laptop infected

Idont knowbutwantto · Feb 16, 2010

toshiba laptop xp sp3 all up to date now, laptop went crazy, ran malwarebytes jan 4 found lots of things, found this forum and did xp full, ran combofix on feb 12 scanned said it deleted bluetooth autorun something and c: restore file and rebooted, started 3m screen making log file do not start anything, I let it go. came in today feb 16 still there where it was, closed it restarted it and it made this log file. ran malwarebytes and highjack, here is the jan 4 malwarebytes log will post combofix log and mal and highjack in next ones. I have a svchost.exe process that has a lot of internet traffic too ? I would appreciated any help.

Malwarebytes' Anti-Malware 1.43
Database version: 3495
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 11:33:04 PM
mbam-log-2010-01-04 (23-33-04).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 253055
Time elapsed: 1 hour(s), 2 minute(s), 39 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 6
Registry Values Infected: 13
Registry Data Items Infected: 10
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\BtwSrv.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\kbdsock.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastnetsrv (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winsts (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\winlogon86.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\BtwSrv.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdsock.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshlps.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsts.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmdtc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TN9787VW\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TN9787VW\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V2K41PI1\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V2K41PI1\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Idont knowbutwantto · Feb 16, 2010

combofix log

ComboFix 10-02-12.01 - QTO 02/16/2010 11:10:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1463 [GMT -6:00]
Running from: c:\documents and settings\QTO\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-13 00:00 . 2010-02-13 00:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-12 21:31 . 2010-02-12 21:31 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-12 21:30 . 2010-02-13 00:00 -------- d-----w- c:\program files\McAfee
2010-02-12 21:30 . 2010-02-12 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-12 21:23 . 2010-02-12 21:23 -------- d-----w- c:\program files\WOT
2010-02-12 21:11 . 2010-02-12 21:11 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2010-02-12 21:11 . 2010-02-12 21:11 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2010-02-12 21:11 . 2010-02-12 21:11 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2010-02-12 21:11 . 2010-02-12 21:11 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2010-02-12 03:28 . 2009-04-06 17:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-02-12 03:28 . 2009-02-10 22:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-02-12 03:27 . 2009-02-18 23:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-02-12 03:26 . 2010-02-12 03:26 -------- d-----w- c:\program files\Agnitum
2010-02-12 03:26 . 2010-02-12 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-02-11 16:55 . 2010-02-11 16:55 -------- d-----w- c:\program files\ESET
2010-02-10 22:32 . 2010-02-12 20:11 -------- d-----w- c:\program files\a-squared Free
2010-02-10 00:43 . 2009-11-25 17:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-10 00:43 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-10 00:43 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-10 00:43 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-10 00:43 . 2010-02-10 00:43 -------- d-----w- c:\program files\Avira
2010-02-10 00:43 . 2010-02-10 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-02 22:54 . 2010-02-02 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-02-02 22:20 . 2010-02-02 22:20 -------- d-----w- c:\program files\NOS
2010-01-30 15:00 . 2010-01-30 15:27 -------- d-----w- c:\documents and settings\QTO\Application Data\IObit
2010-01-29 22:39 . 2010-01-29 22:40 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-29 21:58 . 2010-01-29 21:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 02:57 . 2010-01-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-01-20 02:57 . 2010-01-30 15:00 -------- d-----w- c:\program files\IObit
2010-01-19 23:40 . 2010-01-19 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-19 22:16 . 2010-01-19 22:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-19 17:50 . 2010-01-19 17:50 402952 ----a-w- c:\documents and settings\QTO\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2010-01-19 01:36 . 2010-01-19 23:42 -------- d-----w- c:\program files\Alwil Software
2010-01-19 00:57 . 2010-01-29 22:04 -------- d-----w- c:\documents and settings\QTO\Local Settings\Application Data\nos
2010-01-19 00:56 . 2010-01-19 00:56 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-18 23:55 . 2010-01-18 23:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 23:55 . 2010-01-18 23:55 152576 ----a-w- c:\documents and settings\QTO\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-18 23:50 . 2010-01-18 23:50 79488 ----a-w- c:\documents and settings\QTO\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 23:56 . 2008-07-23 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-12 21:18 . 2009-10-16 15:23 -------- d-----w- c:\documents and settings\QTO\Application Data\HpUpdate
2010-02-10 16:20 . 2006-08-28 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-06 15:12 . 2009-11-18 16:54 -------- d-----w- c:\program files\Google
2010-01-30 16:01 . 2006-08-28 04:15 -------- d-----w- c:\program files\Software by Design
2010-01-30 15:21 . 2006-12-07 03:12 -------- d-----w- c:\documents and settings\QTO\Application Data\OfficeUpdate12
2010-01-30 15:21 . 2006-02-17 09:57 -------- d-----w- c:\program files\DIGStream
2010-01-29 22:04 . 2006-08-28 06:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 14:52 . 2010-01-17 01:52 -------- d-----w- c:\program files\COMODO
2010-01-20 14:50 . 2010-01-17 01:58 -------- d-----w- c:\documents and settings\QTO\Application Data\Comodo
2010-01-19 22:16 . 2006-02-16 09:56 -------- d-----w- c:\program files\Common Files\Real
2010-01-19 22:15 . 2006-02-16 09:56 -------- d-----w- c:\program files\Real
2010-01-19 01:14 . 2010-01-17 02:00 372273 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-18 23:55 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2010-01-17 05:08 . 2010-01-17 05:08 -------- d-----w- c:\documents and settings\QTO\Application Data\ComodoGroup
2010-01-17 01:40 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 01:39 . 2010-01-17 01:39 -------- d-----w- c:\program files\Seagate
2010-01-13 02:01 . 2008-05-15 13:41 -------- d-----w- c:\program files\AVG
2010-01-11 04:56 . 2010-01-05 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 04:45 . 2010-01-11 04:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 21:06 . 2010-01-09 21:06 -------- d-----w- c:\program files\CCleaner
2010-01-09 01:27 . 2006-02-16 16:59 96640 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 22:07 . 2010-01-05 04:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-05 04:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 15:27 . 2010-01-17 05:04 18184 ----a-w- c:\windows\system32\cnat.exe
2010-01-07 00:38 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2010-01-06 01:37 . 2010-01-06 01:37 -------- d-----w- c:\documents and settings\QTO\Application Data\JAM Software
2010-01-05 17:34 . 2010-01-05 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-05 14:18 . 2010-01-05 05:41 -------- d-----w- c:\documents and settings\QTO\Application Data\SUPERAntiSpyware.com
2010-01-05 14:18 . 2010-01-05 05:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-05 14:18 . 2006-05-29 01:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:41 . 2010-01-05 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-05 04:26 . 2010-01-05 04:26 -------- d-----w- c:\documents and settings\QTO\Application Data\Malwarebytes
2010-01-05 04:26 . 2010-01-05 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 20:59 . 2010-01-04 20:59 8704 ----a-w- c:\windows\system32\sporder.dll
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 22:21 . 2008-03-24 02:20 -------- d-----w- c:\documents and settings\QTO\Application Data\U3
2009-12-21 20:31 . 2009-12-21 20:10 53631 ----a-w- c:\windows\hppins02.dat
2009-12-21 20:29 . 2006-10-17 00:20 -------- d-----w- c:\program files\HP
2009-12-21 19:14 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-15 14:03 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-02-15 14:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 02:50 . 2009-05-19 04:15 256 ----a-w- c:\windows\system32\pool.bin
2009-11-27 17:11 . 2006-02-15 14:03 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-15 14:03 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-15 14:03 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2006-02-15 14:02 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-15 14:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-01-23 04:14 . 2007-01-23 04:14 774144 -c----w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SnoopFreeUI"="SnoopFreeUI.exe" [2010-02-12 221184]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2005-09-07 09:25 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-19 22:15 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TAPPSRV"=2 (0x2)
"Swupdtmr"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IS360service"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate"=2 (0x2)
"FreeAgentGoNext Service"=2 (0x2)
"EvtEng"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CFSvcs"=2 (0x2)
"btwdins"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2/11/2010 9:28 PM 704384]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2/10/2010 4:32 PM 1858144]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2/11/2010 9:26 PM 1195008]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/9/2010 6:43 PM 108289]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 10:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 10:55 PM 33024]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/19/2010 8:57 PM 311568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/12/2010 3:30 PM 93320]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 10:25 PM 3456]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2/11/2010 9:27 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2/11/2010 9:28 PM 257432]
S2 0165841266010260mcinstcleanup;McAfee Application Installer Cleanup (0165841266010260);c:\docume~1\QTO\LOCALS~1\Temp\016584~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\QTO\LOCALS~1\Temp\016584~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2009 10:54 AM 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\QTO\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\QTO\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:54]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/p/1.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - (no file)
Notify-psfus - psqlpwd.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-16 11:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-16 11:17:50
ComboFix-quarantined-files.txt 2010-02-16 17:17

Pre-Run: 85,735,813,120 bytes free
Post-Run: 85,673,091,072 bytes free

- - End Of File - - 95033CF52D2E5968BEB3EFCB3ADC4069

Idont knowbutwantto · Feb 16, 2010

malwarebytes and hijack logs

Malwarebytes' Anti-Malware 1.44
Database version: 3747
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/16/2010 3:17:38 PM
mbam-log-2010-02-16 (15-17-38).txt

Scan type: Quick Scan
Objects scanned: 126199
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:05 PM, on 2/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\My Download File\ALL\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/p/1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum

n /alerts

n /notifications

n /systrayIcon

n /fl

n /fr

n /appData

n
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump

s_startup
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156730804890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1262812606703
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: McAfee Application Installer Cleanup (0165841266010260) (0165841266010260mcinstcleanup) - Unknown owner - C:\DOCUME~1\QTO\LOCALS~1\Temp\016584~1.EXE (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12996 bytes

Osiris · Feb 16, 2010

Remove

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Disable System Restore just to make sure its not infected.

Run CCleaner and Cleanup.

Reboot

Then post a new log

After you did these scans, are you still having any issues?

Idont knowbutwantto · Feb 16, 2010

this is Idont knowbutwantto

thanks Osiris

i am new at this how do i remove these

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

i know how to turn off system restore

Osiris · Feb 16, 2010

Scan with hijackthis, the entries I ask you to remove, put a check mark next to them and click fix checked

Idont knowbutwantto · Feb 16, 2010

i ran hijack checked the two entries and clicked fix checked, ran ccleaner cleanup, rebooted ran hijack and posting log.
outpost firewall says that svchost.exe has sent and recieved about 2625937 bytes since i rebooted.
ibot security 360 says i have a security hole with security update for flash player (kb923789) but when tell it to fix it it says that the update is wrong for flash player, macromedia flash player 8.
a-square free says my 2006 tubo tax exe (ttxatbti and ttxctbti) are infected.
when i try to log into this forum i had to try 3-4 times.
had google redirect before too, took file atapi.sys from a clean computer made it read only, and replaced the one this laptop with it seem to fix it
will it be safe to check my bank accounts when we are fixed ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:02 PM, on 2/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\My Download File\ALL\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/p/1.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum

n /alerts

n /notifications

n /systrayIcon

n /fl

n /fr

n /appData

n
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump

s_startup
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156730804890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1262812606703
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: McAfee Application Installer Cleanup (0165841266010260) (0165841266010260mcinstcleanup) - Unknown owner - C:\DOCUME~1\QTO\LOCALS~1\Temp\016584~1.EXE (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 13073 bytes

Osiris · Feb 17, 2010

Go ahead and post another combofix log as well.

SVCHOST.exe, that should be normal.

Update to Flash 10 Adobe - Adobe Flash Player

Idont knowbutwantto · Feb 17, 2010

ran combofix updated itself posting log, I have a usb seagate backup drive F: that backs my files every day at 6 pm will that be alright too, already have flash 10.0.45.2, macromedia flash 8 still shows up in add/remove progs but it can't find its uninstall.

ComboFix 10-02-16.03 - QTO 02/17/2010 9:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1185 [GMT -6:00]
Running from: c:\documents and settings\QTO\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-13 00:00 . 2010-02-13 00:00 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-12 21:31 . 2010-02-12 21:31 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-12 21:30 . 2010-02-13 00:00 -------- d-----w- c:\program files\McAfee
2010-02-12 21:30 . 2010-02-12 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-12 21:23 . 2010-02-12 21:23 -------- d-----w- c:\program files\WOT
2010-02-12 21:11 . 2010-02-12 21:11 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2010-02-12 21:11 . 2010-02-12 21:11 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2010-02-12 21:11 . 2010-02-12 21:11 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2010-02-12 21:11 . 2010-02-12 21:11 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2010-02-12 03:28 . 2009-04-06 17:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-02-12 03:28 . 2009-02-10 22:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-02-12 03:27 . 2009-02-18 23:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-02-12 03:26 . 2010-02-12 03:26 -------- d-----w- c:\program files\Agnitum
2010-02-12 03:26 . 2010-02-12 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2010-02-11 16:55 . 2010-02-11 16:55 -------- d-----w- c:\program files\ESET
2010-02-10 22:32 . 2010-02-12 20:11 -------- d-----w- c:\program files\a-squared Free
2010-02-10 00:43 . 2009-11-25 17:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-10 00:43 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-10 00:43 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-10 00:43 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-10 00:43 . 2010-02-10 00:43 -------- d-----w- c:\program files\Avira
2010-02-10 00:43 . 2010-02-10 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-02 22:54 . 2010-02-02 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-02-02 22:20 . 2010-02-02 22:20 -------- d-----w- c:\program files\NOS
2010-01-30 15:00 . 2010-01-30 15:27 -------- d-----w- c:\documents and settings\QTO\Application Data\IObit
2010-01-29 22:39 . 2010-01-29 22:40 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-29 21:58 . 2010-01-29 21:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-20 02:57 . 2010-01-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-01-20 02:57 . 2010-01-30 15:00 -------- d-----w- c:\program files\IObit
2010-01-19 23:40 . 2010-01-19 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-19 22:16 . 2010-01-19 22:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-19 17:50 . 2010-01-19 17:50 402952 ----a-w- c:\documents and settings\QTO\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2010-01-19 01:36 . 2010-01-19 23:42 -------- d-----w- c:\program files\Alwil Software
2010-01-19 00:57 . 2010-01-29 22:04 -------- d-----w- c:\documents and settings\QTO\Local Settings\Application Data\nos
2010-01-19 00:56 . 2010-01-19 00:56 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-18 23:55 . 2010-01-18 23:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 23:55 . 2010-01-18 23:55 152576 ----a-w- c:\documents and settings\QTO\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-18 23:50 . 2010-01-18 23:50 79488 ----a-w- c:\documents and settings\QTO\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 02:26 . 2006-08-28 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-12 23:56 . 2008-07-23 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-12 21:18 . 2009-10-16 15:23 -------- d-----w- c:\documents and settings\QTO\Application Data\HpUpdate
2010-02-06 15:12 . 2009-11-18 16:54 -------- d-----w- c:\program files\Google
2010-01-30 16:01 . 2006-08-28 04:15 -------- d-----w- c:\program files\Software by Design
2010-01-30 15:21 . 2006-12-07 03:12 -------- d-----w- c:\documents and settings\QTO\Application Data\OfficeUpdate12
2010-01-30 15:21 . 2006-02-17 09:57 -------- d-----w- c:\program files\DIGStream
2010-01-29 22:04 . 2006-08-28 06:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 14:52 . 2010-01-17 01:52 -------- d-----w- c:\program files\COMODO
2010-01-20 14:50 . 2010-01-17 01:58 -------- d-----w- c:\documents and settings\QTO\Application Data\Comodo
2010-01-19 22:16 . 2006-02-16 09:56 -------- d-----w- c:\program files\Common Files\Real
2010-01-19 22:15 . 2006-02-16 09:56 -------- d-----w- c:\program files\Real
2010-01-19 01:14 . 2010-01-17 02:00 372273 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-18 23:55 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2010-01-17 05:08 . 2010-01-17 05:08 -------- d-----w- c:\documents and settings\QTO\Application Data\ComodoGroup
2010-01-17 01:40 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 01:39 . 2010-01-17 01:39 -------- d-----w- c:\program files\Seagate
2010-01-13 02:01 . 2008-05-15 13:41 -------- d-----w- c:\program files\AVG
2010-01-11 04:56 . 2010-01-05 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 04:45 . 2010-01-11 04:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 21:06 . 2010-01-09 21:06 -------- d-----w- c:\program files\CCleaner
2010-01-09 01:27 . 2006-02-16 16:59 96640 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 22:07 . 2010-01-05 04:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-05 04:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 15:27 . 2010-01-17 05:04 18184 ----a-w- c:\windows\system32\cnat.exe
2010-01-07 00:38 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2010-01-06 01:37 . 2010-01-06 01:37 -------- d-----w- c:\documents and settings\QTO\Application Data\JAM Software
2010-01-05 17:34 . 2010-01-05 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-05 14:18 . 2010-01-05 05:41 -------- d-----w- c:\documents and settings\QTO\Application Data\SUPERAntiSpyware.com
2010-01-05 14:18 . 2010-01-05 05:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-05 14:18 . 2006-05-29 01:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 05:41 . 2010-01-05 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-05 04:26 . 2010-01-05 04:26 -------- d-----w- c:\documents and settings\QTO\Application Data\Malwarebytes
2010-01-05 04:26 . 2010-01-05 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 20:59 . 2010-01-04 20:59 8704 ----a-w- c:\windows\system32\sporder.dll
2009-12-31 16:50 . 2006-02-15 14:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 22:21 . 2008-03-24 02:20 -------- d-----w- c:\documents and settings\QTO\Application Data\U3
2009-12-21 20:31 . 2009-12-21 20:10 53631 ----a-w- c:\windows\hppins02.dat
2009-12-21 20:29 . 2006-10-17 00:20 -------- d-----w- c:\program files\HP
2009-12-21 19:14 . 2006-02-15 14:04 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-02-15 15:34 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-15 14:03 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-02-15 14:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 02:50 . 2009-05-19 04:15 256 ----a-w- c:\windows\system32\pool.bin
2009-11-27 17:11 . 2006-02-15 14:03 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-15 14:03 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-15 14:03 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2006-02-15 14:02 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2006-02-15 14:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-01-23 04:14 . 2007-01-23 04:14 774144 -c----w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-16_17.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 02:43 . 2010-02-17 02:43 16384 c:\windows\temp\Perflib_Perfdata_e0c.dat
+ 2010-02-17 02:43 . 2010-02-17 02:43 16384 c:\windows\temp\Perflib_Perfdata_c30.dat
+ 2010-01-29 22:40 . 2010-02-17 14:51 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2010-01-29 22:40 . 2010-01-29 22:40 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SnoopFreeUI"="SnoopFreeUI.exe" [2010-02-12 221184]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2005-09-07 09:25 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-19 22:15 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TAPPSRV"=2 (0x2)
"Swupdtmr"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IS360service"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate"=2 (0x2)
"FreeAgentGoNext Service"=2 (0x2)
"EvtEng"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CFSvcs"=2 (0x2)
"btwdins"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2/11/2010 9:28 PM 704384]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2/10/2010 4:32 PM 1858144]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2/11/2010 9:26 PM 1195008]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/9/2010 6:43 PM 108289]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 10:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 10:55 PM 33024]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/19/2010 8:57 PM 311568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/12/2010 3:30 PM 93320]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 10:25 PM 3456]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2/11/2010 9:27 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2/11/2010 9:28 PM 257432]
S2 0165841266010260mcinstcleanup;McAfee Application Installer Cleanup (0165841266010260);c:\docume~1\QTO\LOCALS~1\Temp\016584~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\QTO\LOCALS~1\Temp\016584~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/18/2009 10:54 AM 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\QTO\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> c:\docume~1\QTO\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:54]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/p/1.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-02-17 09:18:16
ComboFix-quarantined-files.txt 2010-02-17 15:18
ComboFix2.txt 2010-02-16 17:17

Pre-Run: 87,031,779,328 bytes free
Post-Run: 86,973,251,584 bytes free

- - End Of File - - 76012B8E18832A88FDC2B504AD0D68DA

Osiris · Feb 17, 2010

Try this

How to uninstall the Adobe Flash Player plug-in and ActiveX control

laptop infected

Idont knowbutwantto

Solid State Member

Idont knowbutwantto

Solid State Member

Idont knowbutwantto

Solid State Member

Osiris

Golden Master

Idont knowbutwantto

Solid State Member

Osiris

Golden Master

Idont knowbutwantto

Solid State Member

Osiris

Golden Master

Idont knowbutwantto

Solid State Member

Osiris

Golden Master

Similar threads