Tech Support Forum - View Single Post

Buddha61 · 12-07-2008, 03:38 PM

I have tried 5 times to run the online scan. It keeps telling me I need java 1.5 or greater, and have went to the java site and downloaded the newest and it still won't run. Here are the other logs that you wanted.

Username "USER" - 12/07/2008 16:41:02 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.118;85.255.112.100 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06BDF105-39BE-4C1F-841C-FF59FDB7180A}
"nameserver"="85.255.113.118;85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}
"nameserver"="85.255.113.118;85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06BDF105-39BE-4C1F-841C-FF59FDB7180A}
"DhcpNameServer"="85.255.113.118;85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}
"DhcpNameServer"="85.255.113.118;85.255.112.100" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"NDSTray.exe"="NDSTray.exe"
"TPSMain"="TPSMain.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\DLACTRLW.exe"
"Pinger"="C:\\toshiba\\ivp\\ism\\pinger.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TFncKy"="TFncKy.exe"
"TDispVol"="TDispVol.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"Search Protection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"SysDriver32"="C:\\WINDOWS\\sys_32.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

ComboFix 08-12-06.06 - USER 2008-12-07 16:47:39.2 - NTFSx86

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt

FILE ::
c:\documents and settings\USER\~.exe
c:\windows\sys_32.exe
c:\windows\system32\dllcache\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\gmbfshfg.ini
c:\windows\system32\iskipkab.ini
c:\windows\system32\ivpphxpf.ini
c:\windows\system32\nbxgwxsj.ini
c:\windows\system32\ofoibfis.ini
c:\windows\system32\pcvbxcgk.ini
c:\windows\system32\qxnerquh.ini
c:\windows\system32\rlqagcwt.ini
c:\windows\system32\weitwrux.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\USER\~.exe
C:\resycled
c:\windows\sys_32.exe
c:\windows\system32\dllcache\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\gmbfshfg.ini
c:\windows\system32\iskipkab.ini
c:\windows\system32\ivpphxpf.ini
c:\windows\system32\nbxgwxsj.ini
c:\windows\system32\ofoibfis.ini
c:\windows\system32\pcvbxcgk.ini
c:\windows\system32\qxnerquh.ini
c:\windows\system32\rlqagcwt.ini
c:\windows\system32\weitwrux.ini
E:\autorun.inf
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 16:40 . 2008-12-07 16:44 <DIR> d-------- C:\fixwareout
2008-12-07 12:50 . 2008-12-07 12:50 250 --a------ c:\windows\gmer.ini
2008-12-05 18:01 . 2006-03-20 14:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-05 18:01 . 2006-03-20 14:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-05 18:01 . 2006-03-20 14:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-12-05 18:01 . 2006-05-15 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-12-05 18:01 . 2006-03-20 16:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-12-05 18:01 . 2006-05-15 13:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-12-05 18:01 . 2008-12-05 18:01 <DIR> d-------- c:\documents and settings\Administrator
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\program files\Lavasoft
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 16:48 . 2008-12-05 16:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-05 16:48 . 2008-12-05 19:54 <DIR> d-------- C:\hjt
2008-12-04 23:36 . 2008-12-07 13:43 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\alot
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\alot
2008-12-03 19:33 . 2008-10-16 17:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-29 20:11 . 2008-12-03 19:20 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 20:11 . 2008-11-29 20:11 1,409 --a------ c:\windows\QTFont.for
2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\documents and settings\USER\Application Data\Template
2008-11-29 18:41 . 2008-11-29 18:41 0 --a------ c:\documents and settings\USER\Application Data\wklnhst.dat
2008-11-29 14:38 . 2008-12-05 18:00 <DIR> d--hs---- c:\windows\VVNFUg
2008-11-29 12:53 . 2008-12-07 14:02 <DIR> d-------- c:\documents and settings\USER\Application Data\Twain
2008-11-29 11:53 . 2008-11-29 11:53 <DIR> d-------- c:\documents and settings\USER\Application Data\HP
2008-11-29 11:46 . 2008-11-29 11:46 <DIR> d-------- c:\documents and settings\USER\Application Data\HPAppData
2008-11-29 11:44 . 2008-11-29 11:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-29 11:42 . 2008-11-29 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-29 11:42 . 2007-10-30 04:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-29 11:42 . 2007-10-30 04:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-29 11:41 . 2007-11-08 09:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-29 11:41 . 2007-10-20 21:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-11-29 11:41 . 2007-10-30 04:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-29 11:40 . 2007-10-30 04:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-29 11:40 . 2007-10-30 04:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-29 11:40 . 2007-10-30 04:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-29 11:31 . 2008-11-29 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-29 11:28 . 2008-11-29 11:28 <DIR> d-------- c:\program files\Common Files\HP
2008-11-29 11:26 . 2008-11-29 11:31 <DIR> d-------- c:\program files\HP
2008-11-29 11:23 . 2008-11-29 11:44 157,428 --a------ c:\windows\hpoins27.dat
2008-11-29 11:23 . 2008-01-18 10:56 932 --------- c:\windows\hpomdl27.dat
2008-11-19 18:11 . 2008-11-19 18:16 <DIR> d-------- c:\program files\Disney Interactive
2008-11-19 18:10 . 2008-11-19 18:17 1,220 --a------ c:\windows\disney.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 23:56 --------- d-----w c:\program files\Google
2008-12-05 23:26 --------- d-----w c:\program files\TOSHIBA
2008-11-22 18:50 --------- d-----w c:\documents and settings\USER\Application Data\U3
2008-11-19 23:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 23:16 --------- d-----w c:\program files\QuickTime
2008-10-25 07:08 --------- d-----w c:\documents and settings\USER\Application Data\Yahoo!
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-08-08 00:36 0 ----a-w c:\program files\temp01
2007-07-24 03:01 1,589 ----a-w c:\program files\ALLTEL Internet Accelerator Client setup.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-19 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-03 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

c:\documents and settings\USER\Start Menu\Programs\Startup\
QuickLink Mobile.lnk - c:\program files\Alltel\QuickLink Mobile\QuickLink Mobile.exe [2007-06-26 1493144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-20 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SysDriver32 - c:\windows\sys_32.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: NameServer = 85.255.113.118;85.255.112.100
TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100

c:\windows\Downloaded Program Files\PogoWebLauncher.ocx - O16 -: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}
hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

c:\windows\Downloaded Program Files\PTGameLauncher.dll - O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260}
hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
c:\windows\Downloaded Program Files\PTGameLauncher.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:49:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpqltoiqh.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-07 16:50:49
ComboFix-quarantined-files.txt 2008-12-07 21:50:47
ComboFix2.txt 2008-12-07 19:25:08

Pre-Run: 42,531,819,520 bytes free
Post-Run: 42,506,780,672 bytes free

210 --- E O F --- 2008-11-13 17:37:14

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:35:48 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - S-1-5-21-4290049-839715340-908924317-1006 Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe (User '?')
O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/onlin...meLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12217 bytes

12-07-2008, 03:38 PM	#7 (permalink)
Buddha61 Registered User Join Date: Jan 2005 Posts: 75 OS: Win XP	Re: Trying To Clean Up A Computer, Need Help I have tried 5 times to run the online scan. It keeps telling me I need java 1.5 or greater, and have went to the java site and downloaded the newest and it still won't run. Here are the other logs that you wanted. Username "USER" - 12/07/2008 16:41:02 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.113.118;85.255.112.100 " <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06BDF105-39BE-4C1F-841C-FF59FDB7180A} "nameserver"="85.255.113.118;85.255.112.100" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1} "nameserver"="85.255.113.118;85.255.112.100" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06BDF105-39BE-4C1F-841C-FF59FDB7180A} "DhcpNameServer"="85.255.113.118;85.255.112.100" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1} "DhcpNameServer"="85.255.113.118;85.255.112.100" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "AGRSMMSG"="AGRSMMSG.exe" "NDSTray.exe"="NDSTray.exe" "TPSMain"="TPSMain.exe" "PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe" "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe" "dla"="C:\\WINDOWS\\system32\\dla\\DLACTRLW.exe" "Pinger"="C:\\toshiba\\ivp\\ism\\pinger.exe" "Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe" "TFncKy"="TFncKy.exe" "TDispVol"="TDispVol.exe" "RTHDCPL"="RTHDCPL.EXE" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1" "Search Protection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe" "SysDriver32"="C:\\WINDOWS\\sys_32.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ ComboFix 08-12-06.06 - USER 2008-12-07 16:47:39.2 - NTFSx86 Running from: c:\documents and settings\USER\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt FILE :: c:\documents and settings\USER\~.exe c:\windows\sys_32.exe c:\windows\system32\dllcache\usbccgp.sys c:\windows\system32\drivers\usbccgp.sys c:\windows\system32\gmbfshfg.ini c:\windows\system32\iskipkab.ini c:\windows\system32\ivpphxpf.ini c:\windows\system32\nbxgwxsj.ini c:\windows\system32\ofoibfis.ini c:\windows\system32\pcvbxcgk.ini c:\windows\system32\qxnerquh.ini c:\windows\system32\rlqagcwt.ini c:\windows\system32\weitwrux.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\USER\~.exe C:\resycled c:\windows\sys_32.exe c:\windows\system32\dllcache\usbccgp.sys c:\windows\system32\drivers\usbccgp.sys c:\windows\system32\gmbfshfg.ini c:\windows\system32\iskipkab.ini c:\windows\system32\ivpphxpf.ini c:\windows\system32\nbxgwxsj.ini c:\windows\system32\ofoibfis.ini c:\windows\system32\pcvbxcgk.ini c:\windows\system32\qxnerquh.ini c:\windows\system32\rlqagcwt.ini c:\windows\system32\weitwrux.ini E:\autorun.inf E:\resycled e:\resycled\boot.com . ((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 ))))))))))))))))))))))))))))))) . 2008-12-07 16:40 . 2008-12-07 16:44 <DIR> d-------- C:\fixwareout 2008-12-07 12:50 . 2008-12-07 12:50 250 --a------ c:\windows\gmer.ini 2008-12-05 18:01 . 2006-03-20 14:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-12-05 18:01 . 2006-03-20 14:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver 2008-12-05 18:01 . 2006-03-20 14:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba 2008-12-05 18:01 . 2006-05-15 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\McAfee.com Personal Firewall 2008-12-05 18:01 . 2006-03-20 16:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo 2008-12-05 18:01 . 2006-05-15 13:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL 2008-12-05 18:01 . 2008-12-05 18:01 <DIR> d-------- c:\documents and settings\Administrator 2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\program files\Lavasoft 2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-05 16:48 . 2008-12-05 16:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-05 16:48 . 2008-12-05 19:54 <DIR> d-------- C:\hjt 2008-12-04 23:36 . 2008-12-07 13:43 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys 2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\alot 2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo! 2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\alot 2008-12-03 19:33 . 2008-10-16 17:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-29 20:11 . 2008-12-03 19:20 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-29 20:11 . 2008-11-29 20:11 1,409 --a------ c:\windows\QTFont.for 2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\documents and settings\USER\Application Data\Template 2008-11-29 18:41 . 2008-11-29 18:41 0 --a------ c:\documents and settings\USER\Application Data\wklnhst.dat 2008-11-29 14:38 . 2008-12-05 18:00 <DIR> d--hs---- c:\windows\VVNFUg 2008-11-29 12:53 . 2008-12-07 14:02 <DIR> d-------- c:\documents and settings\USER\Application Data\Twain 2008-11-29 11:53 . 2008-11-29 11:53 <DIR> d-------- c:\documents and settings\USER\Application Data\HP 2008-11-29 11:46 . 2008-11-29 11:46 <DIR> d-------- c:\documents and settings\USER\Application Data\HPAppData 2008-11-29 11:44 . 2008-11-29 11:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG 2008-11-29 11:42 . 2008-11-29 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2008-11-29 11:42 . 2007-10-30 04:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys 2008-11-29 11:42 . 2007-10-30 04:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys 2008-11-29 11:41 . 2007-11-08 09:52 271,704 -ra------ c:\windows\system32\hpzids01.dll 2008-11-29 11:41 . 2007-10-20 21:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll 2008-11-29 11:41 . 2007-10-30 04:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys 2008-11-29 11:40 . 2007-10-30 04:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll 2008-11-29 11:40 . 2007-10-30 04:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll 2008-11-29 11:40 . 2007-10-30 04:11 303,104 -ra------ c:\windows\system32\hpovst15.dll 2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Hewlett-Packard 2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-11-29 11:31 . 2008-11-29 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP 2008-11-29 11:28 . 2008-11-29 11:28 <DIR> d-------- c:\program files\Common Files\HP 2008-11-29 11:26 . 2008-11-29 11:31 <DIR> d-------- c:\program files\HP 2008-11-29 11:23 . 2008-11-29 11:44 157,428 --a------ c:\windows\hpoins27.dat 2008-11-29 11:23 . 2008-01-18 10:56 932 --------- c:\windows\hpomdl27.dat 2008-11-19 18:11 . 2008-11-19 18:16 <DIR> d-------- c:\program files\Disney Interactive 2008-11-19 18:10 . 2008-11-19 18:17 1,220 --a------ c:\windows\disney.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-05 23:56 --------- d-----w c:\program files\Google 2008-12-05 23:26 --------- d-----w c:\program files\TOSHIBA 2008-11-22 18:50 --------- d-----w c:\documents and settings\USER\Application Data\U3 2008-11-19 23:16 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-19 23:16 --------- d-----w c:\program files\QuickTime 2008-10-25 07:08 --------- d-----w c:\documents and settings\USER\Application Data\Yahoo! 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-08-08 00:36 0 ----a-w c:\program files\temp01 2007-07-24 03:01 1,589 ----a-w c:\program files\ALLTEL Internet Accelerator Client setup.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 82012] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-19 98304] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-03 c:\windows\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [BU] "TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe] "TFncKy"="TFncKy.exe" [BU] "TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe] c:\documents and settings\USER\Start Menu\Programs\Startup\ QuickLink Mobile.lnk - c:\program files\Alltel\QuickLink Mobile\QuickLink Mobile.exe [2007-06-26 1493144] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-20 155648] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c: \Shell\Open\command - c:\resycled\boot.com c: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a Newly Created Service - CATCHME . - - - - ORPHANS REMOVED - - - - HKCU-Run-SysDriver32 - c:\windows\sys_32.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - TCP: NameServer = 85.255.113.118;85.255.112.100 TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100 c:\windows\Downloaded Program Files\PogoWebLauncher.ocx - O16 -: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB c:\windows\Downloaded Program Files\PTGameLauncher.dll - O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260} hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab c:\windows\Downloaded Program Files\PTGameLauncher.inf . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 16:49:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys] "imagepath"="\systemroot\system32\drivers\msqpdxpqltoiqh.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) c:\windows\system32\Ati2evxx.dll . Completion time: 2008-12-07 16:50:49 ComboFix-quarantined-files.txt 2008-12-07 21:50:47 ComboFix2.txt 2008-12-07 19:25:08 Pre-Run: 42,531,819,520 bytes free Post-Run: 42,506,780,672 bytes free 210 --- E O F --- 2008-11-13 17:37:14 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 5:35:48 PM, on 12/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\dla\DLACTRLW.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\hjt\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?') O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?') O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?') O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?') O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?') O4 - S-1-5-21-4290049-839715340-908924317-1006 Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe (User '?') O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/onlin...meLauncher.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}: NameServer = 85.255.113.118;85.255.112.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 12217 bytes