PDA

View Full Version : Malware Has Infected My Computer and Now My Browsers Redirect



kmd pix
2009-10-26, 06:29
Caught the Koobface and a Trojan virus from clicking on a Facebook video posting the other day. At one time I could not access either Firefox or IE. Ran Spybot S&D, Spyware Doctor and Registry Mechanic - made corrections as directed by these programs. Also uninstalled Firefox, IE and tried reinstall...didn't work. Tried to install Opera - that worked so from Opera I downloaded the latest version of IE and Firefox, then uninstalled Opera. Now I am being redirected on all websites that I google - whether I use Firefox or IE. I am at a loss now as both Spybot and Spyware Doctor say I do not have anything left to remove. Thank you in advance for taking a look at this.

I have turned off TeaTimer in Spybot S&D and installed and ran ERUNT as directed in the "BEFORE you POST" listing. Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:10 PM, on 10/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spyware Doctor\TFEngine\TFUN.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /QS
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9236 bytes

Blade81
2009-10-29, 12:27
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

kmd pix
2009-10-30, 04:11
Hi Blade81 - here are my log files, I had to break them up to get them to post.

DDS.txt


DDS (Ver_09-10-26.01) - NTFSx86
Run by Kyla's Laptop at 20:15:05.54 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.806 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\mshta.exe
C:\Windows\system32\mshta.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\mshta.exe
C:\Windows\system32\mshta.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyla's Laptop\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} -
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /QS
StartupFolder: c:\users\kyla's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kyla's~1\appdata\roaming\mozilla\firefox\profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-23 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-23 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-16 20384]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-23 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-13 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-23 358600]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-23 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-23 33552]
S?3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2008-1-20 21504]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-16 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]

=============== Created Last 30 ================

2009-12-28 04:00:34 18098 ----a-w- c:\windows\system32\5a6s9a5se3077z.dll
2009-12-27 22:39:13 10727 ----a-w- c:\windows\system32\822hac5to9lzf.dll
2009-12-25 01:15:55 14649 ----a-w- c:\windows\system32\544zspars57309.dll
2009-12-24 21:50:33 7714 ----a-w- c:\windows\system32\20z60spamb9t53d.ocx
2009-12-24 13:30:52 10610 ----a-w- c:\windows\system32\3559thre59z2360.exe
2009-12-24 06:51:37 13892 ----a-w- c:\windows\system32\3d64th95f19z0.ocx
2009-12-19 16:41:01 6299 ----a-w- c:\windows\system32\30085spy9z5.dll
2009-12-19 09:32:55 7959 ----a-w- c:\windows\system32\5zd7threa929386.bin
2009-12-18 16:06:20 8960 ----a-w- c:\windows\system32\15658vi9us5z8.dll
2009-12-09 03:15:46 8629 ----a-w- c:\windows\system32\157235orz9f2.exe
2009-12-08 01:40:54 2850 ----a-w- c:\windows\system32\30529wzr9563.cpl
2009-12-06 12:10:44 17619 ----a-w- c:\windows\system32\3z95vir23715.dll
2009-12-05 07:00:10 17120 ----a-w- c:\windows\system32\9fc5backdoor26z0.ocx
2009-12-04 23:34:10 15306 ----a-w- c:\windows\system32\1zb4thre9t31151.bin
2009-12-04 05:47:44 15913 ----a-w- c:\windows\system32\4151zow9loa5er3159.ocx
2009-12-02 16:32:56 15246 ----a-w- c:\windows\system32\28957sp5z15.bin
2009-12-02 16:07:14 12206 ----a-w- c:\windows\system32\5z9thief13569.bin
2009-12-02 00:40:41 15708 ----a-w- c:\windows\system32\24118z596d.bin
2009-12-01 20:24:02 3163 ----a-w- c:\windows\system32\25255t5o94cz.dll
2009-12-01 09:29:41 7529 ----a-w- c:\windows\system32\20278sp5m9otz0e.exe
2009-11-27 07:09:13 11563 ----a-w- c:\windows\system32\12211zpy2f59.ocx
2009-11-25 22:17:55 14602 ----a-w- c:\windows\system32\272zpamb5t938.ocx
2009-11-20 06:39:34 14312 ----a-w- c:\windows\system32\16bez9reat15767.ocx
2009-11-19 19:35:40 13551 ----a-w- c:\windows\system32\5339ha5ktool66z.exe
2009-11-19 13:42:42 7120 ----a-w- c:\windows\system32\997spamz5t296.dll
2009-11-18 10:12:42 5843 ----a-w- c:\windows\system32\4f75b9ckdooz2997.cpl
2009-11-11 00:15:34 17203 ----a-w- c:\windows\system32\3c2cthrezt25195.ocx
2009-10-27 23:31:37 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 02:44:44 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TM.blf
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-25 00:01:50 0 d-----w- c:\program files\Trend Micro
2009-10-24 22:20:59 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TM.blf
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-24 22:17:07 262144 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG1
2009-10-24 22:17:07 0 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG2
2009-10-24 22:11:43 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58:05 0 d-----w- c:\programdata\WindowsSearch
2009-10-24 05:19:47 17347 ----a-w- c:\windows\system32\3czev5r1509.ocx
2009-10-23 18:02:10 0 d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02:07 0 d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35:23 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35:23 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:35:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:18:12 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 14:18:12 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-23 14:18:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-23 14:18:08 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-23 13:53:53 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-23 13:53:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53:45 0 d-----w- c:\program files\common files\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\users\kyla's~1\appdata\roaming\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\programdata\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\program files\Spyware Doctor
2009-10-23 13:52:53 0 d---a-w- c:\programdata\TEMP
2009-10-23 12:59:04 9932 ----a-w- c:\windows\67z9addware2557.bin
2009-10-23 09:45:14 16794 ----a-w- c:\windows\system32\1z9bth59f342.exe
2009-10-23 03:56:51 0 ----a-w- c:\windows\rdr_1256270210.exe
2009-10-23 03:56:50 0 ----a-w- c:\windows\rdr_1256270209.exe
2009-10-23 03:56:43 0 ----a-w- c:\windows\rdr_1256270203.exe
2009-10-23 03:56:43 0 ----a-w- c:\windows\rdr_1256270202.exe
2009-10-23 03:54:44 0 d-----w- c:\users\kyla's~1\appdata\roaming\WinBatch
2009-10-23 03:46:39 2 ----a-w- c:\windows\0101120101465249.xxe
2009-10-23 03:46:39 1 ---h--w- c:\windows\tgm2.dat
2009-10-23 03:46:28 2 ----a-w- c:\windows\0101120101465349.xxe
2009-10-23 03:46:28 1 ---h--w- c:\windows\hpm2.dat
2009-10-23 03:45:28 2 ----a-w- c:\windows\0101120101465649.xxe
2009-10-23 03:45:28 1 ---h--w- c:\windows\bx4657.dat
2009-10-22 23:05:02 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-10-22 23:04:38 2 ----a-w- c:\windows\0101120101465050.xxe
2009-10-22 23:04:38 1 ---h--w- c:\windows\bk23567.dat
2009-10-22 23:04:37 2 ----a-w- c:\windows\0101120101464955.xxe
2009-10-22 23:04:36 2 ----a-w- c:\windows\010112010146116101.xxe
2009-10-22 23:03:33 2 ----a-w- c:\windows\010112010146101105.rx
2009-10-21 19:45:28 2962 ----a-w- c:\windows\653asp9rse57z3.dll
2009-10-21 01:46:11 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 01:45:42 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 15:54:32 15692 ----a-w- c:\windows\system32\20057t9oj12z.exe
2009-10-15 22:42:29 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42:21 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42:20 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41:09 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41:08 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 22:41:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 22:41:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 22:41:03 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-13 23:44:55 10405 ----a-w- c:\windows\29z2spyware750.exe
2009-10-12 08:38:01 7641 ----a-w- c:\windows\system32\21513wozm429.exe
2009-10-12 05:48:55 4611 ----a-w- c:\windows\39z81not-a-vi5us525.ocx
2009-10-10 02:46:05 6944 ----a-w- c:\windows\system32\3d3z9hief435.cpl
2009-10-09 19:27:45 10092 ----a-w- c:\windows\system32\1323spy5z59.cpl
2009-10-07 23:54:38 4080 ----a-w- c:\windows\z4839tro5298.exe
2009-10-05 11:43:02 9693 ----a-w- c:\windows\15zethief921.exe
2009-10-04 18:24:32 8365 ----a-w- c:\windows\system32\2787threa95z52.exe
2009-10-03 06:46:38 16636 ----a-w- c:\windows\system32\537zsp59se1572.dll
2009-10-03 02:45:56 9980 ----a-w- c:\windows\system32\5b2dthz5f24569.ocx
2009-10-03 00:34:11 15926 ----a-w- c:\windows\11z74hac59ool7c2.exe
2009-10-02 22:26:58 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-23 13:52:54 7302 ----a-w- c:\windows\2z5555or95b.exe
2009-10-23 13:52:54 3319 ----a-w- c:\windows\3314thze5t99659.bin
2009-10-23 13:52:54 18329 ----a-w- c:\windows\39c6spar95179z.bin
2009-10-23 13:52:54 16643 ----a-w- c:\windows\3560zpar9e2375.dll
2009-10-23 13:52:54 16568 ----a-w- c:\windows\37ddown5oader893z.bin
2009-10-23 13:52:54 14858 ----a-w- c:\windows\54c69ir5103z.dll
2009-10-23 13:52:54 14084 ----a-w- c:\windows\935ezir31975.bin
2009-10-23 13:52:54 13208 ----a-w- c:\windows\7272zpars53982.dll
2009-10-23 13:52:53 9523 ----a-w- c:\windows\2afzs9e5l3039.bin
2009-10-23 13:52:53 7862 ----a-w- c:\windows\22996zackt5ol97a.bin
2009-10-23 13:52:53 11729 ----a-w- c:\windows\106fspywa5ez099.dll
2009-09-26 15:59:13 10320 ----a-w- c:\windows\system32\75a89ir7z1.exe
2009-09-25 15:50:20 12423 ----a-w- c:\windows\14098hackt95z566.dll
2009-09-25 01:23:29 14236 ----a-w- c:\windows\95z9s5yware2226.dll
2009-09-23 08:26:21 2975 ----a-w- c:\windows\7z79sparse9205.dll
2009-09-21 12:42:48 6423 ----a-w- c:\windows\19z0vi95992.bin
2009-09-20 21:13:41 8941 ----a-w- c:\windows\17262z9ru5779.exe
2009-09-19 19:43:02 11869 ----a-w- c:\windows\system32\38f8dowzloade92905.dll
2009-09-19 19:14:36 3286 ----a-w- c:\windows\98659izus3d.exe
2009-09-18 23:04:31 8093 ----a-w- c:\windows\7f9aaddwarz3951.bin
2009-09-18 20:13:08 14716 ----a-w- c:\windows\5a9dazdware1203.dll
2009-09-18 07:15:20 6347 ----a-w- c:\windows\5b5ab59kdoor291z.bin
2009-09-15 03:07:08 4528 ----a-w- c:\windows\system32\5066ba9kzoor10595.dll
2009-09-14 09:44:57 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-13 11:40:09 10999 ----a-w- c:\windows\system32\32965hack5ooz2f5.bin
2009-09-12 21:22:25 3897 ----a-w- c:\windows\system32\5214znot-a-virus594.dll
2009-09-12 16:30:03 12790 ----a-w- c:\windows\system32\zd77addware2859.bin
2009-09-12 05:33:57 17679 ----a-w- c:\windows\system32\51570viruz5759.bin
2009-09-11 16:26:23 16503 ----a-w- c:\windows\1z958hack9ool5d8.exe
2009-09-08 02:33:11 13173 ----a-w- c:\windows\6a215ownloade9321z.dll
2009-09-05 00:21:15 16269 ----a-w- c:\windows\system32\32d8baczdo5r6819.dll
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 03:52:14 6323 ----a-w- c:\windows\3899thr5at64z4.bin
2009-09-01 20:56:45 16772 ----a-w- c:\windows\31489hac5zoo92df.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-24 06:30:10 14131 ----a-w- c:\windows\system32\54z07tro94a6.exe
2009-08-18 23:37:35 15734 ----a-w- c:\windows\system32\675a9ownloader2767z.bin
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:58:04 5450 ----a-w- c:\windows\system32\22cazd5ware795.bin
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-16 15:06:39 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-16 01:43:34 3786 ----a-w- c:\windows\51794wozm313.bin
2009-08-15 11:47:45 15597 ----a-w- c:\windows\system32\39abthze59065.bin
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 08:29:38 13917 ----a-w- c:\windows\system32\5258backdoo92824z.exe
2009-08-09 13:44:16 5538 ----a-w- c:\windows\system32\9569spy66z.dll
2009-08-09 09:16:56 3417 ----a-w- c:\windows\system32\2668addwa952276z.dll
2009-08-07 20:03:57 6927 ----a-w- c:\windows\system32\53b3th5eat1699z.bin
2009-08-07 17:18:23 18086 ----a-w- c:\windows\system32\11333spy5z9.dll
2009-08-03 08:01:42 16651 ----a-w- c:\windows\system32\zbc29i51432.dll
2009-08-02 13:33:30 3755 ----a-w- c:\windows\system32\28522not-a-vi9usz5b.bin
2008-08-18 18:36:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-08 19:20:21 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-02-08 19:20:19 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 20:16:49.59 ===============

kmd pix
2009-10-30, 04:12
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2008 7:43:19 AM
System Uptime: 10/25/2009 11:04:00 PM (93 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 96.837 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP213: 10/23/2009 11:05:30 PM - Windows Vista™ Service Pack 2
RP214: 10/24/2009 2:34:15 PM - Windows Update
RP216: 10/24/2009 5:14:48 PM - Made by Registry Mechanic
RP217: 10/24/2009 6:40:29 PM - Installed Opera 10.00.
RP219: 10/25/2009 5:35:41 PM - Made by Registry Mechanic
RP221: 10/25/2009 5:43:23 PM - Made by Registry Mechanic
RP223: 10/25/2009 10:29:16 PM - Removed FaceFilter Standard Edition
RP224: 10/25/2009 10:30:48 PM - Removed Opera 10.00.
RP225: 10/26/2009 9:29:35 PM - Scheduled Checkpoint
RP226: 10/28/2009 3:00:24 AM - Windows Update
RP227: 10/28/2009 9:42:57 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AutoUpdate
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
Google Desktop
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 15
Java(TM) 6 Update 6
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XML Parser
MKV Splitter
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
Picasa 2
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Registry Mechanic 7.0
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
Spybot - Search & Destroy
Spyware Doctor 7.0
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player
WildTangent Games
Windows Media Encoder 9 Series

==== Event Viewer Messages From Past Week ========

10/26/2009 8:55:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
10/26/2009 6:07:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
10/25/2009 9:13:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
10/24/2009 5:21:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
10/24/2009 5:21:01 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/24/2009 5:20:56 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
10/24/2009 2:34:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Windows Vista Service Pack 2 (KB948465).
10/23/2009 9:43:29 AM, Error: Service Control Manager [7023] - The fioo32 service terminated with the following error: The specified module could not be found.
10/23/2009 9:35:24 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/23/2009 9:22:01 AM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The specified module could not be found.
10/23/2009 11:25:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
10/23/2009 10:18:39 AM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2009 3:04:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/22/2009 3:04:23 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/22/2009 10:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/22/2009 10:41:06 PM, Error: Service Control Manager [7022] - The fioo32 service hung on starting.

==== End Of File ===========================

kmd pix
2009-10-30, 04:21
Part 1 of GMER text:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-29 20:57:27
Windows 6.0.6001 Service Pack 1
Running: ghplc47y.exe; Driver: C:\Users\KYLA'S~1\AppData\Local\Temp\ugryrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8291CCDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8291CECE]
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x82951B30]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8291D0D6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 43C 81ED2A00 3 Bytes [DC, CC, 91] {FMUL ST(4), ST; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 440 81ED2A04 3 Bytes [CE, CE, 91] {INTO ; INTO ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 854 81ED2E18 4 Bytes [30, 1B, 95, 82]
.text ntkrnlpa.exe!KeSetTimerEx + 918 81ED2EDC 4 Bytes [D6, D0, 91, 82]
? \ArcName\multi(0)disk(0)rdisk(0)partition(2)\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtClose 775C7F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtClose + 4 775C7F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateFile 775C8008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateFile + 4 775C800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateKey 775C8048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateKey + 4 775C804C 2 Bytes [05, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateProcess 775C80C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateProcess + 4 775C80CC 2 Bytes [29, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateProcessEx 775C80D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateProcessEx + 4 775C80DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateSection 775C80F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateSection + 4 775C80FC 2 Bytes [23, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtDeleteKey 775C83F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtDeleteKey + 4 775C83FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtDeleteValueKey 775C8428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtDeleteValueKey + 4 775C842C 2 Bytes [11, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtRenameKey 775C8CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtRenameKey + 4 775C8CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtSetInformationFile 775C8F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtSetInformationFile + 4 775C8F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtSetValueKey 775C9088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtSetValueKey + 4 775C908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtTerminateProcess 775C9128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtTerminateProcess + 4 775C912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtWriteFile 775C9278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtWriteFile + 4 775C927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtWriteFileGather 775C9288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtWriteFileGather + 4 775C928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtWriteVirtualMemory 775C92A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 775C92AC 2 Bytes [32, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateUserProcess 775C9438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[592] ntdll.dll!NtCreateUserProcess + 4 775C943C 2 Bytes [26, 5F]
.text C:\Windows\system32\agrsmsvc.exe[592] kernel32.dll!LoadLibraryExW 76F930C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtClose 775C7F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtClose + 4 775C7F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateFile 775C8008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateFile + 4 775C800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateKey 775C8048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateKey + 4 775C804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateProcess 775C80C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateProcess + 4 775C80CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateProcessEx 775C80D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateProcessEx + 4 775C80DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateSection 775C80F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateSection + 4 775C80FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtDeleteKey 775C83F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtDeleteKey + 4 775C83FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtDeleteValueKey 775C8428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtDeleteValueKey + 4 775C842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtRenameKey 775C8CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtRenameKey + 4 775C8CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtSetInformationFile 775C8F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtSetInformationFile + 4 775C8F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtSetValueKey 775C9088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtSetValueKey + 4 775C908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtTerminateProcess 775C9128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtTerminateProcess + 4 775C912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtWriteFile 775C9278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtWriteFile + 4 775C927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtWriteFileGather 775C9288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtWriteFileGather + 4 775C928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtWriteVirtualMemory 775C92A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtWriteVirtualMemory + 4 775C92AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateUserProcess 775C9438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] ntdll.dll!NtCreateUserProcess + 4 775C943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[612] kernel32.dll!LoadLibraryExW 76F930C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtClose 775C7F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtClose + 4 775C7F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateFile 775C8008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateFile + 4 775C800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateKey 775C8048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateKey + 4 775C804C 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcess 775C80C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcess + 4 775C80CC 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcessEx 775C80D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcessEx + 4 775C80DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateSection 775C80F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateSection + 4 775C80FC 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteKey 775C83F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteKey + 4 775C83FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteValueKey 775C8428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteValueKey + 4 775C842C 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtRenameKey 775C8CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtRenameKey + 4 775C8CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetInformationFile 775C8F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetInformationFile + 4 775C8F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetValueKey 775C9088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetValueKey + 4 775C908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtTerminateProcess 775C9128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtTerminateProcess + 4 775C912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFile 775C9278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFile + 4 775C927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFileGather 775C9288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFileGather + 4 775C928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteVirtualMemory 775C92A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 775C92AC 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateUserProcess 775C9438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateUserProcess + 4 775C943C 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!LoadLibraryExW 76F930C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtClose 775C7F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtClose + 4 775C7F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateFile 775C8008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateFile + 4 775C800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateKey 775C8048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateKey + 4 775C804C 2 Bytes [05, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateProcess 775C80C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateProcess + 4 775C80CC 2 Bytes [29, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateProcessEx 775C80D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateProcessEx + 4 775C80DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateSection 775C80F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateSection + 4 775C80FC 2 Bytes [23, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtDeleteKey 775C83F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtDeleteKey + 4 775C83FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtDeleteValueKey 775C8428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtDeleteValueKey + 4 775C842C 2 Bytes [11, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtRenameKey 775C8CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtRenameKey + 4 775C8CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtSetInformationFile 775C8F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtSetInformationFile + 4 775C8F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtSetValueKey 775C9088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtSetValueKey + 4 775C908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtTerminateProcess 775C9128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtTerminateProcess + 4 775C912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtWriteFile 775C9278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtWriteFile + 4 775C927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtWriteFileGather 775C9288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtWriteFileGather + 4 775C928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtWriteVirtualMemory 775C92A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 775C92AC 2 Bytes [32, 5F]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateUserProcess 775C9438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[680] ntdll.dll!NtCreateUserProcess + 4 775C943C 2 Bytes [26, 5F]
.text C:\Windows\system32\wininit.exe[680] kernel32.dll!LoadLibraryExW 76F930C3 6 Bytes JMP 5F070F5A

kmd pix
2009-10-30, 05:32
Part 38 of GMER text:

IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeviceIoControl] 70990000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 70E40000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!CreateServiceA] 711C0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DeviceIoControl] 70990000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeviceIoControl] 70990000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] 70E00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeviceIoControl] 70990000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] 70E00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\SAMLIB.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] 70C10000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeviceIoControl] 70990000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] 70E80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] 70D80000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] 70580000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] 70EC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] 70BD0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 708F0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 71690000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadResource] 70B00000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExA] 70DC0000
IAT C:\Windows\system32\mshta.exe[5180] @ C:\Windows\system32\IPHLPAPI.DLL [ADVAPI32.dll!RegQueryValueExW] 70D80000

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys

Device \Driver\iaStor \Device\Ide\iaStor0 [8284AEAE] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8284AEAE] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8284AEAE] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Blade81
2009-10-30, 08:34
Hi,

I removed some posts related to your GMER log since those were taking only space here.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

kmd pix
2009-10-31, 02:51
ComboFix 09-10-30.01 - Kyla's Laptop 10/30/2009 17:54.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.867 [GMT -5:00]
Running from: c:\users\Kyla's Laptop\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3263087516-1746803172-730395602-500
c:\windows\010112010146101105.rx
c:\windows\010112010146116101.xxe
c:\windows\0101120101464955.xxe
c:\windows\0101120101465050.xxe
c:\windows\0101120101465249.xxe
c:\windows\0101120101465349.xxe
c:\windows\0101120101465649.xxe
c:\windows\1009ztea51547.dll
c:\windows\10295hz5ktool589.exe
c:\windows\106fspywa5ez099.dll
c:\windows\1088z5p9191.dll
c:\windows\10bzst9al5024.ocx
c:\windows\1115addwaze1619.ocx
c:\windows\11342tr5z9e0.cpl
c:\windows\11718vzrus1459.bin
c:\windows\11z74hac59ool7c2.exe
c:\windows\12555spambzt5e99.dll
c:\windows\12561wo5m4z59.bin
c:\windows\12b9zteal2059.dll
c:\windows\13325spambo59zc.cpl
c:\windows\14098hackt95z566.dll
c:\windows\145s5ywzr91072.cpl
c:\windows\14740not-9-5irus772z.cpl
c:\windows\14958wo9z63c.cpl
c:\windows\14z83hackt9o575a.bin
c:\windows\15009ziru9737.ocx
c:\windows\15076trzj690.ocx
c:\windows\150z8spy9e5.dll
c:\windows\151fdow9lozder5847.ocx
c:\windows\155bspzwa9e5330.bin
c:\windows\15912tro5z93.bin
c:\windows\159aspar9ez433.exe
c:\windows\15d9th9eatz0575.exe
c:\windows\15zethief921.exe
c:\windows\16464hazktoo9357.bin
c:\windows\17055n9t-a-vzrus53e.exe
c:\windows\171tzreat85955.ocx
c:\windows\17262z9ru5779.exe
c:\windows\17560z9y653.exe
c:\windows\179dthiez2572.dll
c:\windows\17b0vz5919.ocx
c:\windows\18109not-a-vzrus598.ocx
c:\windows\185955pam9oz516.exe
c:\windows\19073s5amboz7f5.bin
c:\windows\19140troz5b0.bin
c:\windows\19151spambotz0b.ocx
c:\windows\1925downloader110z.bin
c:\windows\193749ackt5oz36d.dll
c:\windows\19391vizu5268.cpl
c:\windows\19408zroj695.exe
c:\windows\19557wo9ma4z.exe
c:\windows\19825wor51z49.bin
c:\windows\19dzsparse3575.exe
c:\windows\19z0vi95992.bin
c:\windows\19z66sp57a9.dll
c:\windows\1c1fsteal98z5.ocx
c:\windows\1c8thzef915.bin
c:\windows\1c9adownlzader1295.cpl
c:\windows\1cd9th5eaz34069.cpl
c:\windows\1f9bsparsez9545.bin
c:\windows\1fe9v5r207z.bin
c:\windows\1z304t9oj3f55.cpl
c:\windows\1z3cthreat95580.dll
c:\windows\1z958hack9ool5d8.exe
c:\windows\1zdcthi9f20585.cpl
c:\windows\20135azk9oor1992.ocx
c:\windows\211z9not5a-virus9e4.ocx
c:\windows\22076not-a5vi9us17dz.dll
c:\windows\2209z9roj5e0.dll
c:\windows\22129s5y2z0.ocx
c:\windows\22231ha5kzoo959d.cpl
c:\windows\223z1not-a-virus59.dll
c:\windows\228ezackd9or3151.cpl
c:\windows\22905spamboz3cf5.ocx
c:\windows\22996zackt5ol97a.bin
c:\windows\229z9v5rus6b.dll
c:\windows\22z639irus510.cpl
c:\windows\231fad5warz29209.bin
c:\windows\23850vizus6fa9.ocx
c:\windows\24446n95-a-virzs375.dll
c:\windows\244d9ack5oor20z4.dll
c:\windows\24701not95-virus4z0.cpl
c:\windows\2485t9reat5z69.bin
c:\windows\2498zvi5us619.ocx
c:\windows\24d4spa9se135z.cpl
c:\windows\25259hzcktool2b4.ocx
c:\windows\25515z9rm704.dll
c:\windows\25669spyz505.bin
c:\windows\25a1thiez2921.exe
c:\windows\25zespa9se2453.cpl
c:\windows\26974zpambo53be.exe
c:\windows\26z62spa59ot4a4.dll
c:\windows\27090tr5j28z.cpl
c:\windows\274z9troj26d5.bin
c:\windows\27716tro943z5.cpl
c:\windows\277319zambot585.ocx
c:\windows\27917wor54f4z.cpl
c:\windows\27968not9z-virus495.ocx
c:\windows\286275oz9a-virus191.exe
c:\windows\28d1s9ywar51702z.bin
c:\windows\29098not-a-vi9us4ze5.ocx
c:\windows\294925zrm2419.bin
c:\windows\29511not-a-vir95z8d.dll
c:\windows\297605zrm22c.dll
c:\windows\297925rojz9.bin
c:\windows\297z9not-a5virus9d5.dll
c:\windows\299565py557z.dll
c:\windows\29cedzwnloa5er24.cpl
c:\windows\29dzsparse21265.dll
c:\windows\29z2spyware750.exe
c:\windows\2afzs9e5l3039.bin
c:\windows\2az0dow9loa5er1433.exe
c:\windows\2d4c5pywaze1915.exe
c:\windows\2d99downzoade5259.ocx
c:\windows\2e6bthr9atz577.bin
c:\windows\2fz9spyware2950.exe
c:\windows\2fzfthr59t5401.ocx
c:\windows\2z410wor95c5.ocx
c:\windows\2z5555or95b.exe
c:\windows\2z5fbackd9or20815.exe
c:\windows\3033wozm59b.ocx
c:\windows\30368spamb9t55z.exe
c:\windows\30375zr5j179.cpl
c:\windows\304ftz5e9t5170.exe
c:\windows\31319spambot5z0.dll
c:\windows\31489hac5zoo92df.dll
c:\windows\32401nzt-a5vir9sc8.exe
c:\windows\3314thze5t99659.bin
c:\windows\3398stezl2571.exe
c:\windows\3447st9z53023.cpl
c:\windows\34e2z5ck9oor3021.dll
c:\windows\35212hacktozl479.ocx
c:\windows\35367spambo9z0a.dll
c:\windows\354039otza-virus5f9.dll
c:\windows\355bac9dooz3268.bin
c:\windows\3560zpar9e2375.dll
c:\windows\357959oj69z.bin
c:\windows\366zthi592436.exe
c:\windows\372f5zeal15899.bin
c:\windows\37ddown5oader893z.bin
c:\windows\388t9re5t49z6.exe
c:\windows\3899thr5at64z4.bin
c:\windows\39112s5azbot6b1.exe
c:\windows\395zspy16c.ocx
c:\windows\39698hackzool5d6.cpl
c:\windows\398ztroj5959.cpl
c:\windows\39c6spar95179z.bin
c:\windows\39z81not-a-vi5us525.ocx
c:\windows\3az8down5oader916.exe
c:\windows\3b495dwzre508.ocx
c:\windows\3d565hreatz9869.exe
c:\windows\3dcazhief9235.cpl
c:\windows\3e49vzr953.ocx
c:\windows\3f555py9zre1333.cpl
c:\windows\3z3bdown5oade9576.exe
c:\windows\420zb5ckdo9r945.exe
c:\windows\423a9pywaze1255.exe
c:\windows\4341spyware2597z.exe
c:\windows\4450azdware6995.bin
c:\windows\46b9thief359z.dll
c:\windows\4788not-a-5irus9a9z.exe
c:\windows\490cvzr15435.exe
c:\windows\4916backdo9r875z.ocx
c:\windows\4948stezl1505.exe
c:\windows\495av9r68z.bin
c:\windows\495csparz91943.dll
c:\windows\4964not-a-9ir5s3z.bin
c:\windows\49ezv5r3225.ocx
c:\windows\49zdsp5ware7.exe
c:\windows\4c25spywa5e110z9.ocx
c:\windows\4c91z95ware3231.ocx
c:\windows\4eaezh9eat1506.ocx
c:\windows\4f64b5zkdoo91260.exe
c:\windows\4f97virz985.bin
c:\windows\4fa69irz7835.dll
c:\windows\4ffbackdoor393z5.exe
c:\windows\4z04th5ef5659.dll
c:\windows\4z3sparse5429.ocx
c:\windows\4z59troj3785.cpl
c:\windows\5046viz1529.exe
c:\windows\5069szeal24625.exe
c:\windows\511z9s9y42f.cpl
c:\windows\512bacz9oor558.ocx
c:\windows\513759z83.bin
c:\windows\51794wozm313.bin
c:\windows\518aa9dwzre2574.bin
c:\windows\5194wzrm793.exe
c:\windows\52216not-z-virus91a.exe
c:\windows\5285virus19z.cpl
c:\windows\52bspa9se24z2.cpl
c:\windows\53458hacktool995z.dll
c:\windows\538csparse2992z.dll
c:\windows\53f1zhie9158.cpl
c:\windows\5411hack5z9l3a8.exe
c:\windows\54309spy205z.cpl
c:\windows\54b5vzr91235.cpl
c:\windows\54c69ir5103z.dll
c:\windows\550trz94b3.dll
c:\windows\5522spambot59az.bin
c:\windows\5532a9dware35z.cpl
c:\windows\5535vzr3199.exe
c:\windows\5598z9r2456.bin
c:\windows\559cbackzoor1949.ocx
c:\windows\55b7spa5sz9712.cpl
c:\windows\55e75ackdoor1z97.ocx
c:\windows\55z1steal1925.cpl
c:\windows\55z5spar9e1156.bin
c:\windows\55zfth9ef2888.ocx
c:\windows\5615t95ef27z9.cpl
c:\windows\56614trzj98f.exe
c:\windows\573bthre5t3039z.cpl
c:\windows\5757spz9are1673.bin
c:\windows\57dcsparsz9273.dll
c:\windows\5849st9al2755z.cpl
c:\windows\5902wz9m635.ocx
c:\windows\5941thr5atz055.ocx
c:\windows\59986wzrm55c.dll
c:\windows\5999zorm765.cpl
c:\windows\59bdbackdoorz14.cpl
c:\windows\59dd59reat4z.dll
c:\windows\59z39vir9se0.dll
c:\windows\5a08spar5z459.ocx
c:\windows\5a9dazdware1203.dll
c:\windows\5aa4zp5w9re559.bin
c:\windows\5b40spywarez4859.exe
c:\windows\5b5ab59kdoor291z.bin
c:\windows\5bbf9ir259z.cpl
c:\windows\5bc8zownl59der3013.bin
c:\windows\5befthre5t90z96.exe
c:\windows\5cf9thre9t542z5.exe
c:\windows\5d5ead9wz5e208.dll
c:\windows\5d9zsparse789.bin
c:\windows\5df1adzw9re9535.bin
c:\windows\5dz9spyw5re15509.dll
c:\windows\5f55ste9512z9.dll
c:\windows\5f65s59az518.bin
c:\windows\5z55steal96515.ocx
c:\windows\5z8bsparse51559.exe
c:\windows\61545pazbot3499.cpl
c:\windows\634bszea91659.bin
c:\windows\64d19z5ef2456.exe
c:\windows\653asp9rse57z3.dll
c:\windows\6583spambo958z.cpl
c:\windows\6583thi9f277z.ocx
c:\windows\6598hac9tooz191.bin
c:\windows\65bddo9nloazer725.bin
c:\windows\65d0b5ckdoo9215z.cpl
c:\windows\65efzddware9845.bin
c:\windows\65fzdown9oader1953.exe
c:\windows\666bsparse5z49.exe
c:\windows\6681spywa9e3z345.ocx
c:\windows\66dzsparse5059.cpl
c:\windows\67z9addware2557.bin
c:\windows\6957zt5al981.ocx
c:\windows\6a215ownloade9321z.dll
c:\windows\6bz1ad9w5re2926.bin
c:\windows\6e48azd95re1219.cpl
c:\windows\7003threz590242.bin
c:\windows\7050spa9se10z7.bin
c:\windows\70ze9hre5t7021.bin
c:\windows\718cbackdo9r775z.exe
c:\windows\71b8t5rza920778.cpl
c:\windows\71down9o5der22z4.dll
c:\windows\7272zpars53982.dll
c:\windows\72d2spyware395z.bin
c:\windows\755eazd9are1890.cpl
c:\windows\755zspam9ote2.cpl
c:\windows\7597n9t-a-virz5258.ocx
c:\windows\7675not9a-zirus20a5.bin
c:\windows\7965spzrse2547.cpl
c:\windows\7975sp5zse959.ocx
c:\windows\7990hackzool175.cpl
c:\windows\799bzpar5e2026.exe
c:\windows\79c9sp9rse5180z.cpl
c:\windows\79fespyware55z5.ocx
c:\windows\7a7cdo9n5oader14z4.cpl
c:\windows\7aczackdoo59557.cpl
c:\windows\7d06zh5ef3449.dll
c:\windows\7eacbackzoor5910.cpl
c:\windows\7edspy5arz1595.ocx
c:\windows\7f9aaddwarz3951.bin
c:\windows\7f9fzdd5are503.dll
c:\windows\7fz7spars9656.bin
c:\windows\7z659ir2996.dll
c:\windows\7z79sparse9205.dll
c:\windows\7zcaspy5a9e1937.dll
c:\windows\8035zr1359.bin
c:\windows\8568sp529z.bin
c:\windows\8598sp5mbot7zd9.bin
c:\windows\8777sp5zbo9431.bin
c:\windows\8a7spzw5re569.bin
c:\windows\9042zhief2539.dll
c:\windows\90935roj192z.exe
c:\windows\91319spamzot75e.dll
c:\windows\913zspywa5e747.bin
c:\windows\916dth5efz333.dll
c:\windows\91855hacktool2bz.dll
c:\windows\925z3worm4d5.ocx
c:\windows\9276spzware5562.exe
c:\windows\9352s9am5ot75cz.exe
c:\windows\935ezir31975.bin
c:\windows\94598wozm780.bin
c:\windows\95083spambztfd5.cpl
c:\windows\9515worm65z.cpl
c:\windows\9525wozm9b8.dll
c:\windows\95730not-a-virz53bd.ocx
c:\windows\959ztr5j1fc.dll
c:\windows\95z9s5yware2226.dll
c:\windows\9623z95mbot19e.dll
c:\windows\965ethreat3109z.ocx
c:\windows\9771wor54dz.ocx
c:\windows\97d0szyware5748.exe
c:\windows\985virus395z.exe
c:\windows\98659izus3d.exe
c:\windows\9877ad5warz1768.dll
c:\windows\98993hacktoo540cz.dll
c:\windows\989zs9ambot592.dll
c:\windows\98e5addwzre596.cpl
c:\windows\9954sz95f0.exe
c:\windows\99612worm95z.exe
c:\windows\9a3fth5zat32221.ocx
c:\windows\9d80vzr5279.ocx
c:\windows\9z70worm752.bin
c:\windows\9zbaddware27175.exe
c:\windows\b0c5h9eat2z272.bin
c:\windows\b5asparsez979.cpl
c:\windows\bk23567.dat
c:\windows\c25spywaz91205.dll
c:\windows\ce9thzeat26745.exe
c:\windows\d5vir2z369.cpl
c:\windows\de5threatz9490.exe
c:\windows\f91t5reaz17922.dll
c:\windows\rdr_1256270202.exe
c:\windows\rdr_1256270203.exe
c:\windows\rdr_1256270209.exe
c:\windows\rdr_1256270210.exe
c:\windows\system32\1069backz5or300.ocx
c:\windows\system32\109729oz-a-v5rus4be.bin
c:\windows\system32\1098backd9o5304z.bin
c:\windows\system32\111879pambzt75c.cpl
c:\windows\system32\1124z5r91d1.dll
c:\windows\system32\11333spy5z9.dll
c:\windows\system32\11559notza-vi9u554.dll
c:\windows\system32\11797not-a-vi59s6ez.bin
c:\windows\system32\11z0t5reat23769.dll
c:\windows\system32\1207ste5l699z.cpl
c:\windows\system32\12211zpy2f59.ocx
c:\windows\system32\12389s9y2za5.bin
c:\windows\system32\124965pambotz58.cpl
c:\windows\system32\12627tz9j2e5.bin
c:\windows\system32\129z95r2304.bin
c:\windows\system32\1323spy5z59.cpl
c:\windows\system32\1399sp5rsez594.cpl
c:\windows\system32\1425s5y9arz120.ocx
c:\windows\system32\14506tzo57619.cpl
c:\windows\system32\14z859ir5s641.bin
c:\windows\system32\15069z9oj70e.exe
c:\windows\system32\1509th95at1789z.exe
c:\windows\system32\151z4spy5f69.cpl
c:\windows\system32\15309virzs795.dll
c:\windows\system32\154z2virus92f.cpl
c:\windows\system32\1552z5pamb9t28e.cpl
c:\windows\system32\1552zroj59.ocx
c:\windows\system32\15569dzware627.cpl
c:\windows\system32\15569hacktozl90b.exe
c:\windows\system32\15658vi9us5z8.dll
c:\windows\system32\15666wo9z122.ocx
c:\windows\system32\157235orz9f2.exe
c:\windows\system32\159fthief1284z.dll
c:\windows\system32\15z095rm175.bin
c:\windows\system32\16325wo5m9ze.ocx
c:\windows\system32\16453virz5519.cpl
c:\windows\system32\16921w9rm5bz.bin
c:\windows\system32\16bez9reat15767.ocx
c:\windows\system32\17246wzrm94a5.ocx
c:\windows\system32\17365worm59ez.dll
c:\windows\system32\174135pamboz3e9.ocx
c:\windows\system32\17513spamb59z97.ocx
c:\windows\system32\17z6spywa5e984.bin
c:\windows\system32\18453ha5kto9lzd0.ocx
c:\windows\system32\19138not-a-v5zus6f7.cpl
c:\windows\system32\195atzief5960.ocx
c:\windows\system32\195bdow5load9r1197z.ocx
c:\windows\system32\195z9n5t-a-virus6019.cpl
c:\windows\system32\19783wo5m3c8z.ocx
c:\windows\system32\1a905zyware300.dll
c:\windows\system32\1b6evzr5953.bin
c:\windows\system32\1c2fbac5doorz983.cpl
c:\windows\system32\1c92stealz599.cpl
c:\windows\system32\1da6s9ar5e6z2.cpl
c:\windows\system32\1e95iz492.cpl
c:\windows\system32\1z387worm59.exe
c:\windows\system32\1z54vir25529.exe
c:\windows\system32\1z552v5rus39a.dll
c:\windows\system32\1z659t9oj65e.cpl
c:\windows\system32\1z706tro91095.cpl
c:\windows\system32\1z79vir30185.bin
c:\windows\system32\1z9bth59f342.exe
c:\windows\system32\1z9ds95rse746.dll
c:\windows\system32\1zb4thre9t31151.bin
c:\windows\system32\20057t9oj12z.exe
c:\windows\system32\20278sp5m9otz0e.exe
c:\windows\system32\205189i5uz5b4.dll
c:\windows\system32\20z0a9dwa5e191.ocx
c:\windows\system32\20z60spamb9t53d.ocx
c:\windows\system32\21293wzrm5325.bin
c:\windows\system32\2138znot-9-5irus525.dll
c:\windows\system32\21482z9y5d5.bin
c:\windows\system32\21513wozm429.exe
c:\windows\system32\2192sza5bot595.dll
c:\windows\system32\22895spam9otz215.exe
c:\windows\system32\22cazd5ware795.bin
c:\windows\system32\23650sp9mzot16e.ocx
c:\windows\system32\2406s9ambotz75.cpl
c:\windows\system32\24118z596d.bin
c:\windows\system32\24ccvi59493z.bin
c:\windows\system32\25255t5o94cz.dll
c:\windows\system32\25390troj55z.ocx
c:\windows\system32\25531not-a9virusz3.dll
c:\windows\system32\255z59orm626.ocx
c:\windows\system32\2591thiez335.ocx
c:\windows\system32\25a3vzr3179.ocx
c:\windows\system32\25e7z9r3205.cpl
c:\windows\system32\25f5s59rse3z48.exe
c:\windows\system32\25z39pambotd8.ocx
c:\windows\system32\25zedow59oader3210.bin
c:\windows\system32\26565h9cz5ool33d.cpl
c:\windows\system32\2668addwa952276z.dll
c:\windows\system32\2719zvirus5915.bin
c:\windows\system32\272699ac5tool4bez.ocx
c:\windows\system32\272zpamb5t938.ocx
c:\windows\system32\2787threa95z52.exe
c:\windows\system32\27cbvi941z5.cpl
c:\windows\system32\27z54wo5m9da.exe
c:\windows\system32\2845hzc5tool2129.exe
c:\windows\system32\2850download5r9560z.cpl
c:\windows\system32\28522not-a-vi9usz5b.bin
c:\windows\system32\28910vi5us6za.ocx
c:\windows\system32\28957sp5z15.bin
c:\windows\system32\290z7vi5usac.cpl
c:\windows\system32\29169tr9z154.bin
c:\windows\system32\292589pz243.cpl
c:\windows\system32\2945zworm5e9.bin
c:\windows\system32\29494wor5z21.exe
c:\windows\system32\29507hac9zool16d.ocx
c:\windows\system32\29552worm7z9.cpl
c:\windows\system32\29605not-a-v5rus5z1.exe
c:\windows\system32\29895zpyae.bin
c:\windows\system32\299389a5ktooz249.ocx
c:\windows\system32\29949hacktozl55c.ocx
c:\windows\system32\299605pyz909.exe
c:\windows\system32\299zspar5e2559.ocx
c:\windows\system32\29abdow5loader1z9.dll
c:\windows\system32\2a0s9z5are2197.cpl
c:\windows\system32\2a50ad9wzre2651.ocx
c:\windows\system32\2azcspyware27995.dll
c:\windows\system32\2c5c5a9kzoor909.exe
c:\windows\system32\2ce5downl5adez2569.cpl
c:\windows\system32\2d2bthze9t1115.dll
c:\windows\system32\2defadzwa9e2952.ocx
c:\windows\system32\2z055viru92ac.bin
c:\windows\system32\2z059rus4b1.exe
c:\windows\system32\2z099troj59a5.exe
c:\windows\system32\2z685p95db.dll
c:\windows\system32\2z6ct5ief9938.cpl
c:\windows\system32\2z98addwa5e2727.bin
c:\windows\system32\30085spy9z5.dll
c:\windows\system32\3019hac9zo5l457.exe
c:\windows\system32\30469n5t-a-vizus398.cpl
c:\windows\system32\30529wzr9563.cpl
c:\windows\system32\30799spyz5c9.ocx
c:\windows\system32\307bzackdo9r5239.cpl
c:\windows\system32\3099hazktool652.dll
c:\windows\system32\30fz5ir9554.bin
c:\windows\system32\31586not-a5vi9uz7e4.exe
c:\windows\system32\31650spzmb5t198.exe
c:\windows\system32\32056s9amboz5c.bin
c:\windows\system32\32389spazb9t530.ocx
c:\windows\system32\3259thrzat95304.ocx
c:\windows\system32\32959wzrm1325.exe
c:\windows\system32\32965hack5ooz2f5.bin
c:\windows\system32\32d8baczdo5r6819.dll
c:\windows\system32\3351tro914z.ocx
c:\windows\system32\3398backzo952989.cpl
c:\windows\system32\3513zt9al2995.ocx
c:\windows\system32\3559thre59z2360.exe
c:\windows\system32\359959izus4ad.bin
c:\windows\system32\36zbs9ars553.ocx
c:\windows\system32\38e9threa557z9.dll
c:\windows\system32\38f8dowzloade92905.dll
c:\windows\system32\38f9ba5kdzor2099.ocx
c:\windows\system32\39135pamb9t4z9.bin
c:\windows\system32\39abthze59065.bin
c:\windows\system32\3a59szeal1669.dll
c:\windows\system32\3bb69ir785z.ocx
c:\windows\system32\3c2cthrezt25195.ocx
c:\windows\system32\3czev5r1509.ocx
c:\windows\system32\3d3z9hief435.cpl
c:\windows\system32\3d64th95f19z0.ocx
c:\windows\system32\3d93steaz1459.bin
c:\windows\system32\3db59hrez54010.dll
c:\windows\system32\3e99bzc9door865.cpl
c:\windows\system32\3ecbszyw9re13305.exe
c:\windows\system32\3ezbs9eal3145.bin
c:\windows\system32\3f9v5z2912.ocx
c:\windows\system32\3fz5spyw5r9157.dll
c:\windows\system32\3z759hief2988.ocx
c:\windows\system32\3z95vir23715.dll
c:\windows\system32\3zf2backd9o5992.exe
c:\windows\system32\3zf9t9reat5976.exe
c:\windows\system32\4151zow9loa5er3159.ocx
c:\windows\system32\42cfazdwa591732.cpl
c:\windows\system32\42e0ba9kzoor2513.cpl
c:\windows\system32\434ezhief92045.ocx
c:\windows\system32\43615zr9s75.dll
c:\windows\system32\43cfsze9l11225.cpl
c:\windows\system32\4427noz-a9vi5us489.cpl
c:\windows\system32\451asteal9z9.ocx
c:\windows\system32\4598not-z-v5rus.bin
c:\windows\system32\45aest9a517z5.exe
c:\windows\system32\45b7thief39z2.exe
c:\windows\system32\480zthreat5094.cpl
c:\windows\system32\4855woz9261.exe
c:\windows\system32\4897addwzre1195.ocx
c:\windows\system32\4902spar9z5975.exe
c:\windows\system32\4902tzief15179.cpl
c:\windows\system32\49c8v5r227z.exe
c:\windows\system32\49f5zpyware49.cpl
c:\windows\system32\4cc5thief9z45.cpl
c:\windows\system32\4e99backdo5z32.cpl
c:\windows\system32\4f409pazs51004.exe
c:\windows\system32\4f75b9ckdooz2997.cpl
c:\windows\system32\4z469orm2a5.ocx
c:\windows\system32\4zc0spy9are2356.cpl
c:\windows\system32\500adownl9ader6z3.cpl
c:\windows\system32\504zdown95ader1016.ocx
c:\windows\system32\5066ba9kzoor10595.dll
c:\windows\system32\50f2addwzr92595.dll
c:\windows\system32\5125zpyware2998.ocx
c:\windows\system32\51570viruz5759.bin
c:\windows\system32\51efzhre9t2559.bin
c:\windows\system32\51z1spy291.dll
c:\windows\system32\5214znot-a-virus594.dll
c:\windows\system32\5229t5ief157z.bin
c:\windows\system32\524ba5kdoor16z9.bin
c:\windows\system32\5258backdoo92824z.exe
c:\windows\system32\525etzreat309739.bin
c:\windows\system32\5310spar9e1796z.exe
c:\windows\system32\5339ha5ktool66z.exe
c:\windows\system32\5352zvirus791.cpl
c:\windows\system32\537zsp59se1572.dll
c:\windows\system32\53b3th5eat1699z.bin
c:\windows\system32\53d6bazkd95r2526.ocx
c:\windows\system32\544zspars57309.dll
c:\windows\system32\5450h9zktoo51e8.ocx
c:\windows\system32\5457vi91z99.ocx
c:\windows\system32\54z07tro94a6.exe
c:\windows\system32\54z0wo5m6b09.cpl
c:\windows\system32\54z4thief2962.bin
c:\windows\system32\54zt9oj740.dll
c:\windows\system32\553espz9are2337.dll
c:\windows\system32\5590virzs912.bin
c:\windows\system32\55c7stea9z855.bin
c:\windows\system32\55d9v5r2261z.ocx
c:\windows\system32\5619threzt2797.exe
c:\windows\system32\56b9stealz395.exe
c:\windows\system32\56f8szeal1936.bin
c:\windows\system32\56z9backd5or302.exe
c:\windows\system32\5760sp59bot1zd.dll
c:\windows\system32\57z9spamb5t28f.bin
c:\windows\system32\58f5downlz5der20359.ocx
c:\windows\system32\58f9thze92057.ocx
c:\windows\system32\59298hacktooz96.bin
c:\windows\system32\59429spambot2ez.cpl
c:\windows\system32\5945baczdoor895.bin
c:\windows\system32\5958z9r2591.exe
c:\windows\system32\59d6zp9ware1378.bin
c:\windows\system32\59f89zr5at15043.ocx
c:\windows\system32\59zbs9eal2506.exe
c:\windows\system32\5a399ownloaderz580.exe
c:\windows\system32\5a6s9a5se3077z.dll
c:\windows\system32\5a8addwar92697z.ocx
c:\windows\system32\5b2dthz5f24569.ocx
c:\windows\system32\5b83vir1695z.exe
c:\windows\system32\5bff59dwzre1682.ocx
c:\windows\system32\5bz7vir1099.bin
c:\windows\system32\5c95spywaze496.cpl
c:\windows\system32\5cazv9r826.bin
c:\windows\system32\5d435hreat23z90.exe
c:\windows\system32\5d7spa9ze3151.bin
c:\windows\system32\5eaedow5loader25z9.bin
c:\windows\system32\5f269ac5doorz559.cpl
c:\windows\system32\5z322virus499.bin
c:\windows\system32\5z59v9r193.cpl
c:\windows\system32\5z9thief13569.bin
c:\windows\system32\5zba5teal9253.ocx
c:\windows\system32\5zd7threa929386.bin
c:\windows\system32\600zhack5ool398.ocx
c:\windows\system32\6379worz539.dll
c:\windows\system32\63d8szywar5479.exe
c:\windows\system32\65179ir5s78z.bin
c:\windows\system32\6575hack9ool2zf.exe
c:\windows\system32\65bcza9kdoor1904.dll
c:\windows\system32\65fdadd9are4z5.dll
c:\windows\system32\6648virz8859.exe
c:\windows\system32\6694spy5are282z.ocx
c:\windows\system32\66z7s9e5l239.dll
c:\windows\system32\672t95ef2z78.bin
c:\windows\system32\675a9ownloader2767z.bin
c:\windows\system32\675aa5dwarz1491.ocx
c:\windows\system32\675ado5nzo9der2872.ocx
c:\windows\system32\67fes9azse30565.ocx
c:\windows\system32\6921stezl9542.exe
c:\windows\system32\6933spamb5tz37.cpl
c:\windows\system32\6987addware5z30.ocx
c:\windows\system32\699eaddwa5e8z8.ocx
c:\windows\system32\69a9spar9e152z.ocx
c:\windows\system32\69c6downlo5de9235z.exe
c:\windows\system32\69z0steal2255.dll
c:\windows\system32\6a20spar9z652.dll
c:\windows\system32\6b7eth9ef259z.cpl
c:\windows\system32\6c47thz9at18415.ocx
c:\windows\system32\6ez9spyw5re941.ocx
c:\windows\system32\6z2f9hief13275.exe
c:\windows\system32\700f9own5zader2986.cpl
c:\windows\system32\7191downloa9er58z0.exe
c:\windows\system32\7289stezl956.ocx
c:\windows\system32\7355spywa9e12z.dll
c:\windows\system32\7356s9ezl153.dll
c:\windows\system32\7358s9yware279z.bin
c:\windows\system32\75395ownloz9er754.bin
c:\windows\system32\754ethr9at26z045.cpl
c:\windows\system32\7599zir1853.exe
c:\windows\system32\75a89ir7z1.exe
c:\windows\system32\77935zy86.bin
c:\windows\system32\77z6s5arse9339.dll
c:\windows\system32\78favi59296z.ocx
c:\windows\system32\793059rezt30305.bin
c:\windows\system32\7995trojz8.cpl
c:\windows\system32\7996hack5ool62z.ocx
c:\windows\system32\79ct9iefz57.ocx
c:\windows\system32\79z9spyware165.bin
c:\windows\system32\7ac9st5al2z6.exe
c:\windows\system32\7b96spyw5r926z2.ocx
c:\windows\system32\7c3fthr9at2z3225.bin
c:\windows\system32\7c92st5alz879.exe
c:\windows\system32\7ed8backdoor3z59.exe
c:\windows\system32\7f25addzar91073.ocx
c:\windows\system32\7fe15te9l2685z.dll
c:\windows\system32\822hac5to9lzf.dll
c:\windows\system32\8258troj51z9.cpl
c:\windows\system32\8343not-a-v5zus9df.ocx
c:\windows\system32\8655spy5dz9.ocx
c:\windows\system32\91141spy4z5.exe
c:\windows\system32\927zthief1539.cpl
c:\windows\system32\92955worz580.cpl
c:\windows\system32\9345t5reat2559z.exe
c:\windows\system32\9430z5r333.dll
c:\windows\system32\9517spambotz44.ocx
c:\windows\system32\9532zorm15e.cpl
c:\windows\system32\95604spyz9e.dll
c:\windows\system32\9569spy66z.dll
c:\windows\system32\9586tr9j7zc.ocx
c:\windows\system32\96577zpy7d9.bin
c:\windows\system32\9680spars5275z.cpl
c:\windows\system32\9691t5oj5cz.exe
c:\windows\system32\9759zspy4fa.bin
c:\windows\system32\9856spa9bo54z3.ocx
c:\windows\system32\98z5troj4b5.ocx
c:\windows\system32\99521not-a-vi5us1fz.cpl
c:\windows\system32\9955spy1b3z.cpl
c:\windows\system32\995thiz929555.bin
c:\windows\system32\997spamz5t296.dll
c:\windows\system32\99bzh9ef28055.ocx
c:\windows\system32\9abasparse255z.exe
c:\windows\system32\9b8zv5r1449.cpl
c:\windows\system32\9becv5z1031.cpl
c:\windows\system32\9d1addwzre2955.dll
c:\windows\system32\9d1bspywzre582.ocx
c:\windows\system32\9d36spywarz815.ocx
c:\windows\system32\9ev9r2350z.exe
c:\windows\system32\9fc5backdoor26z0.ocx
c:\windows\system32\9z45spy50e9.exe
c:\windows\system32\9z78not-a-vi5us942.bin
c:\windows\system32\9zfb5hief2506.cpl
c:\windows\system32\a59thrzat32412.ocx
c:\windows\system32\c2ds9a5se329z.ocx
c:\windows\system32\c595hreat100z8.dll
c:\windows\system32\d0f95zrse1566.bin
c:\windows\system32\ez5downloa9er97.bin
c:\windows\system32\f4zbackdoo922245.cpl
c:\windows\system32\z0670not-a-5i9us45.exe
c:\windows\system32\z0dethief5925.dll
c:\windows\system32\z192spyware2550.ocx
c:\windows\system32\z3855sp91fc.ocx
c:\windows\system32\z4055spambo9757.ocx
c:\windows\system32\z420wor540c9.cpl
c:\windows\system32\z455spars92535.dll
c:\windows\system32\z47985orm29c.dll
c:\windows\system32\z5512wor96395.dll
c:\windows\system32\z5758n9t-a-5irus13f.cpl
c:\windows\system32\z581spy1a9.ocx
c:\windows\system32\z657addw9re156.dll
c:\windows\system32\z7c1spa9se1581.bin
c:\windows\system32\z7d9th5ef17569.dll
c:\windows\system32\z9354t5oj50d.ocx
c:\windows\system32\z9390troj520.cpl
c:\windows\system32\z95dsparse3003.bin
c:\windows\system32\z9793w5rm7d6.dll
c:\windows\system32\z9db5ackdoo91786.cpl
c:\windows\system32\z9des9arse30825.cpl
c:\windows\system32\z9e2a5dware1562.ocx
c:\windows\system32\zb30thre5t94088.dll
c:\windows\system32\zbc29i51432.dll
c:\windows\system32\zd77addware2859.bin
c:\windows\system32\zdd2s9eal16625.exe
c:\windows\system32\zfa9pyware2245.ocx
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\z07a9i53257.dll
c:\windows\z10259py5d9.exe
c:\windows\z1049p56c2.ocx
c:\windows\z12479ot-a-virus56d.ocx
c:\windows\z159troj59e.ocx
c:\windows\z18119orm625.exe
c:\windows\z1890virus9f5.bin
c:\windows\z1afbac9d5or940.exe
c:\windows\z2794spam5ot786.exe
c:\windows\z35troj96a5.bin
c:\windows\z4839tro5298.exe
c:\windows\z51669pycb.ocx
c:\windows\z55469roj4c9.exe
c:\windows\z5877ha5ktool930.dll
c:\windows\z6205hreat12902.dll
c:\windows\z793steal1375.exe
c:\windows\z795vir9305.cpl
c:\windows\z8675worm5739.ocx
c:\windows\z875w5rm791.cpl
c:\windows\z904tro514b.cpl
c:\windows\z9308s5y192.bin
c:\windows\z949s5yware2983.cpl
c:\windows\z9e2vir659.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fioo32


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 00:07 . 2009-10-31 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-30 22:54 . 2008-03-12 06:38 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-30 22:54 . 2008-04-16 01:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-30 22:54 . 2008-03-12 06:38 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-27 23:31 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\program files\ERUNT
2009-10-25 00:01 . 2009-10-25 00:01 -------- d-----w- c:\program files\Trend Micro
2009-10-24 23:56 . 2009-10-24 23:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-24 23:41 . 2009-10-24 23:41 -------- d-----w- c:\users\Kyla's Laptop\AppData\Local\Opera
2009-10-24 23:40 . 2009-10-26 23:20 -------- d-----w- c:\program files\Opera
2009-10-24 22:11 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58 . 2009-10-24 19:58 -------- d-----w- c:\programdata\WindowsSearch
2009-10-24 19:34 . 2009-10-24 19:34 -------- d-----w- c:\users\Kyla's Laptop\AppData\Local\Threat Expert
2009-10-23 18:02 . 2009-10-23 18:02 -------- d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02 . 2009-10-24 21:09 -------- d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35 . 2009-10-08 18:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:35 . 2009-10-08 18:14 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:18 . 2009-09-24 13:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 13:53 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53 . 2009-10-23 13:54 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-23 13:53 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53 . 2009-10-31 00:13 -------- d-----w- c:\program files\Spyware Doctor
2009-10-23 13:53 . 2009-10-23 14:35 -------- d-----w- c:\programdata\PC Tools
2009-10-23 13:53 . 2009-10-23 13:53 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\PC Tools
2009-10-23 03:54 . 2009-10-23 03:54 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\InstallShield
2009-10-23 03:54 . 2009-10-23 03:54 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\WinBatch
2009-10-23 03:46 . 2009-10-23 03:46 1 ---h--w- c:\windows\tgm2.dat
2009-10-23 03:46 . 2009-10-23 03:46 1 ---h--w- c:\windows\hpm2.dat
2009-10-23 03:45 . 2009-10-23 03:45 1 ---h--w- c:\windows\bx4657.dat
2009-10-21 01:46 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 01:46 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 01:46 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 01:46 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 01:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 01:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 01:45 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 22:42 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-02 22:26 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 04:04 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2009-10-26 03:29 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 21:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 21:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-23 08:02 . 2008-12-16 13:51 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 03:00 . 2009-02-13 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-16 08:20 . 2009-10-23 13:53 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 11:20 . 2009-10-23 14:18 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 07:12 . 2009-10-23 14:18 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 06:01 . 2009-10-23 14:18 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-14 09:44 . 2009-10-15 22:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-09 08:09 . 2009-08-23 18:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 12:24 . 2009-10-15 22:40 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-09-02 23:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 23:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-15 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-09 01:03 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 01:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29 . 2009-09-09 01:03 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16 . 2009-09-09 01:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 01:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 01:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 01:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 01:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 01:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 01:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 19:20 . 2009-02-08 19:20 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-02-08 19:20 . 2009-02-08 19:20 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Kyla's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10/23/2009 8:53 AM 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [10/23/2009 9:35 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [10/23/2009 9:35 AM 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [12/16/2008 9:12 AM 20384]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [10/23/2009 8:53 AM 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/13/2009 5:54 PM 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/23/2009 8:53 AM 358600]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/18/2008 12:58 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 8:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/18/2008 12:48 PM 7168]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [10/23/2009 8:53 AM 70408]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [10/23/2009 9:35 AM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/21/2008 1:31 PM 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [12/16/2008 9:12 AM 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/21/2008 3:18 PM 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
fioo32 REG_MULTI_SZ fioo32
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Kyla's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 19:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(724)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'Explorer.exe'(4752)
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\Wlanapi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappcfg.dll
c:\windows\system32\WINHTTP.dll
c:\windows\System32\fwpuclnt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxext.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
.
**************************************************************************
.
Completion time: 2009-10-31 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 00:28

Pre-Run: 103,488,159,744 bytes free
Post-Run: 103,349,587,968 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 814CC75D4BAEE05E0EE7BF864E2DB7BD

kmd pix
2009-10-31, 02:52
DDS (Ver_09-10-26.01) - NTFSx86
Run by Kyla's Laptop at 19:46:06.12 on Fri 10/30/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.805 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Kyla's Laptop\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\kyla's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kyla's~1\appdata\roaming\mozilla\firefox\profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-23 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-23 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-16 20384]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-23 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-13 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-23 358600]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-23 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-23 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-16 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]

=============== Created Last 30 ================

2009-10-30 22:54:15 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-30 22:54:14 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-30 22:54:14 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-30 22:50:26 0 d-----w- C:\ComboFix
2009-10-30 22:27:51 98816 ----a-w- c:\windows\sed.exe
2009-10-30 22:27:51 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 22:27:51 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 22:27:51 161792 ----a-w- c:\windows\SWREG.exe
2009-10-27 23:31:37 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 02:44:44 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TM.blf
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-25 00:01:50 0 d-----w- c:\program files\Trend Micro
2009-10-24 22:20:59 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TM.blf
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-24 22:17:07 262144 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG1
2009-10-24 22:17:07 0 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG2
2009-10-24 22:11:43 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58:05 0 d-----w- c:\programdata\WindowsSearch
2009-10-23 18:02:10 0 d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02:07 0 d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35:23 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35:23 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:35:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:18:12 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 14:18:12 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-23 14:18:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-23 14:18:08 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-23 13:53:53 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-23 13:53:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53:45 0 d-----w- c:\program files\common files\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\users\kyla's~1\appdata\roaming\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\programdata\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\program files\Spyware Doctor
2009-10-23 13:52:53 0 d---a-w- c:\programdata\TEMP
2009-10-23 03:54:44 0 d-----w- c:\users\kyla's~1\appdata\roaming\WinBatch
2009-10-23 03:46:39 1 ---h--w- c:\windows\tgm2.dat
2009-10-23 03:46:28 1 ---h--w- c:\windows\hpm2.dat
2009-10-23 03:45:28 1 ---h--w- c:\windows\bx4657.dat
2009-10-22 23:05:02 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-10-21 01:46:11 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 01:45:42 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-15 22:42:29 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42:21 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42:20 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41:09 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41:08 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 22:41:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 22:41:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 22:41:03 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-02 22:26:58 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-09-14 09:44:57 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-16 15:06:39 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2008-08-18 18:36:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-08 19:20:21 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-02-08 19:20:19 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 19:49:23.23 ===============

Blade81
2009-10-31, 11:44
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



http://forums.spybot.info/showthread.php?p=344706#post344706
Collect::
c:\windows\tgm2.dat
c:\windows\hpm2.dat
c:\windows\bx4657.dat
c:\windows\fdgg34353edfgdfdf
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"fioo32"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).

Uninstall this vulnerable Java:
Java(TM) 6 Update 6


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

kmd pix
2009-10-31, 21:20
Hi Blade81, thanks for all of your help on this.

Here is my ComboFix log...just to let you know, the directions didn't mention to turn off my anti-virus and anti-malware again after I had re-enabled from previously and the ComboFix hung up. So, I closed everything down and re-booted, turned them all off again, re-loaded the CFScript to ComboFix and got this log:

ComboFix 09-10-30.01 - Kyla's Laptop 10/31/2009 10:49:26.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.904 [GMT -5:00]
Running from: C:\Users\Kyla's Laptop\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kyla's Laptop\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.


I uninstalled Adobe Reader and got the latest version.

Checked my Flash - it is the most current version.

Uninstalled the suspicious Java.

Downloaded and ran the ATF. The ATF would NOT allow me to check Prefetch - it said it was disabled; but everything else worked fine (followed directions for Firefox).

Downloaded and ran KAS, here is that log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 31, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 31, 2009 16:12:31
Records in database: 3109010
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 135708
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:44:48


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\iaStor.sys.vir Infected: Rootkit.Win32.TDSS.u 1
C:\Users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5940244a-148b1353 Infected: Trojan-Downloader.Java.Agent.t 1
C:\Users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7491de57 Infected: Trojan-Downloader.Java.Agent.t 1

Selected area has been scanned.


Re-ran DDS; here is that log:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Kyla's Laptop at 14:16:32.54 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.823 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mshta.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Kyla's Laptop\AppData\Local\Temp\jkos-Kyla's Laptop\binaries\ScanningProcess.exe
C:\Users\Kyla's Laptop\AppData\Local\Temp\jkos-Kyla's Laptop\binaries\ScanningProcess.exe
C:\Windows\system32\mshta.exe
C:\Windows\system32\mshta.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyla's Laptop\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\users\kyla's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kyla's~1\appdata\roaming\mozilla\firefox\profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\kyla's laptop\appdata\roaming\mozilla\firefox\profiles\v7ud8aqx.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-23 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-23 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-16 20384]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-23 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-13 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-23 358600]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-23 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-23 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-1-20 21504]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-16 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
SUnknown PEVSystemStart;PEVSystemStart; [x]

=============== Created Last 30 ================

2009-10-31 16:29:58 0 d-----w- c:\programdata\NOS
2009-10-31 16:13:21 275236787 ----a-w- c:\windows\MEMORY.DMP
2009-10-31 16:12:01 207280 ----a-w- c:\windows\system32\drivers\PCTCore_2.sys
2009-10-31 15:47:57 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-31 15:47:56 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-31 15:47:56 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 15:43:18 0 d-s---w- C:\ComboFix
2009-10-31 03:03:31 0 d-----w- C:\b4adff68d1d4e6f4c2b14b3171
2009-10-30 22:27:51 98816 ----a-w- c:\windows\sed.exe
2009-10-30 22:27:51 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 22:27:51 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 22:27:51 161792 ----a-w- c:\windows\SWREG.exe
2009-10-27 23:31:37 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 02:44:44 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TM.blf
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-25 00:01:50 0 d-----w- c:\program files\Trend Micro
2009-10-24 22:20:59 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TM.blf
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-24 22:17:07 262144 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG1
2009-10-24 22:17:07 0 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG2
2009-10-24 22:11:43 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58:05 0 d-----w- c:\programdata\WindowsSearch
2009-10-23 18:02:10 0 d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02:07 0 d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35:23 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35:23 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:35:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:18:12 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 14:18:12 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-23 14:18:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-23 14:18:08 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-23 13:53:53 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-23 13:53:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53:45 0 d-----w- c:\program files\common files\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\users\kyla's~1\appdata\roaming\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\programdata\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\program files\Spyware Doctor
2009-10-23 13:52:53 0 d---a-w- c:\programdata\TEMP
2009-10-23 03:54:44 0 d-----w- c:\users\kyla's~1\appdata\roaming\WinBatch
2009-10-21 01:46:11 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 01:45:42 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-15 22:42:29 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42:21 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42:20 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41:09 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41:08 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 22:41:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 22:41:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 22:41:03 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-02 22:26:58 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-09-14 09:44:57 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-16 15:06:39 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2008-08-18 18:36:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-08 19:20:21 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-02-08 19:20:19 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 14:20:06.74 ===============

Blade81
2009-11-01, 11:18
Was that complete ComboFix log? If it was, disable your protection software and then run ComboFix again.

kmd pix
2009-11-01, 20:17
Hi Blade81....yes that was all I got from the ComboFix log. I made sure all the anti-virus and anti-malware was turned off and re-ran ComboFix....and got this.

ComboFix 09-10-30.01 - Kyla's Laptop 11/01/2009 11:25:06.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.873 [GMT -6:00]
Running from: C:\Users\Kyla's Laptop\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

When I run ComboFix now it goes through the Completed Stages...50 in all I believe, and it reboots the laptop and I have to log back in....it never displays the log file automatically, I have to go to the C drive and get the new log file from there.

I did not reboot my computer after I turned off the anti-virus and anti-malware - so I will do that now and come back and try the ComboFix again and see if I get the same results in the log file.

That being said, I do not seem to have the browser re-direct anymore. I've tested it a couple times and it seems to be working correctly now.

kmd pix
2009-11-01, 20:54
Blade81 - rebooting the computer seemed to do the trick...I got a full ComboFix log, here it is:

ComboFix 09-10-30.01 - Kyla's Laptop 11/01/2009 12:41.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.1185 [GMT -6:00]
Running from: c:\users\Kyla's Laptop\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 18:48 . 2009-11-01 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-01 18:41 . 2008-04-16 01:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-01 18:41 . 2008-03-12 06:38 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-01 18:41 . 2008-03-12 06:38 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 03:03 . 2009-10-31 03:03 -------- d-----w- C:\b4adff68d1d4e6f4c2b14b3171
2009-10-27 23:31 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\program files\ERUNT
2009-10-25 00:01 . 2009-10-25 00:01 -------- d-----w- c:\program files\Trend Micro
2009-10-24 23:56 . 2009-10-24 23:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-24 23:41 . 2009-10-24 23:41 -------- d-----w- c:\users\Kyla's Laptop\AppData\Local\Opera
2009-10-24 23:40 . 2009-10-26 23:20 -------- d-----w- c:\program files\Opera
2009-10-24 22:11 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58 . 2009-10-24 19:58 -------- d-----w- c:\programdata\WindowsSearch
2009-10-24 19:34 . 2009-10-24 19:34 -------- d-----w- c:\users\Kyla's Laptop\AppData\Local\Threat Expert
2009-10-23 18:02 . 2009-10-23 18:02 -------- d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02 . 2009-10-24 21:09 -------- d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35 . 2009-10-08 18:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:35 . 2009-10-08 18:14 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:18 . 2009-09-24 13:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 13:53 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53 . 2009-10-23 13:54 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-23 13:53 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53 . 2009-11-01 17:55 -------- d-----w- c:\program files\Spyware Doctor
2009-10-23 13:53 . 2009-10-23 14:35 -------- d-----w- c:\programdata\PC Tools
2009-10-23 13:53 . 2009-10-23 13:53 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\PC Tools
2009-10-23 03:54 . 2009-10-23 03:54 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\InstallShield
2009-10-23 03:54 . 2009-10-23 03:54 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\WinBatch
2009-10-21 01:46 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 01:46 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 01:46 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 01:46 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 01:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 01:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 01:45 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 22:42 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-02 22:26 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 16:32 . 2008-08-18 18:10 -------- d-----w- c:\program files\Java
2009-10-31 16:26 . 2008-08-18 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 04:04 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2009-10-26 03:29 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 21:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 21:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-23 08:02 . 2008-12-16 13:51 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 03:00 . 2009-02-13 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-16 08:20 . 2009-10-23 13:53 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 11:20 . 2009-10-23 14:18 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 07:12 . 2009-10-23 14:18 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 06:01 . 2009-10-23 14:18 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-14 09:44 . 2009-10-15 22:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-09 08:09 . 2009-08-23 18:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 12:24 . 2009-10-15 22:40 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-09-02 23:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 23:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-15 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-09 01:03 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 01:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29 . 2009-09-09 01:03 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16 . 2009-09-09 01:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 01:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 01:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 01:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 01:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 01:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 01:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 19:20 . 2009-02-08 19:20 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-02-08 19:20 . 2009-02-08 19:20 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_00.14.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-01 18:38 49940 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-01 18:38 77082 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-08 19:17 . 2009-10-31 00:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 19:17 . 2009-11-01 17:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-08 19:17 . 2009-10-31 00:13 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 19:17 . 2009-11-01 17:49 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 19:17 . 2009-11-01 17:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-08 19:17 . 2009-10-31 00:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 19:21 . 2009-11-01 18:38 7280 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3263087516-1746803172-730395602-1000_UserData.bin
+ 2009-11-01 18:37 . 2009-11-01 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-01 18:37 . 2009-11-01 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-08 20:05 . 2009-11-01 17:01 237074 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-11-01 18:44 608136 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-24 22:12 608136 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-24 22:12 105574 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-01 18:44 105574 c:\windows\System32\perfc009.dat
+ 2009-10-31 00:12 . 2009-11-01 18:17 179280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-01 17:04 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-1-2009\ERDNT.EXE
+ 2009-10-31 15:33 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-31-2009\ERDNT.EXE
+ 2009-11-01 17:04 . 2009-11-01 17:04 1019904 c:\windows\ERDNT\AutoBackup\11-1-2009\Users\00000002\UsrClass.dat
+ 2009-11-01 17:04 . 2009-11-01 17:04 1331200 c:\windows\ERDNT\AutoBackup\11-1-2009\Users\00000001\ntuser.dat
+ 2009-10-31 15:33 . 2009-10-31 15:33 1019904 c:\windows\ERDNT\AutoBackup\10-31-2009\Users\00000002\UsrClass.dat
+ 2009-10-31 15:33 . 2009-10-31 15:33 1331200 c:\windows\ERDNT\AutoBackup\10-31-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Kyla's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10/23/2009 7:53 AM 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [10/23/2009 8:35 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [10/23/2009 8:35 AM 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [12/16/2008 8:12 AM 20384]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [10/23/2009 7:53 AM 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 1:19 AM 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/13/2009 4:54 PM 1153368]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/18/2008 11:58 AM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/18/2008 11:48 AM 7168]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/21/2008 12:31 PM 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [12/16/2008 8:12 AM 954368]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [10/23/2009 7:53 AM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/23/2009 7:53 AM 358600]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/21/2008 2:18 PM 9216]
S3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [10/23/2009 8:35 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Kyla's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 12:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-11-01 12:50
ComboFix-quarantined-files.txt 2009-11-01 18:50
ComboFix2.txt 2009-10-31 15:13
ComboFix3.txt 2009-10-31 00:28

Pre-Run: 98,628,829,184 bytes free
Post-Run: 98,591,064,064 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 64208436E778BCFE1C43BE7AA8A83E5D

Blade81
2009-11-01, 21:09
Hi,

Open notepad and copy/paste the text in the quotebox below into it:



Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
File::
C:\Users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5940244a-148b1353
C:\Users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7491de57



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds log. How's the system running?

kmd pix
2009-11-03, 02:14
Blade81:

Saved the new script into ComboFix and got this log, also attached new DDS log. My browsers do not seem to be redirecting any longer - which is a good thing. While I had re-enabled SpyBot and Spyware Doctor previously they had found some additional malware - Trojan and rootkit items, but I did not direct the programs to fix them. Should I re-enable the programs and run them and see what I get and let you know or allow the programs to fix them or just leave them be until we come to a conclusion with these items?

I did get some weird notices after running the last ComboFix...it said that I was having a problem with Windows.Net (I think that was it - it disappeared as soon as I moved the cursur).

Thanks,

Kyla

ComboFix 09-10-30.01 - Kyla's Laptop 11/02/2009 17:44.6.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.1074 [GMT -6:00]
Running from: c:\users\Kyla's Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyla's Laptop\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5940244a-148b1353"
"c:\users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7491de57"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5940244a-148b1353
c:\users\Kyla's Laptop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-7491de57

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 23:52 . 2009-11-02 23:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-02 23:52 . 2009-11-02 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-02 23:52 . 2009-11-02 23:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-02 23:43 . 2008-04-16 01:53 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-02 23:43 . 2008-03-12 06:38 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-02 23:43 . 2008-03-12 06:38 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 03:03 . 2009-10-31 03:03 -------- d-----w- C:\b4adff68d1d4e6f4c2b14b3171
2009-10-27 23:31 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\program files\ERUNT
2009-10-25 00:01 . 2009-10-25 00:01 -------- d-----w- c:\program files\Trend Micro
2009-10-24 23:56 . 2009-10-24 23:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-24 23:41 . 2009-10-24 23:41 -------- d-----w- c:\users\Kyla's Laptop\AppData\Local\Opera
2009-10-24 23:40 . 2009-10-26 23:20 -------- d-----w- c:\program files\Opera
2009-10-24 22:11 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58 . 2009-10-24 19:58 -------- d-----w- c:\programdata\WindowsSearch
2009-10-24 19:34 . 2009-10-24 19:34 -------- d-----w- c:\users\Kyla's Laptop\AppData\Local\Threat Expert
2009-10-23 18:02 . 2009-10-23 18:02 -------- d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02 . 2009-10-24 21:09 -------- d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35 . 2009-10-08 18:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35 . 2009-10-08 18:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:35 . 2009-10-08 18:14 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:18 . 2009-09-24 13:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 13:53 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53 . 2009-10-23 13:54 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-23 13:53 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53 . 2009-11-01 17:55 -------- d-----w- c:\program files\Spyware Doctor
2009-10-23 13:53 . 2009-10-23 14:35 -------- d-----w- c:\programdata\PC Tools
2009-10-23 13:53 . 2009-10-23 13:53 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\PC Tools
2009-10-23 03:54 . 2009-10-23 03:54 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\InstallShield
2009-10-23 03:54 . 2009-10-23 03:54 -------- d-----w- c:\users\Kyla's Laptop\AppData\Roaming\WinBatch
2009-10-21 01:46 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 01:46 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 01:46 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 01:46 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 01:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 01:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 01:45 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-15 22:42 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 16:32 . 2008-08-18 18:10 -------- d-----w- c:\program files\Java
2009-10-31 16:26 . 2008-08-18 18:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 04:04 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2009-10-26 03:29 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 21:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 21:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-23 08:02 . 2008-12-16 13:51 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 03:00 . 2009-02-13 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 15:29 . 2009-10-02 22:26 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-16 08:20 . 2009-10-23 13:53 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 11:20 . 2009-10-23 14:18 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 07:12 . 2009-10-23 14:18 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 06:01 . 2009-10-23 14:18 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-14 09:44 . 2009-10-15 22:40 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-09 08:09 . 2009-08-23 18:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 12:24 . 2009-10-15 22:40 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39 . 2009-09-02 23:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 23:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-15 22:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 22:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 22:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 22:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-09 01:03 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 01:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29 . 2009-09-09 01:03 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16 . 2009-09-09 01:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 01:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 01:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 01:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 01:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 01:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 01:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-08 19:20 . 2009-02-08 19:20 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-02-08 19:20 . 2009-02-08 19:20 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_00.14.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-01 18:54 49940 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-01 18:54 77090 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-08 19:17 . 2009-10-31 00:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 19:17 . 2009-11-02 23:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 19:17 . 2009-11-02 23:35 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-08 19:17 . 2009-10-31 00:13 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-08 19:17 . 2009-10-31 00:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 19:17 . 2009-11-02 23:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 19:21 . 2009-11-01 18:54 7366 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3263087516-1746803172-730395602-1000_UserData.bin
+ 2009-02-08 20:05 . 2009-11-02 23:34 237266 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-10-24 22:12 608136 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-01 18:57 608136 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-24 22:12 105574 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-01 18:57 105574 c:\windows\System32\perfc009.dat
+ 2009-10-31 00:12 . 2009-11-02 23:52 179280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-02 23:54 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-2-2009\ERDNT.EXE
+ 2009-11-01 17:04 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\11-1-2009\ERDNT.EXE
+ 2009-10-31 15:33 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-31-2009\ERDNT.EXE
+ 2009-11-02 23:54 . 2009-11-02 23:54 1024000 c:\windows\ERDNT\AutoBackup\11-2-2009\Users\00000002\UsrClass.dat
+ 2009-11-02 23:54 . 2009-11-02 23:54 1331200 c:\windows\ERDNT\AutoBackup\11-2-2009\Users\00000001\ntuser.dat
+ 2009-11-01 17:04 . 2009-11-01 17:04 1019904 c:\windows\ERDNT\AutoBackup\11-1-2009\Users\00000002\UsrClass.dat
+ 2009-11-01 17:04 . 2009-11-01 17:04 1331200 c:\windows\ERDNT\AutoBackup\11-1-2009\Users\00000001\ntuser.dat
+ 2009-10-31 15:33 . 2009-10-31 15:33 1019904 c:\windows\ERDNT\AutoBackup\10-31-2009\Users\00000002\UsrClass.dat
+ 2009-10-31 15:33 . 2009-10-31 15:33 1331200 c:\windows\ERDNT\AutoBackup\10-31-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Kyla's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10/23/2009 7:53 AM 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [10/23/2009 8:35 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [10/23/2009 8:35 AM 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [12/16/2008 8:12 AM 20384]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [10/23/2009 7:53 AM 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 1:19 AM 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/13/2009 4:54 PM 1153368]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/18/2008 11:58 AM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/18/2008 11:48 AM 7168]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/21/2008 12:31 PM 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [12/16/2008 8:12 AM 954368]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [10/23/2009 7:53 AM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/23/2009 7:53 AM 358600]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/21/2008 2:18 PM 9216]
S3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [10/23/2009 8:35 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Kyla's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 17:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxext.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-02 17:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 23:58
ComboFix2.txt 2009-11-01 18:50
ComboFix3.txt 2009-10-31 15:13
ComboFix4.txt 2009-10-31 00:28

Pre-Run: 98,567,950,336 bytes free
Post-Run: 98,448,179,200 bytes free

- - End Of File - - 02582F2804CEFE7F9885104058C2C90C




DDS (Ver_09-10-26.01) - NTFSx86
Run by Kyla's Laptop at 18:02:50.43 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.937 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxext.exe
C:\Users\Kyla's Laptop\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\kyla's~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kyla's~1\appdata\roaming\mozilla\firefox\profiles\v7ud8aqx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-23 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-23 59664]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-16 20384]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-23 229304]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-13 1153368]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-21 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-16 954368]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-23 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-23 358600]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-23 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-11-02 23:43:51 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-02 23:43:51 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-02 23:43:51 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 16:13:21 257755027 ----a-w- c:\windows\MEMORY.DMP
2009-10-31 03:03:31 0 d-----w- C:\b4adff68d1d4e6f4c2b14b3171
2009-10-30 22:27:51 98816 ----a-w- c:\windows\sed.exe
2009-10-30 22:27:51 77312 ----a-w- c:\windows\MBR.exe
2009-10-30 22:27:51 236544 ----a-w- c:\windows\PEV.exe
2009-10-30 22:27:51 161792 ----a-w- c:\windows\SWREG.exe
2009-10-27 23:31:37 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 23:31:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 02:44:44 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TM.blf
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-26 02:44:44 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{ef34ac54-c0fb-11de-b2d7-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-25 00:01:50 0 d-----w- c:\program files\Trend Micro
2009-10-24 22:20:59 65536 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TM.blf
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000002.regtrans-ms
2009-10-24 22:20:59 524288 --sha-w- c:\users\kyla's laptop\ntuser.dat{bc908a7c-c0d7-11de-a69c-001e33905c6e}.TMContainer00000000000000000001.regtrans-ms
2009-10-24 22:17:07 262144 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG1
2009-10-24 22:17:07 0 ---ha-w- c:\users\kyla's laptop\S-1-5-21-3263087516-1746803172-730395602-1000.rrr.LOG2
2009-10-24 22:11:43 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-24 19:58:05 0 d-----w- c:\programdata\WindowsSearch
2009-10-23 18:02:10 0 d-----w- c:\windows\system32\EventProviders
2009-10-23 18:02:07 0 d-----w- C:\c6b78d74c8bcd61703b647c5f6b729
2009-10-23 14:35:23 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-23 14:35:23 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-23 14:35:23 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-23 14:18:12 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-23 14:18:12 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-10-23 14:18:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-23 14:18:08 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-10-23 13:53:53 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 13:53:49 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 13:53:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-23 13:53:49 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 13:53:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 13:53:45 0 d-----w- c:\program files\common files\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\users\kyla's~1\appdata\roaming\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\programdata\PC Tools
2009-10-23 13:53:41 0 d-----w- c:\program files\Spyware Doctor
2009-10-23 13:52:53 0 d---a-w- c:\programdata\TEMP
2009-10-23 03:54:44 0 d-----w- c:\users\kyla's~1\appdata\roaming\WinBatch
2009-10-21 01:46:11 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:45:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:45:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 01:45:42 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-15 22:42:29 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 22:42:21 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 22:42:20 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 22:41:09 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 22:41:08 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 22:41:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 22:41:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 22:41:03 80896 ----a-w- c:\windows\system32\MSNP.ax

==================== Find3M ====================

2009-10-01 15:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-14 09:44:57 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 12:24:34 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-16 15:06:39 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-16 15:06:39 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2008-08-18 18:36:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-04 02:00:25 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-02-08 19:20:21 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-02-08 19:20:19 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 18:05:42.63 ===============

Blade81
2009-11-03, 08:03
Should I re-enable the programs and run them and see what I get and let you know or allow the programs to fix them or just leave them be until we come to a conclusion with these items?
You may run the scans now. Let me know about the results before cleaning any findings.

kmd pix
2009-11-04, 02:43
Ran Spyware Doctor with Anti-virus and got the following:

Spyware Research > Infections > Trojan.Generic

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.
Name: Trojan.Generic
Threat Level: High
Description: Common Components that may be used by Trojans Small, DRSN Search, Binet, Euniverse, Adrotator and Dloader among others.
Type: TT_Trojan
Threat analysis: Search ThreatExpert to view reports
Removal: This infection can be removed using Spyware Doctor.

At least one or more of the following fields may be indicated:

* Name: the name of the specific infection, as presented in the database.
* Also known as: other names by which this infection may be known.
* Type: the category to which the infection belongs. Refer to the Glossary for further details on infection types.
* Variant: the family of infections to which this infection belongs.
* By: the vendor of this infection.
* Threat: the threat level assigned to this infection.
* Description: a more detailed description of the infection. If the information is available, technical aspects and symptoms of this infection are described here.

kmd pix
2009-11-04, 03:24
Ran Spybot Search and Destroy - No immediate threats found.

Blade81
2009-11-04, 07:34
Hi,

Did spyware doctor show the location of the infected item? It's possible that it flagged some item that ComboFix had removed or the tool itself.

kmd pix
2009-11-06, 05:36
Hi Blade 81 - I clicked on the Trojan.Generic threat that Spyware Doctor found to expand it and it showed:

Registry Key
HKEY_USERS\S-1-5-21-3263087516-1746803172-730395602-1000\Software\Wget

But that was all...I can't find anymore information on it.

Blade81
2009-11-06, 07:25
Hi,

Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.


REGEDIT4

[-HKEY_USERS\S-1-5-21-3263087516-1746803172-730395602-1000\Software\Wget]


It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Doubleclick fix.reg, press Yes and ok.

That should remove the finding.

kmd pix
2009-11-06, 23:25
Ran the reg fix....worked like a charm. Re-ran Spyware Doctor and Spybot Search and Destroy - no threats found with either. I think I am good to go. Firefox doesn't redirect from a Google search anymore and I don't get notifications of any malware. Thank you so much!!!!!!

Blade81
2009-11-07, 00:26
Good. Let's have the final steps then :)



THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK




Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

kmd pix
2009-11-08, 06:41
Blade81:

Completed all of the final steps and have re-run current anti-virus programs and installed Antivir....all showed no threats. I think I am good to go but will check back with you in a couple days just to let you know. Thank you so VERY much for the help you gave me, it was invaluable!

Kyla

Blade81
2009-11-08, 14:34
You're welcome :)

I'll leave the topic open for a few days.

Blade81
2009-11-16, 09:46
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.