Tech Support Forum - View Single Post - Please Help!! Trojan Adware.32.ExpDwnldr is hurting my PC

thecoolkids3 · 06-29-2007, 11:36 PM

"russel" - 2007-06-29 19:27:07 - ComboFix 07-06-30.3 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Russ\Desktop.\Error Cleaner.url
C:\DOCUME~1\Russ\Desktop.\Privacy Protector.url
C:\DOCUME~1\Russ\Desktop.\Spyware&Malware Protection.url
C:\WINDOWS\expro.dll
C:\WINDOWS\vpssup.dll

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))

2007-06-29 19:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 15:55 <DIR> d-------- C:\Deckard
2007-06-28 02:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-27 14:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-27 13:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 13:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-27 13:10 <DIR> d-------- C:\DOCUME~1\Russ\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 12:46 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-06-27 09:52 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-06-26 18:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-25 02:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-25 02:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-08 02:15 <DIR> d-------- C:\DOCUME~1\Russ\APPLIC~1\Smith Micro
2007-06-08 02:13 <DIR> d-------- C:\Program Files\Verizon Wireless
2007-06-08 02:13 <DIR> d-------- C:\Program Files\Novatel Wireless

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 05:50:05 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-06-28 13:18:42 -------- d-----w C:\Program Files\Zune
2007-06-28 13:15:07 -------- d-----w C:\Program Files\Protector Suite QL
2007-06-28 13:10:46 -------- d-----w C:\Program Files\Google
2007-06-28 13:10:25 -------- d-----w C:\Program Files\Copernic Desktop Search 2
2007-06-28 13:10:03 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-28 13:09:01 -------- d-----w C:\Program Files\Apoint2K
2007-06-28 01:05:39 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-27 22:45:52 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\U3
2007-06-25 13:20:18 164 ----a-w C:\install.dat
2007-06-12 06:01:59 -------- d-----w C:\Program Files\Logitech
2007-06-12 06:00:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-12 06:00:13 -------- d-----w C:\Program Files\TOSHIBA
2007-06-02 11:50:26 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\AdobeUM
2007-05-24 07:26:07 -------- d-----w C:\Program Files\MSN Messenger
2007-05-22 10:33:16 -------- d-----w C:\Program Files\Common Files\Logitech
2007-05-22 10:30:55 -------- d-----w C:\Program Files\Common Files\Logishrd
2007-05-20 02:44:39 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-20 01:20:19 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\Viewpoint
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-07 09:35:02 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\Real
2007-05-07 09:10:25 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-07 09:10:21 -------- d-----w C:\Program Files\Common Files\Real
2007-05-07 08:08:13 -------- d-----w C:\Program Files\Picasa2
2007-05-02 06:44:01 -------- d-----w C:\Program Files\AIM6
2007-05-02 06:42:30 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 08:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 08:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 08:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 08:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 08:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 08:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 08:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 08:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 03:50:16 2,783,048 ----a-w C:\WINDOWS\system32\GPhotos.scr

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-10-06 03:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-06-18 22:50 2403392 -ra------ c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 13:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 16:43 C:\WINDOWS\Alcmtr.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 20:40]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 04:29 C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 11:45]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 11:45]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 10:25]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 09:13]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 08:52]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 14:28]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 15:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 23:09]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe" [2006-12-20 12:38]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 14:03]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 22:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 12:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-18 22:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{FE5E1327-022F-4DE1-BE44-0F860E04A6D5}"="C:\WINDOWS\vpssup.dll" []
"{2E3D4FFD-0B06-48B3-A0AE-1294323D556C}"="C:\WINDOWS\expro.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk]
backup=C:\WINDOWS\pss\LCDPlayer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR Smart Wizard.lnk]
backup=C:\WINDOWS\pss\NETGEAR Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2]
"C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
"C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker]
"C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499f8dda-aa9c-11db-b349-00130224faff}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79c991c6-c893-11db-b363-00130224faff}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e93e6c7-8fe2-11db-b33f-00130224faff}]
AutoRun\command- G:\LaunchU3.exe -a

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

Contents of the 'Scheduled Tasks' folder
2006-12-13 02:02:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-06-16 22:15:01 C:\WINDOWS\tasks\Registration reminder 1.job
2006-06-16 22:15:02 C:\WINDOWS\tasks\Registration reminder 2.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 19:29:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 19:29:53
C:\ComboFix-quarantined-files.txt ... 2007-06-29 19:29

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 7:30:23 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SNM] "C:\Program Files\SpyNoMore\SNM.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm120YYUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vpssup - {FE5E1327-022F-4DE1-BE44-0F860E04A6D5} - C:\WINDOWS\vpssup.dll (file missing)
O21 - SSODL: expro - {2E3D4FFD-0B06-48B3-A0AE-1294323D556C} - C:\WINDOWS\expro.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

06-29-2007, 11:36 PM	#5 (permalink)
thecoolkids3 Registered User Join Date: Jun 2007 Posts: 5 OS: Windows xp	Re: Please Help!! Trojan Adware.32.ExpDwnldr is hurting my PC "russel" - 2007-06-29 19:27:07 - ComboFix 07-06-30.3 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Russ\Desktop.\Error Cleaner.url C:\DOCUME~1\Russ\Desktop.\Privacy Protector.url C:\DOCUME~1\Russ\Desktop.\Spyware&Malware Protection.url C:\WINDOWS\expro.dll C:\WINDOWS\vpssup.dll ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 ))))))))))))))))))))))))))))))) 2007-06-29 19:24 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-28 15:55 <DIR> d-------- C:\Deckard 2007-06-28 02:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 14:28 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-06-27 13:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-06-27 13:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-06-27 13:10 <DIR> d-------- C:\DOCUME~1\Russ\APPLIC~1\SUPERAntiSpyware.com 2007-06-27 12:46 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2007-06-27 09:52 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-06-26 18:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-25 02:38 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-06-25 02:04 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-06-08 02:15 <DIR> d-------- C:\DOCUME~1\Russ\APPLIC~1\Smith Micro 2007-06-08 02:13 <DIR> d-------- C:\Program Files\Verizon Wireless 2007-06-08 02:13 <DIR> d-------- C:\Program Files\Novatel Wireless (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-29 05:50:05 -------- d-----w C:\Program Files\Symantec AntiVirus 2007-06-28 13:18:42 -------- d-----w C:\Program Files\Zune 2007-06-28 13:15:07 -------- d-----w C:\Program Files\Protector Suite QL 2007-06-28 13:10:46 -------- d-----w C:\Program Files\Google 2007-06-28 13:10:25 -------- d-----w C:\Program Files\Copernic Desktop Search 2 2007-06-28 13:10:03 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-28 13:09:01 -------- d-----w C:\Program Files\Apoint2K 2007-06-28 01:05:39 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-27 22:45:52 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\U3 2007-06-25 13:20:18 164 ----a-w C:\install.dat 2007-06-12 06:01:59 -------- d-----w C:\Program Files\Logitech 2007-06-12 06:00:14 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-12 06:00:13 -------- d-----w C:\Program Files\TOSHIBA 2007-06-02 11:50:26 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\AdobeUM 2007-05-24 07:26:07 -------- d-----w C:\Program Files\MSN Messenger 2007-05-22 10:33:16 -------- d-----w C:\Program Files\Common Files\Logitech 2007-05-22 10:30:55 -------- d-----w C:\Program Files\Common Files\Logishrd 2007-05-20 02:44:39 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-05-20 01:20:19 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\Viewpoint 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-07 09:35:02 -------- d-----w C:\DOCUME~1\Russ\APPLIC~1\Real 2007-05-07 09:10:25 -------- d-----w C:\Program Files\Common Files\xing shared 2007-05-07 09:10:21 -------- d-----w C:\Program Files\Common Files\Real 2007-05-07 08:08:13 -------- d-----w C:\Program Files\Picasa2 2007-05-02 06:44:01 -------- d-----w C:\Program Files\AIM6 2007-05-02 06:42:30 -------- d-----w C:\Program Files\Common Files\AOL 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:43 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 08:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 08:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 08:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 08:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 08:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 08:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 08:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 08:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 03:50:16 2,783,048 ----a-w C:\WINDOWS\system32\GPhotos.scr ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] 2005-10-06 03:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-06-18 22:50 2403392 -ra------ c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 13:49 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 16:43 C:\WINDOWS\Alcmtr.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 20:40] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 04:29 C:\WINDOWS\agrsmmsg.exe] "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 11:45] "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 11:45] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 10:25] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 09:13] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 08:52] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 14:28] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 15:37] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 23:09] "SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe" [2006-12-20 12:38] "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 14:03] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 22:32] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 02:00] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 12:38] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-18 22:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{FE5E1327-022F-4DE1-BE44-0F860E04A6D5}"="C:\WINDOWS\vpssup.dll" [] "{2E3D4FFD-0B06-48B3-A0AE-1294323D556C}"="C:\WINDOWS\expro.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk] backup=C:\WINDOWS\pss\LCDPlayer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR Smart Wizard.lnk] backup=C:\WINDOWS\pss\NETGEAR Smart Wizard.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] NDSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499f8dda-aa9c-11db-b349-00130224faff}] AutoRun\command- F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79c991c6-c893-11db-b363-00130224faff}] AutoRun\command- G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e93e6c7-8fe2-11db-b33f-00130224faff}] AutoRun\command- G:\LaunchU3.exe -a HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf Contents of the 'Scheduled Tasks' folder 2006-12-13 02:02:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2006-06-16 22:15:01 C:\WINDOWS\tasks\Registration reminder 1.job 2006-06-16 22:15:02 C:\WINDOWS\tasks\Registration reminder 2.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-29 19:29:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-29 19:29:53 C:\ComboFix-quarantined-files.txt ... 2007-06-29 19:29 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 7:30:23 PM, on 6/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\RAMASST.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe" O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [SNM] "C:\Program Files\SpyNoMore\SNM.exe" /startup O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm120YYUS O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: vpssup - {FE5E1327-022F-4DE1-BE44-0F860E04A6D5} - C:\WINDOWS\vpssup.dll (file missing) O21 - SSODL: expro - {2E3D4FFD-0B06-48B3-A0AE-1294323D556C} - C:\WINDOWS\expro.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe