Run: 41,113,829,376 bytes free Post-Run: 41,352,093,696 bytes free 280 --- E O F --- 2008-08-08 05:38:28 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:35:11 PM, on 8/10/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Toshiba\Utilities\KeNotify.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6716 bytes