PDA

View Full Version : Inexperienced ComboFix User


SoccerGuy
2010-03-26, 05:13
Hello specialists,

I know i'm not supposed to use ComboFix unless suggested by an expert. But i have had big problems and i needed a quick fix, i did back up my files so i reformatted when things got bad.

Pretty much my computer would freeze about a minute once it booted up. Just freeze when my antivirus turns on. Every time. I was able to shut my anti-virus off this one time in order to back up my files to an external hard drive. I reformatted once and the same problem arise. The second time was okay, and i used Malwarebytes and nothing came up. I then ran combofix today and the following log showed up with three deletes:

ComboFix 10-03-25.04 - MTING 25/03/2010 20:50:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1127 [GMT -6:00]
Running from: c:\documents and settings\MTING\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2178042772-3960084829-1456234550-1003
c:\recycler\S-1-5-21-936217405-998132377-2883199059-1006
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-26 01:42 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-26 01:42 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-26 01:42 . 2010-03-26 01:54 -------- d-----w- c:\windows\LastGood
2010-03-26 01:40 . 2010-03-26 01:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-26 01:39 . 2010-03-26 01:39 -------- d-sh--w- c:\documents and settings\MTING\IETldCache
2010-03-25 04:47 . 2010-03-25 04:47 -------- d-----w- c:\documents and settings\MTING\Tracing
2010-03-25 04:43 . 2010-03-25 04:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-25 04:42 . 2010-03-25 04:42 -------- d-----w- c:\program files\Microsoft
2010-03-25 04:42 . 2010-03-25 04:42 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-25 04:41 . 2010-03-25 04:42 -------- d-----w- c:\program files\Windows Live
2010-03-25 04:38 . 2010-03-25 04:38 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-25 04:38 . 2010-03-25 04:47 18768 ----a-w- c:\documents and settings\MTING\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 04:35 . 2010-03-25 04:35 503808 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-620181cd-n\msvcp71.dll
2010-03-25 04:35 . 2010-03-25 04:35 499712 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-620181cd-n\jmc.dll
2010-03-25 04:35 . 2010-03-25 04:35 348160 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-620181cd-n\msvcr71.dll
2010-03-25 04:35 . 2010-03-25 04:35 61440 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-763d29e0-n\decora-sse.dll
2010-03-25 04:35 . 2010-03-25 04:35 12800 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-763d29e0-n\decora-d3d.dll
2010-03-25 04:34 . 2010-03-25 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 04:24 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-25 04:23 . 2010-03-25 04:23 -------- d-----w- c:\windows\ie8updates
2010-03-25 04:23 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-25 04:23 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-25 04:23 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-25 04:23 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-25 04:23 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-25 04:23 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-25 04:21 . 2010-03-25 04:22 -------- dc-h--w- c:\windows\ie8
2010-03-25 04:08 . 2010-03-25 04:08 -------- d-----w- c:\windows\ServicePackFiles
2010-03-25 04:07 . 2010-03-25 04:07 -------- d-----w- c:\documents and settings\MTING\Local Settings\Application Data\Temp
2010-03-25 04:06 . 2010-03-25 04:07 -------- d-----w- c:\documents and settings\MTING\Local Settings\Application Data\Google
2010-03-25 03:23 . 2010-03-26 01:53 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-25 03:20 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-25 03:20 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-25 03:20 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-25 03:20 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-25 03:20 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-25 03:20 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-25 03:19 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-25 03:19 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-25 03:11 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-03-25 03:11 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-25 03:10 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-25 03:08 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-03-25 03:07 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-25 03:07 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-03-25 02:58 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-25 02:56 . 2004-08-04 07:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-25 02:56 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-25 02:56 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-25 02:56 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-25 02:56 . 2004-08-04 05:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-25 02:56 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-25 02:55 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-03-25 02:55 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-25 02:55 . 2004-08-04 06:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-25 02:55 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-25 02:33 . 2010-03-25 02:33 -------- d-----w- c:\windows\Sun
2010-03-25 02:30 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-25 02:15 . 2010-03-25 02:15 -------- d-----w- c:\program files\SymNetDrv
2010-03-25 02:13 . 2010-03-25 02:13 -------- d-----w- c:\documents and settings\MTING\Application Data\Malwarebytes
2010-03-25 02:13 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 02:13 . 2010-03-25 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 02:13 . 2010-03-25 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 02:13 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 02:08 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-25 02:06 . 2005-05-13 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-03-25 02:05 . 2004-10-30 02:48 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2010-03-25 02:05 . 2004-10-15 18:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2010-03-25 02:05 . 2004-10-15 18:20 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2010-03-25 02:05 . 2010-03-25 02:05 -------- d-----w- C:\EULA
2010-03-25 02:05 . 2005-04-18 18:33 98304 ----a-w- c:\windows\system32\TCtrlCommon.dll
2010-03-25 02:04 . 2005-05-13 12:53 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\program files\ltmoh
2010-03-25 01:37 . 2005-04-05 23:53 110592 ----a-w- c:\windows\system32\cselect.exe
2010-03-25 01:37 . 2004-12-21 17:10 88358 ----a-w- c:\windows\agrsmmsg.exe
2010-03-25 01:37 . 2004-04-05 18:49 64512 ------w- c:\windows\agrsmdel.exe
2010-03-25 01:37 . 2003-12-04 08:48 77824 ----a-w- c:\windows\system32\tosmreg.exe
2010-03-25 01:37 . 2003-10-31 02:59 45056 ----a-w- c:\windows\system32\csellang.dll
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\windows\Options
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\windows\TOSHOFER
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\program files\Install AOL 9.0
2010-03-25 01:37 . 2002-01-24 22:43 6528 ----a-w- c:\windows\system32\drivers\Tbiosdrv.sys
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\program files\Datalode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 02:47 . 2005-05-19 23:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-26 01:39 . 2005-05-19 23:36 -------- d-----w- c:\program files\Norton AntiVirus
2010-03-25 04:34 . 2005-05-13 12:56 -------- d-----w- c:\program files\Java
2010-03-25 02:16 . 2005-05-19 23:36 -------- d-----w- c:\program files\Symantec
2010-03-25 02:08 . 2010-03-25 02:07 -------- d-----w- c:\documents and settings\MTING\Application Data\Symantec
2010-03-25 02:08 . 2010-03-25 02:08 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite M50_S3A2920D002_PSM50C-YK400E.MRK
2010-03-25 02:08 . 2005-05-13 12:30 -------- d-----w- c:\program files\TOSHIBA
2010-03-25 02:05 . 2005-05-12 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 02:04 . 2005-05-13 12:54 -------- d-----w- c:\program files\InterVideo
2009-12-31 16:14 . 2005-05-12 04:34 352640 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-14 5562368]
"nwiz"="nwiz.exe" [2005-04-14 1495040]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-21 88358]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 28672]
"TFncKy"="TFncKy.exe" [BU]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2010-03-25 100056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-5-13 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1638684249-3900855145-2087130138-1006Core.job
- c:\documents and settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 04:06]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1638684249-3900855145-2087130138-1006UA.job
- c:\documents and settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 04:06]

2010-03-25 c:\windows\Tasks\Norton AntiVirus - Scan my computer - MTING.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-19 19:54]

2010-03-25 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-12 12:00]

2010-03-25 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-12 12:00]

2010-03-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-19 00:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Connection Wizard,ShellNext = hxxp://www.shoptoshiba.ca/welcome
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 20:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-25 20:54:34
ComboFix-quarantined-files.txt 2010-03-26 02:54

Pre-Run: 89,813,090,304 bytes free
Post-Run: 89,806,327,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 22B2DC3E1F1943EEF65372C9CF241A6A




I assume i had some sort of trojan. I don't really know how to read the ComboFix Log... But am i clean?




Here is a hijack this log:

ComboFix 10-03-25.04 - MTING 25/03/2010 20:50:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1127 [GMT -6:00]
Running from: c:\documents and settings\MTING\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2178042772-3960084829-1456234550-1003
c:\recycler\S-1-5-21-936217405-998132377-2883199059-1006
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-26 01:42 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-26 01:42 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-26 01:42 . 2010-03-26 01:54 -------- d-----w- c:\windows\LastGood
2010-03-26 01:40 . 2010-03-26 01:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-26 01:39 . 2010-03-26 01:39 -------- d-sh--w- c:\documents and settings\MTING\IETldCache
2010-03-25 04:47 . 2010-03-25 04:47 -------- d-----w- c:\documents and settings\MTING\Tracing
2010-03-25 04:43 . 2010-03-25 04:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-25 04:42 . 2010-03-25 04:42 -------- d-----w- c:\program files\Microsoft
2010-03-25 04:42 . 2010-03-25 04:42 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-25 04:41 . 2010-03-25 04:42 -------- d-----w- c:\program files\Windows Live
2010-03-25 04:38 . 2010-03-25 04:38 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-25 04:38 . 2010-03-25 04:47 18768 ----a-w- c:\documents and settings\MTING\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 04:35 . 2010-03-25 04:35 503808 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-620181cd-n\msvcp71.dll
2010-03-25 04:35 . 2010-03-25 04:35 499712 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-620181cd-n\jmc.dll
2010-03-25 04:35 . 2010-03-25 04:35 348160 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-620181cd-n\msvcr71.dll
2010-03-25 04:35 . 2010-03-25 04:35 61440 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-763d29e0-n\decora-sse.dll
2010-03-25 04:35 . 2010-03-25 04:35 12800 ----a-w- c:\documents and settings\MTING\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-763d29e0-n\decora-d3d.dll
2010-03-25 04:34 . 2010-03-25 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-25 04:24 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-25 04:23 . 2010-03-25 04:23 -------- d-----w- c:\windows\ie8updates
2010-03-25 04:23 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-25 04:23 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-25 04:23 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-25 04:23 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-25 04:23 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-25 04:23 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-03-25 04:21 . 2010-03-25 04:22 -------- dc-h--w- c:\windows\ie8
2010-03-25 04:08 . 2010-03-25 04:08 -------- d-----w- c:\windows\ServicePackFiles
2010-03-25 04:07 . 2010-03-25 04:07 -------- d-----w- c:\documents and settings\MTING\Local Settings\Application Data\Temp
2010-03-25 04:06 . 2010-03-25 04:07 -------- d-----w- c:\documents and settings\MTING\Local Settings\Application Data\Google
2010-03-25 03:23 . 2010-03-26 01:53 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-25 03:20 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-25 03:20 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-25 03:20 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-03-25 03:20 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-25 03:20 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-25 03:20 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-25 03:19 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-25 03:19 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-25 03:11 . 2008-05-01 14:30 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-03-25 03:11 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-25 03:10 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-25 03:08 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-03-25 03:07 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-03-25 03:07 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-03-25 02:58 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-25 02:56 . 2004-08-04 07:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-03-25 02:56 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-25 02:56 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-25 02:56 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-25 02:56 . 2004-08-04 05:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-03-25 02:56 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-25 02:55 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-03-25 02:55 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-25 02:55 . 2004-08-04 06:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-25 02:55 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-25 02:33 . 2010-03-25 02:33 -------- d-----w- c:\windows\Sun
2010-03-25 02:30 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-25 02:15 . 2010-03-25 02:15 -------- d-----w- c:\program files\SymNetDrv
2010-03-25 02:13 . 2010-03-25 02:13 -------- d-----w- c:\documents and settings\MTING\Application Data\Malwarebytes
2010-03-25 02:13 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 02:13 . 2010-03-25 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 02:13 . 2010-03-25 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 02:13 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 02:08 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-25 02:06 . 2005-05-13 12:53 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-03-25 02:05 . 2004-10-30 02:48 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2010-03-25 02:05 . 2004-10-15 18:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2010-03-25 02:05 . 2004-10-15 18:20 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2010-03-25 02:05 . 2010-03-25 02:05 -------- d-----w- C:\EULA
2010-03-25 02:05 . 2005-04-18 18:33 98304 ----a-w- c:\windows\system32\TCtrlCommon.dll
2010-03-25 02:04 . 2005-05-13 12:53 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\program files\ltmoh
2010-03-25 01:37 . 2005-04-05 23:53 110592 ----a-w- c:\windows\system32\cselect.exe
2010-03-25 01:37 . 2004-12-21 17:10 88358 ----a-w- c:\windows\agrsmmsg.exe
2010-03-25 01:37 . 2004-04-05 18:49 64512 ------w- c:\windows\agrsmdel.exe
2010-03-25 01:37 . 2003-12-04 08:48 77824 ----a-w- c:\windows\system32\tosmreg.exe
2010-03-25 01:37 . 2003-10-31 02:59 45056 ----a-w- c:\windows\system32\csellang.dll
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\windows\Options
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\windows\TOSHOFER
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\program files\Install AOL 9.0
2010-03-25 01:37 . 2002-01-24 22:43 6528 ----a-w- c:\windows\system32\drivers\Tbiosdrv.sys
2010-03-25 01:37 . 2010-03-25 01:37 -------- d-----w- c:\program files\Datalode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 02:47 . 2005-05-19 23:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-26 01:39 . 2005-05-19 23:36 -------- d-----w- c:\program files\Norton AntiVirus
2010-03-25 04:34 . 2005-05-13 12:56 -------- d-----w- c:\program files\Java
2010-03-25 02:16 . 2005-05-19 23:36 -------- d-----w- c:\program files\Symantec
2010-03-25 02:08 . 2010-03-25 02:07 -------- d-----w- c:\documents and settings\MTING\Application Data\Symantec
2010-03-25 02:08 . 2010-03-25 02:08 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite M50_S3A2920D002_PSM50C-YK400E.MRK
2010-03-25 02:08 . 2005-05-13 12:30 -------- d-----w- c:\program files\TOSHIBA
2010-03-25 02:05 . 2005-05-12 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 02:04 . 2005-05-13 12:54 -------- d-----w- c:\program files\InterVideo
2009-12-31 16:14 . 2005-05-12 04:34 352640 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-14 5562368]
"nwiz"="nwiz.exe" [2005-04-14 1495040]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-21 88358]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 28672]
"TFncKy"="TFncKy.exe" [BU]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2010-03-25 100056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-5-13 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1638684249-3900855145-2087130138-1006Core.job
- c:\documents and settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 04:06]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1638684249-3900855145-2087130138-1006UA.job
- c:\documents and settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 04:06]

2010-03-25 c:\windows\Tasks\Norton AntiVirus - Scan my computer - MTING.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-19 19:54]

2010-03-25 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-12 12:00]

2010-03-25 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-12 12:00]

2010-03-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-19 00:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Connection Wizard,ShellNext = hxxp://www.shoptoshiba.ca/welcome
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 20:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-25 20:54:34
ComboFix-quarantined-files.txt 2010-03-26 02:54

Pre-Run: 89,813,090,304 bytes free
Post-Run: 89,806,327,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 22B2DC3E1F1943EEF65372C9CF241A6A





I'm also wondering whether my hard drive is also infected. Any advice can i get?

Your valuable advice is very much appreciated. Thanks.
SoccerGuy
2010-03-26, 05:17
It seems i didn't really copy the HJT log. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:44 PM, on 25/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\NAVStub.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MTING\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 8624 bytes
tashi
2010-04-06, 18:40
Hello SoccerGuy,

When you added another post to your unanswered topic it removed the zero response helpers look for. :eek:

Please see this forum's FAQ and if you still need assistance start a new topic with a link back to this one. :)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

FYI:
Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806 )

Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/showthread.php?t=1137)

Best regards.