If somebody could look at this it would be great

Aidan · Jun 21, 2010

Alright well today MSE detected a trojan in my System Volume information. So I disabled system restore and ran a full scan with both MSE and MBAM. Both found nothing thank god. The funny thing is MSE found the same trojan earlier, which is Trojan:Win32/Bumat!rts. The actual file was HaRepacker, which is a tool many people use at a forum I go to made for extracting sprites from the MMO Maplestory. Now it found the same trojan, but as some weird .exe in my System Volume info. Here is Hijackthis, followed by MBAM.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:02 PM, on 6/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Morgan\m3jpegV3\MMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Toshiba
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Personalized Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Personalized Start Page
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Morgan\m3jpegV3\MMTray.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Button Manager.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Aidan Parker\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Aidan Parker\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272589295890
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O24 - Desktop Component 0: (no name) - Google

--
End of file - 10649 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4158

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2010 5:22:57 PM
mbam-log-2010-06-21 (17-22-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 272759
Time elapsed: 1 hour(s), 31 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Osiris · Jun 22, 2010

Both logs look fine, can you run combofix and post its log?

Aidan · Jun 22, 2010

ComboFix 10-06-21.03 - Aidan Parker 06/22/2010 12:04:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.424 [GMT -7:00]
Running from: c:\documents and settings\Aidan Parker\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-20 08:09 . 2010-06-20 08:09 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Alien Skin
2010-06-18 00:49 . 2010-06-18 00:49 53248 ----a-r- c:\documents and settings\Aidan Parker\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-18 00:49 . 2010-06-18 00:49 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Leadertech
2010-06-18 00:47 . 2010-06-18 00:47 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-06-18 00:47 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-18 00:45 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-06-18 00:43 . 2010-06-18 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-06-18 00:43 . 2010-06-18 00:44 -------- d-----w- c:\program files\Logitech
2010-06-18 00:42 . 2010-06-18 00:49 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-06-18 00:42 . 2010-06-18 00:48 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Logitech
2010-06-18 00:42 . 2010-06-18 00:42 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Logishrd
2010-06-18 00:10 . 2010-06-18 00:15 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-17 23:27 . 2010-06-17 23:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-13 19:12 . 2010-06-13 19:14 -------- d-----w- C:\0f601831dbf41c14dcc0d75f2d713810
2010-06-13 19:02 . 2010-06-13 19:30 -------- d-----w- c:\windows\system32\XPSViewer
2010-06-13 19:01 . 2010-06-13 19:01 -------- d-----w- c:\program files\Reference Assemblies
2010-06-13 18:25 . 2010-06-13 18:25 -------- d-----w- c:\windows\system32\URTTemp
2010-06-13 17:37 . 2010-06-13 17:37 -------- d-----w- c:\program files\Belarc
2010-06-13 17:37 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-06-13 03:33 . 2010-06-13 03:33 -------- d-----w- c:\program files\Microsoft Easy Assist
2010-06-13 03:32 . 2010-06-13 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
2010-06-12 22:17 . 2010-06-13 00:48 -------- d-----w- c:\documents and settings\Aidan Parker\SecurityScans
2010-06-12 22:16 . 2010-06-12 22:16 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2010-06-12 20:33 . 2010-06-12 20:33 -------- d-----w- C:\8943be50a07331394b14
2010-06-12 20:27 . 2010-06-12 22:05 -------- d-----w- C:\9917b7e164d46072ada4
2010-06-12 20:27 . 2010-06-12 20:33 -------- d-----w- C:\70af40d79649f3277b
2010-06-12 19:03 . 2010-06-12 22:05 -------- d-----w- C:\2369a1825c403e971ee70db8
2010-06-12 19:03 . 2010-06-12 20:10 -------- d-----w- C:\c75cfb44d240caeff56b1b380c78498e
2010-06-12 18:45 . 2010-06-12 18:47 -------- d-----w- C:\cb15b23b0cd3eec79e4349a8
2010-06-12 18:20 . 2010-06-12 18:20 -------- d-----w- c:\documents and settings\Aidan Parker\Local Settings\Application Data\PCHealth
2010-06-12 05:16 . 2010-06-13 18:23 -------- d-----w- c:\windows\SxsCaPendDel
2010-06-11 00:33 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-10 08:42 . 2010-06-10 08:42 -------- d-----w- c:\program files\snes9k
2010-06-10 07:21 . 2010-06-12 20:23 -------- d-----w- c:\documents and settings\Aidan Parker\Local Settings\Application Data\LogMeIn Hamachi
2010-06-10 07:21 . 2010-06-12 20:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-10 07:20 . 2010-06-10 07:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-08 05:16 . 2010-06-08 05:16 -------- d-----w- C:\Nexon
2010-06-08 05:16 . 2010-06-08 05:16 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-06-08 05:16 . 2010-06-08 05:16 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-06-08 05:16 . 2010-06-08 05:16 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-06-08 05:16 . 2010-06-08 05:16 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-06-08 05:16 . 2010-06-08 05:16 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-06-08 05:16 . 2010-06-08 05:16 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-06-08 05:16 . 2010-06-08 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-06-06 03:57 . 2010-06-06 04:23 -------- d-----w- c:\program files\zsnesw
2010-06-06 03:35 . 2008-04-14 07:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-06-06 03:35 . 2008-04-14 07:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-06-06 03:35 . 2008-04-14 07:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-06-06 03:35 . 2008-04-14 07:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-06-06 03:35 . 2008-04-14 07:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-06-06 03:35 . 2008-04-14 07:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-06-06 03:35 . 2008-04-14 07:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-06-06 03:35 . 2008-04-14 07:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-06-06 03:34 . 2008-04-14 07:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-06-06 03:34 . 2008-04-14 07:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-06-06 03:34 . 2008-04-14 07:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-06-06 03:34 . 2008-04-14 07:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-06-06 03:34 . 2008-04-14 07:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-06-06 03:34 . 2008-04-14 07:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-06-06 03:34 . 2008-04-14 07:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-06-06 03:34 . 2008-04-14 07:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-06-06 03:34 . 2008-04-14 12:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-06 03:34 . 2008-04-14 12:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-06 03:33 . 2008-04-14 07:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-06-06 03:33 . 2008-04-14 07:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-06-06 03:33 . 2010-06-06 03:33 -------- d-----w- c:\program files\HP
2010-06-06 03:33 . 2010-06-06 03:33 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\InstallShield
2010-06-06 03:33 . 2010-06-06 03:33 -------- d-----w- c:\documents and settings\Aidan Parker\Local Settings\Application Data\ArcSoft
2010-06-06 03:33 . 2010-06-06 03:40 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\ArcSoft
2010-06-06 03:32 . 2010-06-06 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-06-06 03:31 . 2005-04-27 23:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-06-06 03:30 . 2008-04-26 04:06 55808 ----a-w- c:\windows\system32\ArcSoftKsUFilter.dll
2010-06-06 03:30 . 2008-04-25 12:06 14336 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2010-06-06 03:30 . 2010-06-06 03:31 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-06 03:30 . 2010-06-06 03:32 -------- d-----w- c:\program files\ArcSoft
2010-06-05 23:36 . 2010-06-05 23:36 -------- d-----w- c:\program files\Common Files\DirectX
2010-06-05 23:35 . 2010-06-05 23:35 -------- d-----w- c:\program files\ChankastAlpha025
2010-06-05 03:17 . 2010-06-05 03:26 -------- d-----w- c:\program files\Project64k
2010-06-05 02:28 . 2010-06-05 02:28 8854 ----a-r- c:\documents and settings\Aidan Parker\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-06-05 02:28 . 2010-06-05 02:28 40960 ----a-r- c:\documents and settings\Aidan Parker\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-06-05 02:28 . 2010-06-05 02:28 40960 ----a-r- c:\documents and settings\Aidan Parker\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-06-05 02:28 . 2010-06-05 02:52 -------- d-----w- c:\program files\Project64 1.6
2010-06-03 02:49 . 2010-06-03 02:49 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\TeamViewer
2010-06-03 02:49 . 2010-06-03 02:49 -------- d-----w- c:\program files\TeamViewer
2010-05-31 17:57 . 2010-06-22 18:55 -------- d-----w- c:\documents and settings\Aidan Parker\Tracing
2010-05-31 17:56 . 2010-05-31 17:56 -------- d-----w- c:\program files\Microsoft
2010-05-31 17:56 . 2010-05-31 17:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-31 17:55 . 2010-05-31 17:56 -------- d-----w- c:\program files\Windows Live
2010-05-31 17:50 . 2010-05-31 17:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-25 03:47 . 2010-05-25 03:47 -------- d-----w- c:\program files\Audacity
2010-05-25 03:41 . 2010-06-05 02:29 -------- d-----w- c:

Aidan · Jun 22, 2010

\program files\CamStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:09 . 2010-05-12 04:30 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Skype
2010-06-22 18:57 . 2010-05-12 04:30 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\skypePM
2010-06-22 06:27 . 2006-04-06 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-06-19 16:26 . 2010-05-22 01:42 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\DVDVideoSoftIEHelpers
2010-06-19 16:26 . 2010-04-30 23:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-18 00:47 . 2010-06-18 00:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-15 05:50 . 2010-04-30 00:23 42816 ----a-w- c:\documents and settings\Aidan Parker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-12 23:33 . 2010-05-06 04:43 -------- d-----w- c:\program files\iWisoft Flash SWF to Video Converter
2010-06-07 05:33 . 2006-04-06 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 02:29 . 2010-05-22 01:49 -------- d-----w- c:\program files\Xvid
2010-06-05 02:29 . 2010-05-10 06:41 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-28 05:46 . 2006-04-06 22:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-27 06:59 . 2010-05-06 02:27 -------- d-----w- c:\program files\CCleaner
2010-05-22 01:58 . 2010-05-22 01:58 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\DivX
2010-05-22 01:48 . 2010-05-22 01:48 -------- d-----w- c:\program files\Morgan
2010-05-22 01:42 . 2010-04-30 23:26 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-21 21:14 . 2010-04-30 00:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 01:56 . 2010-05-16 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-19 00:14 . 2010-05-19 00:14 -------- d-----w- c:\program files\Trend Micro
2010-05-19 00:05 . 2010-05-19 00:05 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Malwarebytes
2010-05-19 00:05 . 2010-05-19 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 00:05 . 2010-05-19 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-16 21:36 . 2010-05-16 21:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-13 04:48 . 2010-05-13 04:48 -------- d-----w- c:\program files\RocketDock
2010-05-12 04:30 . 2010-05-12 04:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-12 04:29 . 2010-05-12 04:29 -------- d-----r- c:\program files\Skype
2010-05-12 04:29 . 2010-05-12 04:29 -------- d-----w- c:\program files\Common Files\Skype
2010-05-12 04:29 . 2010-05-12 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-09 21:52 . 2010-05-09 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-09 21:52 . 2010-05-09 21:52 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Office Genuine Advantage
2010-05-06 10:41 . 2006-04-05 22:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 04:23 . 2010-04-30 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-06 04:08 . 2010-05-06 04:08 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-06 03:14 . 2010-05-06 00:26 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Sony
2010-05-06 03:03 . 2010-05-06 03:03 -------- d-----w- c:\program files\Vstplugins
2010-05-06 03:03 . 2010-05-06 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-05-06 02:54 . 2010-05-06 02:54 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Publish Providers
2010-05-06 02:51 . 2010-05-06 00:21 -------- d-----w- c:\program files\Sony
2010-05-06 02:50 . 2010-05-05 23:55 -------- d-----w- c:\program files\Sony Setup
2010-05-06 01:10 . 2010-04-30 00:52 -------- d-----w- c:\program files\Common Files\Macromedia
2010-05-06 01:09 . 2010-04-30 00:52 -------- d-----w- c:\program files\Macromedia
2010-05-06 01:08 . 2010-05-06 01:08 45056 ----a-r- c:\documents and settings\Aidan Parker\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2010-05-06 00:59 . 2010-05-06 00:15 -------- d-----w- c:\program files\Reference Assemblies(2)
2010-05-06 00:20 . 2010-05-06 00:20 -------- d-----w- c:\program files\MSBuild
2010-05-05 23:57 . 2010-05-05 23:55 52770576 ----a-w- c:\documents and settings\Aidan Parker\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2010-05-05 23:55 . 2010-05-05 23:55 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Sony Setup
2010-05-02 21:51 . 2006-04-06 22:23 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-05-02 21:51 . 2006-04-06 18:01 -------- d-----w- c:\program files\Microsoft Works
2010-05-02 21:51 . 2006-04-06 22:13 -------- d-----w- c:\program files\America Online 9.0
2010-05-02 21:51 . 2010-04-30 03:11 -------- d-----w- c:\program files\Protector Suite QL
2010-05-02 17:45 . 2010-05-02 17:44 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-02 17:44 . 2010-05-02 17:44 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\TuneUp Software
2010-05-02 17:44 . 2010-05-02 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-02 17:43 . 2010-05-02 17:43 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-02 05:22 . 2006-04-05 22:06 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 07:40 . 2010-05-01 07:40 -------- d-----w- c:\program files\Sandboxie
2010-04-30 03:11 . 2010-04-30 03:11 -------- d-----w- c:\program files\Common Files\Protector Suite QL
2010-04-30 03:10 . 2010-04-30 03:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-30 03:08 . 2010-04-30 03:08 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-30 03:08 . 2010-04-30 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-04-30 03:08 . 2006-04-06 18:21 -------- d-----w- c:\program files\Intel
2010-04-30 03:08 . 2010-04-30 03:10 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Intel
2010-04-30 03:08 . 2010-04-30 03:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-04-30 02:36 . 2010-04-30 02:36 -------- d-----w- c:\program files\MSXML 4.0
2010-04-30 02:13 . 2006-04-06 17:45 87447 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-30 00:40 . 2010-04-30 00:39 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-04-30 00:35 . 2010-04-30 00:35 -------- d-----w- c:\documents and settings\Aidan Parker\Application Data\Protector Suite
2010-04-30 00:20 . 2006-04-06 21:57 -------- d-----w- c:\program files\Toshiba Games
2010-04-30 00:20 . 2006-04-05 22:10 -------- d-----w- c:\program files\Toshiba
2010-04-29 22:39 . 2010-05-19 00:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-05-19 00:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 22:29 . 2010-04-28 22:29 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2010-04-20 05:30 . 2006-04-05 22:05 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 05:12 . 2010-04-17 05:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-14 26192168]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"TPSMain"="TPSMain.exe" [2006-03-10 315392]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"MMTray"="c:\program files\Morgan\m3jpegV3\MMTray.exe" [2001-11-09 53248]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Aidan Parker\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2010-6-5 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-24 17:49 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TPSODDCtl"=TPSODDCtl.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"LtMoh"=c:\program files\ltmoh\Ltmoh.exe
"Pinger"=c:\toshiba\ivp\ism\pinger.exe /run
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SmoothView"=c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"00THotkey"=c:\windows\system32\00THotkey.exe
"DDWMon"=c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"TFncKy"=TFncKy.exe
"ThpSrv"=thpsrv /logon
"TFNF5"=TFNF5.exe
"TOSDCR"=TOSDCR.EXE
"Tvs"=c:\program files\Toshiba\Tvs\TvsTray.exe
"TouchED"=c:\program files\TOSHIBA\TouchED\TouchED.Exe
"NDSTray.exe"=NDSTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144361610\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Aidan Parker\\My Documents\\RydahMS\\RydahMSv75\\RydahMSv75\\ActionStory.exe"=
"c:\\Documents and Settings\\Aidan Parker\\My Documents\\SNES emulator\\zsnesw.exe"=
"c:\\Program Files\\zsnesw\\zsnesw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [4/6/2006 12:09 PM 6144]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/24/2006 11:01 AM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/24/2006 11:01 AM 33024]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/17/2010 5:45 PM 10448]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2/24/2006 10:34 AM 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/6/2006 7:28 PM 98304]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2/25/2010 10:59 AM 1047880]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [6/5/2010 8:30 PM 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [6/5/2010 8:30 PM 14336]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 10:18 AM 10064]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/5/2006 3:11 PM 35968]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]

2010-06-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Aidan Parker\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Aidan Parker\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Aidan Parker\Application Data\Mozilla\Firefox\Profiles\4yxp3i23.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

Aidan · Jun 22, 2010

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-22 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll

- - - - - - - > 'lsass.exe'(1144)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2010-06-22 12:12:01
ComboFix-quarantined-files.txt 2010-06-22 19:11

Pre-Run: 63,732,674,560 bytes free
Post-Run: 63,731,363,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 92C67A55D48377C448B31092C3396215

Osiris · Jun 22, 2010

Does MSE detect anything after these scans?

Aidan · Jun 22, 2010

Osiris said:
Does MSE detect anything after these scans?

No, it did not find anything.

Osiris · Jun 22, 2010

Thats good news :thumbsup:

Aidan · Jun 22, 2010

Osiris said:
Thats good news

So am I okay? I can pose a new Hijackthis log if you want.

Osiris · Jun 22, 2010

Yea go ahead

If somebody could look at this it would be great

Aidan

Baseband Member

Osiris

Golden Master

Aidan

Baseband Member

Aidan

Baseband Member

Aidan

Baseband Member

Osiris

Golden Master

Aidan

Baseband Member

Osiris

Golden Master

Aidan

Baseband Member

Osiris

Golden Master

Similar threads