Hi, sent wrong files, please instead review the revised files that I re-ran after I had tried to remove the malware on my own (didnt work). See below (revised DDS) and the combofix logs. I have also attached the GMER file and the other DDS that is required for your analysis. Please disregard earlier log and files sent, since they were run before I had tried to remove the malware.
Thank you in advance for your support;
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jeff at 9:17:15.22 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1886 [GMT -7:00]
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with AntiSpyware *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jeff\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ITSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: musclemagfitness.com\www
Trusted Zone: ning.com\
www.musclemagfitness
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\fvk4e9mu.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm319YYUS&fl=0&ptb=9FEHU99BA9b1Pzi2FBDZQQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&si=39329&searchfor=
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
=============== Created Last 30 ================
2009-07-06 09:07 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-06 08:05 161,792 a------- c:\windows\SWREG.exe
2009-07-06 08:05 155,136 a------- c:\windows\PEV.exe
2009-07-06 08:05 98,816 a------- c:\windows\sed.exe
2009-07-06 08:04 <DIR> --ds---- C:\ComboFixx
2009-07-06 05:17 <DIR> --d----- c:\program files\Exterminate It!
2009-07-06 00:24 1,538,928 a------- c:\windows\WRSetup.dll
2009-07-06 00:24 <DIR> --d----- c:\users\jeff\appdata\roaming\Webroot
2009-07-06 00:24 <DIR> --d----- c:\programdata\Webroot
2009-07-06 00:24 <DIR> --d----- c:\program files\Webroot
2009-07-06 00:24 <DIR> --d----- c:\progra~2\Webroot
2009-07-06 00:20 164 a------- c:\windows\install.dat
2009-07-06 00:16 156,160 a------- c:\windows\system32\msls31.dll
2009-06-12 20:17 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-12 20:17 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-12 20:17 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-12 20:17 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-12 20:17 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-10 22:17 <DIR> --d----- c:\users\jeff\Tracing
2009-06-10 22:06 <DIR> --d----- c:\program files\Microsoft
2009-06-10 22:06 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-10 22:03 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-10 18:11 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 18:11 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 18:11 784,896 a------- c:\windows\system32\rpcrt4.dll
==================== Find3M ====================
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-02-28 23:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-28 23:24 86,016 a------- c:\windows\inf\infstor.dat
2009-02-28 23:24 51,200 a------- c:\windows\inf\infpub.dat
2009-02-17 00:59 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-17 00:59 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-14 12:49 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
============= FINISH: 9:25:00.90 ===============
The following is the combofix log
ComboFix 09-07-05.04 - Jeff 07/06/2009 8:14:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1621 [GMT -7:00]
Running from: C:\Users\Jeff\Desktop\ComboFixx.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
SP: Webroot AntiVirus with AntiSpyware *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-367273667-519061559-2108718722-500
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files\Uninstall Fun Web Products.dll
C:\Users\Jeff\AppData\Local\Temp\RarSFX0\FI.exe
C:\Users\Jeff\AppData\Local\Temp\RarSFX1\FI.exe
C:\WINDOWS\Installer\WMEncoder.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.
2009-07-06 12:17:29 . 2009-07-06 14:07:12 0 d-----w- C:\Program Files\Exterminate It!
2009-07-06 07:24:45 . 2009-07-06 07:42:45 0 d-----w- C:\Program Files\Webroot
2009-07-06 07:24:45 . 2009-07-06 07:24:45 0 d-----w- C:\Users\Jeff\AppData\Roaming\Webroot
2009-07-06 07:24:45 . 2009-07-06 07:24:45 0 d-----w- C:\ProgramData\Webroot
2009-07-06 07:24:45 . 2008-08-09 23:04:56 1538928 ----a-w- C:\Windows\WRSetup.dll
2009-07-06 07:20:59 . 2009-07-06 07:21:02 164 ----a-w- C:\Windows\install.dat
2009-07-06 07:17:17 . 2009-05-09 05:34:34 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-06 07:17:16 . 2009-05-09 05:50:28 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-06-27 02:41:59 . 2009-06-27 02:41:59 746744 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-13 03:17:27 . 2009-04-30 12:37:57 293376 ----a-w- C:\Windows\system32\psisdecd.dll
2009-06-13 03:17:27 . 2009-04-30 12:37:48 428544 ----a-w- C:\Windows\system32\EncDec.dll
2009-06-11 05:17:23 . 2009-07-06 08:21:00 0 d-----w- C:\Users\Jeff\Tracing
2009-06-11 05
29 . 2009-06-11 05
29 0 d-----w- C:\Program Files\Microsoft
2009-06-11 05
16 . 2009-06-11 05
16 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-06-11 05
00 . 2009-06-11 05
25 0 d-----w- C:\Program Files\Windows Live
2009-06-11 05:03:16 . 2009-06-11 05:03:16 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-06-11 01:11:02 . 2009-04-21 11:55:06 2033152 ----a-w- C:\Windows\system32\win32k.sys
2009-06-11 01:11:01 . 2009-04-23 12:42:53 636928 ----a-w- C:\Windows\system32\localspl.dll
2009-06-11 01:11:00 . 2009-04-23 12:43:04 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-06-08 06:56:50 . 2009-06-08 06:56:49 456304 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtb7E29.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 14:08:25 . 2008-08-14 19:00:38 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-06 14:08:25 . 2008-08-14 18:25:11 0 d-----w- C:\Program Files\Toshiba
2009-07-06 07:33:30 . 2009-02-16 21:00:55 112408 ----a-w- C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-06 07:24:34 . 2009-02-16 18:09:26 0 d-----w- C:\ProgramData\Microsoft Help
2009-07-06 07:21:23 . 2009-03-01 09:50:17 0 d-----w- C:\Program Files\Microsoft Works
2009-07-03 22:02:38 . 2009-02-17 07:57:42 0 d-----w- C:\Users\Jeff\AppData\Roaming\Skype
2009-07-03 18:22:03 . 2009-02-17 07:59:39 0 d-----w- C:\Users\Jeff\AppData\Roaming\skypePM
2009-06-05 07:36:51 . 2009-05-08 01:34:01 0 d-----w- C:\Program Files\Windows Live Safety Center
2009-05-29 23:53:25 . 2008-08-14 19:41:29 0 d-----w- C:\Program Files\Picasa3
2009-05-22 22:33:22 . 2009-05-22 22:33:22 0 d-----w- C:\Program Files\RSS Submit
2009-05-16 06
38 . 2009-05-16 06
38 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-13 10:00:20 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-05-01 18:30:36 . 2009-05-01 18:30:36 3366912 ----a-w- C:\Windows\system32\GPhotos.scr
2009-02-16 21:00:24 . 2009-02-16 21:00:24 15 --sh--r- C:\Windows\System32\drivers\fbd.sys
2009-02-16 16:25:48 . 2009-02-16 16:25:48 4 --sh--r- C:\Windows\System32\drivers\taishop.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 20:03:12 430080]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [2009-04-16 20:36:36 24264488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 09:18:58 39408]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 01:51:28 3885408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-25 23
10 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-25 23:05:50 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-25 23
02 145944]
"RtHDVCpl"="C:\Windows\RtHDVCpl.exe" [2008-04-08 23:14:50 6037504]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 23:26:26 417792]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 21:52:52 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 06:01:12 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 05:01:58 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 21:35:44 716800]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 23:03:46 75136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 01:12:44 1029416]
"ToshibaServiceStation"="C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 21:46:38 1242424]
"PCMAgent"="C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 02:52:00 143360]
"CLMLServer"="C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 01:35:30 188416]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 18:44:34 31072]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 23:04:58 5418864]
"NDSTray.exe"="NDSTray.exe" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-13 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{37E430F4-5480-440F-B2D7-D711B3DDB7C7}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{AE87CBDF-C7A6-4D36-89B5-E9764299ED33}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{09B4A36F-378B-4103-8749-232DA98F40B4}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{19B80962-D2B7-4047-A5D1-352865D490EF}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{DE4EB467-61D8-4C59-A140-78BFF0E282EE}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{1CEA450F-1E04-4E2D-A774-2F0DD8DBB941}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EB755C26-71AF-4147-9042-81B9BE037FAC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{19439B09-4E97-4EBE-8F1F-7698DC3D69AB}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{76618F25-553F-4F77-BE4F-09C14E253997}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E01DDEF4-DB73-4453-9AF3-94614E17E598}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [8/9/2008 2:42:12 PM 29808]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe [7/10/2008 5:58:40 PM 40960]
R2 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/14/2008 12:15:21 PM 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 6:03:52 PM 126976]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [8/14/2008 12:08:04 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;C:\Windows\System32\drivers\NETw5v32.sys [4/28/2008 7:29:26 AM 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 7:35:46 PM 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 C:\Windows\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-07-06 07:42:51 . 2008-08-09 23:04:58]
2009-07-06 C:\Windows\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-07-06 07:42:51 . 2008-08-09 23:04:58]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: musclemagfitness.com\www
Trusted Zone: ning.com\
www.musclemagfitness
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\fvk4e9mu.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm319YYUS&fl=0&ptb=9FEHU99BA9b1Pzi2FBDZQQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&si=39329&searchfor=
FF - plugin: C:\Program Files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.