Logs
MBAM Log:
Malwarebytes' Anti-Malware 1.11
Database version: 676
Scan type: Quick Scan
Objects scanned: 33356
Time elapsed: 8 minute(s), 25 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 3
Registry Keys Infected: 26
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10
Memory Processes Infected:
C:\ProgramData\dughgmlb\hyzsvgxq.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\ProgramData\zuzqlmny\bwlihutm.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (Rogue.AdwareAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\Users\Patrick\AppData\Local\Temp\mlJDsRki.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Unloaded module successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00aa4dfd-0778-41a2-baa9-c2a5ad1461b6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e497176-7233-4cbb-a072-4c1035fcb9cb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10a75722-70e6-4597-8e38-cd860cc246d6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10f003b9-8162-4f85-8c3f-9a395126efa5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bf44952-113c-4b5d-8b91-fae54255de20} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5483a1fa-aeae-41a7-886f-26170f84e213} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5633c9d5-08c9-492b-9e56-042feb04304d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5a2f21d7-43d6-4cb6-8598-a48b4906bf16} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ab5d8b1-fde0-4236-9d9e-06888e999923} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{978e6299-a4bd-4af8-ae2c-bbfeae0053e5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b819942-5ed1-4bb0-a8b9-4434283a5f3c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c072dac8-a946-4981-af5f-574f4759c4a3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2d578cf-c743-4179-9f59-100f6dc34800} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d21dbe58-b388-4cca-8664-05dc2d75500d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcc13cc0-ab51-4f8e-b3fe-facacbad8236} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a30d1592adaa3d743884b8318328ad99 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\e326614894984a1468ca53b7dfcf99a5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adwarealertsrv (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dughgmlb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TJ2qEtFoW0 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70530785 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AdwareAlert\FilterDrv\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
Files Infected:
C:\ProgramData\dughgmlb\hyzsvgxq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\zuzqlmny\bwlihutm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Patrick\AppData\Local\Temp\mlJDsRki.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\Installer\{3D5B7E73-630B-4EFD-985E-ECF5D2238046}\Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Patrick\AppData\Local\Temp\~DF7EFE.tmp (Malware.trace) -> Quarantined and deleted successfully.
C:\Users\Patrick\AppData\Local\Temp\~DF8719.tmp (Malware.trace) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\TCL.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\zlib.dll (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Patrick\AppData\Local\Temp\uaoqnypl.dll (Trojan.Agent) -> Delete on reboot.
HJT Log After Running MBAM:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:59 PM, on 4/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\Patrick\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\dughgmlb\hyzsvgxq.exe
C:\ProgramData\zuzqlmny\bwlihutm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Patrick\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dughgmlb] C:\ProgramData\dughgmlb\hyzsvgxq.exe
O4 - HKCU\..\Run: [TJ2qEtFoW0] C:\ProgramData\zuzqlmny\bwlihutm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Patrick\AppData\Local\Temp\mlJDsRki.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [70530785] rundll32.exe "C:\Users\Patrick\AppData\Local\Temp\uaoqnypl.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4DFE287-BDD1-4878-8213-056EA247454C}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 11687 bytes
ComboFix Log:
ComboFix 08-04-22.5 - Patrick 2008-04-23 19:08:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.302 [GMT -4:00]
Running from: C:\Users\Patrick\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patrick\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-23 18:49 . 2008-04-23 18:49 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\Malwarebytes
2008-04-23 18:48 . 2008-04-23 18:48 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-23 18:48 . 2008-04-23 18:48 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-23 18:48 . 2008-04-23 18:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 21:28 . 2008-04-22 21:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 19:35 . 2008-04-22 19:35 868 --a------ C:\Windows\wininit.ini
2008-04-21 19:58 . 2008-04-21 20:06 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\Dev-Cpp
2008-04-21 19:57 . 2008-04-21 20:05 <DIR> d-------- C:\Dev-Cpp
2008-04-21 19:29 . 2008-04-21 19:29 217 --a------ C:\Users\Patrick\trippy_video.zip
2008-04-21 19:28 . 2008-04-21 19:28 95 --a------ C:\Users\Patrick\trippy_video.bat
2008-04-21 19:12 . 2008-04-21 19:14 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-21 19:12 . 2008-04-21 19:14 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-21 19:12 . 2008-04-21 19:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-21 18:26 . 2008-04-21 19:10 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-21 18:26 . 2008-04-21 19:10 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-21 18:26 . 2008-04-21 18:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-21 10:07 . 2008-04-21 10:07 6,708 --a------ C:\Windows\System32\tmp.reg
2008-04-20 15:49 . 2008-04-23 18:59 <DIR> d-------- C:\Users\All Users\zuzqlmny
2008-04-20 15:49 . 2008-04-23 18:59 <DIR> d-------- C:\Users\All Users\dughgmlb
2008-04-20 15:49 . 2008-04-23 18:59 <DIR> d-------- C:\ProgramData\zuzqlmny
2008-04-20 15:49 . 2008-04-23 18:59 <DIR> d-------- C:\ProgramData\dughgmlb
2008-04-19 10:04 . 2008-04-19 10:15 <DIR> d-------- C:\cygwin
2008-04-17 21:53 . 2007-08-22 17:02 32,768 --a------ C:\Users\Patrick\mspformat.exe
2008-04-17 21:53 . 2007-08-22 17:02 32,768 --a------ C:\Users\Patrick\msinst.exe
2008-04-16 20:23 . 2008-04-16 20:24 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\Media Player Classic
2008-04-13 19:03 . 2008-04-13 19:03 <DIR> d-------- C:\Program Files\Cygwin
2008-04-12 19:14 . 2008-04-12 19:14 <DIR> d-------- C:\Program Files\TightVNC
2008-04-08 18:55 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-08 18:55 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-03-27 22:33 . 2008-03-27 22:33 <DIR> d-------- C:\Fraps
2008-03-27 15:46 . 2008-03-27 15:58 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\Any Video Converter
2008-03-27 15:46 . 2008-03-27 15:47 <DIR> d-------- C:\Program Files\Any Video Converter
2008-03-27 15:14 . 2008-03-27 15:14 <DIR> d-------- C:\Program Files\TNTSoft
2008-03-26 23:20 . 2008-03-26 23:20 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\STOIK
2008-03-26 23:20 . 2008-03-26 23:20 <DIR> d-------- C:\Program Files\STOIK Imaging
2008-03-26 23:15 . 2008-03-26 23:16 <DIR> d-------- C:\Program Files\Vidmex
2008-03-26 22:52 . 2008-03-27 15:35 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\Pegasys Inc
2008-03-26 21:54 . 2008-03-26 21:52 145,504 --a------ C:\Windows\System32\bgsvcgen.exe
2008-03-26 21:54 . 2008-03-26 21:52 59,488 --a------ C:\Windows\System32\GenSvcInst.exe
2008-03-26 21:54 . 2008-03-26 21:52 33,408 --a------ C:\Windows\System32\drivers\CDRBSDRV.SYS
2008-03-26 21:53 . 2008-03-27 15:34 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-03-26 21:25 . 2008-04-21 20:43 <DIR> d-------- C:\Program Files\PSP Brew
2008-03-26 20:24 . 2001-02-15 17:52 95,292 --a------ C:\Windows\System32\atrac3.acm
2008-03-26 20:22 . 2008-03-26 20:22 <DIR> d-------- C:\Program Files\GoldWave
2008-03-26 20:22 . 2008-03-26 20:22 <DIR> d-------- C:\Downloads
2008-03-26 20:21 . 2008-03-26 20:21 <DIR> d-------- C:\Program Files\PBP Unpacker
2008-03-26 20:21 . 2005-05-24 21:24 169,534 --a------ C:\Windows\SFO.ICO
2008-03-26 17:15 . 2008-03-26 17:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 23:13 --------- d-----w C:\Users\Patrick\AppData\Roaming\DNA
2008-04-23 23:01 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-04-23 17:37 --------- d-----w C:\ProgramData\Google Updater
2008-04-21 23:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 13:31 95,423 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_04_20_22_15_24_small.dmp.zip
2008-04-21 13:25 3,209,882 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-04-20 15:51 --------- d-----w C:\Users\Patrick\AppData\Roaming\BitTorrent
2008-04-18 02:31 2,164 ----a-w C:\Users\Patrick\AppData\Roaming\wklnhst.dat
2008-04-15 02:12 --------- d-----w C:\Program Files\Picasa2
2008-04-10 03:05 --------- d-----w C:\Program Files\Windows Mail
2008-04-01 22:26 95,623 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_04_01_18_13_35_small.dmp.zip
2008-03-28 02:33 --------- d---a-w C:\ProgramData\TEMP
2008-03-27 03:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 00:22 --------- d-----w C:\Users\Patrick\AppData\Roaming\GetRightToGo
2008-03-18 03:10 --------- d-----w C:\Users\Patrick\AppData\Roaming\PSPDocMaker
2008-03-16 04:37 --------- d-----w C:\ProgramData\NextUp
2008-03-16 04:37 --------- d-----w C:\Program Files\TextAloud
2008-03-15 18:43 --------- d-----w C:\Program Files\SwiftKit
2008-03-15 18:39 --------- d-----w C:\ProgramData\SwiftKit
2008-03-10 20:41 --------- d-----w C:\ProgramData\SMSI
2008-03-10 20:40 --------- d-----w C:\Program Files\Smith Micro
2008-03-09 08:21 --------- d-----w C:\Users\Patrick\AppData\Roaming\Vso
2008-03-09 08:17 --------- d-----w C:\Users\Patrick\AppData\Roaming\CyberLink
2008-03-09 08:15 --------- d-----w C:\ProgramData\SmartSound Software Inc
2008-03-09 08:14 --------- d-----w C:\Program Files\SmartSound Software
2008-03-09 08:12 --------- d-----w C:\Program Files\Cyberlink
2008-03-05 23:02 --------- d-----w C:\Program Files\Google
2008-03-01 07:10 --------- d-----w C:\Program Files\iTunes
2008-03-01 07:10 --------- d-----w C:\Program Files\iPod
2008-03-01 07:07 --------- d-----w C:\Program Files\QuickTime
2008-03-01 07:07 --------- d-----w C:\Program Files\Bonjour
2008-03-01 03:16 --------- d-----w C:\Program Files\Smart Projects
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 22:57 --------- d-----w C:\Users\Patrick\AppData\Roaming\U3
2008-02-27 00:41 --------- d-----w C:\ProgramData\Symantec
2008-02-24 05:44 --------- d-----w C:\ProgramData\YoYoGames
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 08:52 1,525,248 ----a-w C:\Windows\Internet Logs\xDBF43D.tmp
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-19 03:26 286,720 ----a-w C:\Windows\iun506.exe
2008-02-18 21:32 1,524,224 ----a-w C:\Windows\Internet Logs\xDB8DCD.tmp
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 20:03 1,504,768 ----a-w C:\Windows\Internet Logs\xDBCD8B.tmp
2008-02-14 00:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 00:18 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-14 00:18 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-14 00:18 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-14 00:18 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-14 00:18 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-14 00:18 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-14 00:18 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-14 00:18 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-14 00:18 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-14 00:18 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-14 00:17 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-14 00:17 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-14 00:17 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-14 00:17 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-14 00:17 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-14 00:17 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-14 00:17 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-14 00:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 00:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 00:13 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 00:13 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 00:13 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 00:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 00:12 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 00:12 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 00:12 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 00:12 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 00:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 00:12 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-03 15:01 105,214 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_02_02_13_15_31_small.dmp.zip
2008-01-26 21:35 94,208 ----a-w C:\Users\Patrick\AppData\Roaming\ezplay.sys
2008-01-26 21:34 47,360 ----a-w C:\Users\Patrick\AppData\Roaming\pcouffin.sys
2007-12-26 21:32 174 --sha-w C:\Program Files\desktop.ini
2007-05-24 01:14 262,144 ----a-w C:\ProgramData\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-26 18:08 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 17:22 417792]
"Aim6"="" []
"BitTorrent DNA"="C:\Users\Patrick\Program Files\DNA\btdna.exe" [2008-03-18 06:59 287040]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 03:20 222080]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 23:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 23:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 23:13 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 16:50 815104]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-26 18:44 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 13:57 3784704 C:\Windows\RtHDVCpl.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 05:41 188416]
"NDSTray.exe"="NDSTray.exe" []
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 11:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 19:06 421888]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 20:14 34352]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 02:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 19:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-12-11 20:45 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 18:59 530552]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-23 21:23 1862144]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-26 14:32 185896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 01:07 51048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-04-07 20:17 1175160]
C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 23:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 20:44:22 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
"msacm.l3codec"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BE72CEC1-CAAF-493B-B075-5EBBA76BF2A2}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{C116E19A-60C0-47F9-9BAB-6C6BDEF5E836}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{09557353-EFED-4298-969C-3C4C6C8EA901}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{324F5534-C43A-436A-86BA-0C03D963A787}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E2A9832-E68C-4705-A52B-17DC1BF8AAF4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1FE6333-A14E-4B6E-AD07-794FB972F6B2}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F41D5CE8-EDEC-4EAE-8955-21A8E5A5EB57}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E93C0AC7-3E07-47A7-8E76-B1B6D1B58BED}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{104ECCB1-E43F-456D-9F0C-D41B08680EEF}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{3BA1AE26-58F5-440A-9459-20C7AB05FC1C}"= Disabled:UDP:135:TCP Port 135
"{910CDE18-7E6F-48BE-A89D-7A64935980C1}"= Disabled:UDP:5000:TCP Port 5000
"{EE6D7796-9DEF-4835-A354-E02B8DA2FF1C}"= Disabled:UDP:5001:TCP Port 5001
"{F462B81F-57F0-4504-A10A-FE8ADD7FC1BB}"= Disabled:UDP:5002:TCP Port 5002
"{A60F052A-E0A1-4EFB-933A-E271ED5BC160}"= Disabled:UDP:5003:TCP Port 5003
"{566219AC-8DEF-4A89-B39B-AEF58EBC70F8}"= Disabled:UDP:5004:TCP Port 5004
"{A0453930-6014-4A8C-9CE4-5CEDA16D0AD1}"= Disabled:UDP:5005:TCP Port 5005
"{FABC02F2-EE17-42ED-9CB8-0BA70E796902}"= Disabled:UDP:5006:TCP Port 5006
"{AD71F2F5-8DE2-4DF1-9D3F-33D6A60D2928}"= Disabled:UDP:5007:TCP Port 5007
"{AF72AB09-7D54-451B-B319-94663C9375DE}"= Disabled:UDP:5008:TCP Port 5008
"{1C9F9D4E-105E-440A-9CA8-94353B473E0C}"= Disabled:UDP:5009:TCP Port 5009
"{E6CCBE42-9183-4509-8B44-33602E202EC7}"= Disabled:UDP:5010:TCP Port 5010
"{01BEED93-20A2-4E86-A231-1DD8723DD78F}"= Disabled:UDP:5011:TCP Port 5011
"{55C334A5-FBF5-47A7-806C-0174E3F4FF61}"= Disabled:UDP:5012:TCP Port 5012
"{3A7B817A-8C34-47D9-8AD3-1D52C222098A}"= Disabled:UDP:5013:TCP Port 5013
"{40D6EC94-3689-4A1C-91E3-D3715AF0B3CF}"= Disabled:UDP:5014:TCP Port 5014
"{7AFAB9D3-BECE-4B0F-BC2A-C3A1C373A496}"= Disabled:UDP:5015:TCP Port 5015
"{8D3CFF45-183C-4174-85CA-40D3F74E44BA}"= Disabled:UDP:5016:TCP Port 5016
"{D55D47FA-3B9D-4377-A50A-E189458C5BBB}"= Disabled:UDP:5017:TCP Port 5017
"{91628307-CFFB-41F8-9BEB-852CEB7227A7}"= Disabled:UDP:5018:TCP Port 5018
"{85158367-F0F3-48F8-B2E6-DB95DC7B2B7D}"= Disabled:UDP:5019:TCP Port 5019
"{A306F848-9662-41FE-A5E6-39146DB546D6}"= Disabled:UDP:5020:TCP Port 5020
"{58246DB8-16BC-49B6-8D18-EE621FCE8EB0}"= UDP:C:\Windows\System32\lxblcoms.exe:Z700-P700 Series Server
"{45482EC3-9E14-4250-BE7D-E024BFF0243D}"= TCP:C:\Windows\System32\lxblcoms.exe:Z700-P700 Series Server
"{5A138CAE-505C-4CD6-8356-CFA4C2ACD9F8}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Z700-P700 Series Printer Status
"{29013F7F-E456-4D42-BB00-04489A39B622}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxblpswx.exe:Z700-P700 Series Printer Status
"{F3517EE9-62A5-4C20-81A5-88C1E2DF8065}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CAC3B9EB-C35E-47F0-90AC-C0EA4DB671BB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{95B38B9A-C683-49FF-8E9B-506A5302E6B8}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{79BAF568-217B-4DE8-AC42-2C9A6E546126}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AC916B39-2AAA-4824-8CD0-0EEC088E9CC7}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1C35248C-A1EA-48CD-89AF-466D64C23338}"= Disabled:UDP:C:\Program Files\DNA\btdna.exe
NA
"{DC9AF966-7DCE-4C3F-AD81-DFD56B8DA470}"= Disabled:TCP:C:\Program Files\DNA\btdna.exe
NA
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19:25]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071220.006\IDSvix86.sys [2007-11-06 12:07]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 lxbl_device;lxbl_device;C:\Windows\system32\lxblcoms.exe [2007-04-20 13:24]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-04-26 01:21]
R2 pinger;pinger;C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 20:47]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-10-08 08:52]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 01:40]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 21:04]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2007-05-29 14:55]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-29 00:39]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 16:50]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 14:50]
R3 WinMTBus;WinMount Bus;C:\Windows\system32\DRIVERS\WinMTBus.sys [2007-04-11 13:35]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [2008-01-29 13:09]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 03:30]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 17:32]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 17:31]
S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 23:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23457333-e097-11dc-8687-001b384690e2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e5e01ba-cc54-11dc-9d30-001b384690e2}]
\shell\AutoRun\command - E:\autorun.exe
\shell\readit\command - notepad readme.doc
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 01:24:49 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Patrick.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-23 19:13:45
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????q??R??????^?8?^?p?^???^???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-23 19:15:43
ComboFix-quarantined-files.txt 2008-04-23 23:15:25
Pre-Run: 7,926,960,128 bytes free
Post-Run: 8,601,092,096 bytes free
332 --- E O F --- 2008-04-23 21:53:41
HJT Log After Running ComboFix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:59 PM, on 4/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\Patrick\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\dughgmlb\hyzsvgxq.exe
C:\ProgramData\zuzqlmny\bwlihutm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Patrick\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [dughgmlb] C:\ProgramData\dughgmlb\hyzsvgxq.exe
O4 - HKCU\..\Run: [TJ2qEtFoW0] C:\ProgramData\zuzqlmny\bwlihutm.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Patrick\AppData\Local\Temp\mlJDsRki.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [70530785] rundll32.exe "C:\Users\Patrick\AppData\Local\Temp\uaoqnypl.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4DFE287-BDD1-4878-8213-056EA247454C}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 11687 bytes
