There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot browser bsod computer crash css dell desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript keyboard laptop log malware monitor network networking openoffice outlook outlook 2003 outlook express password php popups problem router seo slow sound sp3 spyware startup trojan usb video virtumonde virus vista vundo windows windows xp winxp wireless youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
No connectivity to the Internet and spyware.


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
HandleX's Avatar
Senior Member with 384 posts.
  
Join Date: Mar 2006
10-May-2008, 01:20 AM #1
No connectivity to the Internet and spyware.
Hey guys,

I'm having an issue with my toshiba laptop. I find that it is EXTREMELY slow and there are numerous amounts of spyware on the PC. Ive ran Norton Anti-Virus and its shown no viruses, ive also tried to run "ad-aware" and it showed 801 infections but then towards the end of the scan the program would crash and not go anywhere.

I would scan with some other software, but i have no Internet connectivity via LAN port or through my WIFI card. The WIFI card is the main source of Internet and even when im in a area with a known network, it will NOT show the network in the listing of avaib networks. I use the MS WIFI Network Utility to connect to wireless networks.

I will remove anything you guys suggest too, this laptop is also used by my family.
Here is my current up to date HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:52 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1163220949\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\biggiebooboo\Application Data\U3\0000174B6A63DB8E\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB69.dll
O3 - Toolbar: Starware Entertainment - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware358\bin\Starware358.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1163220949\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BMb78e940f] Rundll32.exe "C:\WINDOWS\system32\meivlali.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {C6E9F0B8-AFEA-46F3-831B-612E97381ABA} (imvustreamer Control) - http://www.imvu.com/activex/imvustreamer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: aposiopetic - {91316323-2ad5-4794-9589-52a2eaa60a68} - C:\WINDOWS\system32\shlahsd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15073 bytes
HandleX's Avatar
Senior Member with 384 posts.
  
Join Date: Mar 2006
11-May-2008, 10:16 AM #2
any ideas?
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,280 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
11-May-2008, 09:31 PM #3
Welcome to TSG

Sorry for the delay.

Go to Add/Remove Programs and remove the following:
Starware.


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Gusty Gibbon 7.10
HandleX's Avatar
Senior Member with 384 posts.
  
Join Date: Mar 2006
12-May-2008, 12:46 AM #4
Seems to be running a little bit smoother.
Still got some issues starting up and I think you will find something from this log, eh?!
Internet is working properly, I think the WIFI button was off...hahah
Let me know what is next.



ComboFix 08-05-11.1 - biggiebooboo 2008-05-12 0:16:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.98 [GMT -4:00]
Running from: C:\Documents and Settings\biggiebooboo\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
C:\Program Files\AntiSpyGolden 5.2
C:\Program Files\AntiSpyGolden 5.2\AntiSpygolden 5.2.exe
C:\Program Files\AntiSpyGolden 5.2\AntiSpyGolden AntiSpyGolden.url
C:\Program Files\AntiSpyGolden 5.2\DbgHelp.Dll
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01182008-171028.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01182008-203308.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01192008-125224.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01202008-132625.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01212008-002852.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01212008-191556.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01222008-204031.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01232008-134710.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01232008-232914.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01242008-171033.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01252008-151809.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_01272008-005110.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04022008-211832.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04022008-223839.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04032008-122159.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04032008-232050.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04042008-135004.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04042008-182740.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04042008-212321.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04072008-202552.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04082008-151254.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04092008-145537.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04102008-165101.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04102008-210111.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04112008-062942.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04112008-093157.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04112008-105925.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04112008-163830.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04112008-190108.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04112008-210336.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04132008-173617.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04142008-204335.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04152008-125225.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04152008-182935.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04152008-231010.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04162008-090318.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04162008-143158.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04162008-202012.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04172008-085742.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04182008-200156.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04212008-083943.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04212008-091212.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04212008-131435.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04212008-191315.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04212008-220349.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04222008-103938.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04232008-090150.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04232008-133936.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_04232008-140927.html
C:\Program Files\AntiSpyGolden 5.2\Logs\scan_log_05082008-182928.html
C:\Program Files\AntiSpywareShield
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.lic
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.ad
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.dll
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.ad
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.dll
C:\Program Files\AntiSpywareShield\AntiSpywareShield3.dll
C:\Program Files\AntiSpywareShield\Uninstall.exe
C:\Program Files\deskalerts
C:\Program Files\deskalerts\deskbar.dll
C:\Program Files\Helper
C:\Program Files\Helper\1201413401.dll
C:\Program Files\Helper\findsiteonline.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\uninst.exe
C:\WINDOWS\clear.bat
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\agfktaky.ini
C:\WINDOWS\system32\bhsgiqkw.ini
C:\WINDOWS\system32\bkbkjiox.dll
C:\WINDOWS\system32\bnhgevjd.dll
C:\WINDOWS\system32\bxrqxoqn.dll
C:\WINDOWS\system32\claosrjp.dll
C:\WINDOWS\system32\ctunftiu.dll
C:\WINDOWS\system32\cumaknqm.ini
C:\WINDOWS\system32\davtwqyd.dll
C:\WINDOWS\system32\dfjdwbed.ini
C:\WINDOWS\system32\dxrarwrm.ini
C:\WINDOWS\system32\etlkujmm.ini
C:\WINDOWS\system32\etwssrib.ini
C:\WINDOWS\system32\gccdfncm.dll
C:\WINDOWS\system32\gdlnnnqi.ini
C:\WINDOWS\system32\iqnnnldg.dll
C:\WINDOWS\system32\isqrhhoh.dll
C:\WINDOWS\system32\jcqyqevg.dll
C:\WINDOWS\system32\jwdfelek.dll
C:\WINDOWS\system32\jwrnpabm.dll
C:\WINDOWS\system32\jyffkhpo.dll
C:\WINDOWS\system32\kjymxchh.dll
C:\WINDOWS\system32\lnxsrqgf.dll
C:\WINDOWS\system32\mcnfdccg.ini
C:\WINDOWS\system32\meivlali.dll
C:\WINDOWS\system32\mmjuklte.dll
C:\WINDOWS\system32\mqavymrl.dll
C:\WINDOWS\system32\nxxqnnhi.dll
C:\WINDOWS\system32\ocmyubby.dll
C:\WINDOWS\system32\pyeccurs.dll
C:\WINDOWS\system32\qmkoxnkw.dll
C:\WINDOWS\system32\qpgkcpxr.ini
C:\WINDOWS\system32\rgdjuvcl.dll
C:\WINDOWS\system32\suyebjiy.dll
C:\WINDOWS\system32\tonrqksw.dll
C:\WINDOWS\system32\uhmcqbuf.ini
C:\WINDOWS\system32\umnwbvut.dll
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\utckjrkq.dll
C:\WINDOWS\system32\utiesbbv.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wptataxj.dll
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xhhqpngx.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-11 10:32 . 2008-05-11 10:33 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-11 10:31 . 2008-05-11 10:31 <DIR> d-------- C:\Program Files\ewido
2008-05-10 01:18 . 2008-05-10 01:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 01:18 . 2008-05-12 00:13 <DIR> d-------- C:\Documents and Settings\biggiebooboo\Application Data\U3
2008-05-08 21:04 . 2008-05-08 21:04 <DIR> d-------- C:\VundoFix Backups
2008-05-08 20:50 . 2008-05-08 20:50 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-08 20:50 . 2008-05-08 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 20:49 . 2008-05-08 20:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-08 20:48 . 2008-05-08 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 18:29 . 2008-05-08 18:29 <DIR> d-------- C:\Documents and Settings\biggiebooboo\Application Data\Arcsoft
2008-05-08 18:28 . 2008-05-08 18:28 <DIR> d-------- C:\Documents and Settings\biggiebooboo\Application Data\MySpace
2008-05-08 11:04 . 2005-04-20 17:35 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-08 11:04 . 2005-04-20 18:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-08 11:04 . 2005-04-20 17:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-05-08 11:04 . 2005-08-19 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-05-08 11:04 . 2005-04-20 18:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-05-08 11:04 . 2005-04-20 18:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-08 11:04 . 2005-11-20 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-08 11:04 . 2008-05-08 11:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-08 11:04 . 2008-05-12 00:15 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-21 09:49 . 2008-04-21 09:49 <DIR> d-------- C:\Program Files\Disney
2008-04-21 09:46 . 2008-04-21 22:25 <DIR> d-------- C:\Program Files\IMVU
2008-04-21 08:39 . 2008-04-22 10:34 766 ---hs---- C:\WINDOWS\system32\vfcgujxn.ini
2008-04-17 12:14 . 2008-04-17 12:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 12:14 . 2008-04-17 12:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 08:56 . 2008-04-17 08:56 <DIR> d-------- C:\Documents and Settings\MafiaPrincess06\Application Data\MySpace
2008-04-17 08:55 . 2008-04-18 20:00 466 ---hs---- C:\WINDOWS\system32\pdnejhhi.ini
2008-04-14 20:39 . 2008-04-14 20:39 3,648 --a------ C:\WINDOWS\system32\gytuamwq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 15:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-08 23:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 23:17 --------- d-----w C:\Program Files\VirusProtect 3.9
2008-05-08 23:17 --------- d-----w C:\Program Files\Comcast Play Games
2008-05-08 23:10 --------- d-----w C:\Documents and Settings\biggiebooboo\Application Data\Netscape
2008-05-08 23:07 --------- d-----w C:\Program Files\Verizon Online
2008-05-08 22:43 --------- d-----w C:\Program Files\ComcastToolbar
2008-05-08 22:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 00:22 --------- d-----w C:\Documents and Settings\MafiaPrincess06\Application Data\COMCASTTOOLBAR
2008-04-17 13:02 --------- d-----w C:\Documents and Settings\MafiaPrincess06\Application Data\Apple Computer
2008-04-13 21:41 --------- d-----w C:\Documents and Settings\doctor matzaball\Application Data\COMCASTTOOLBAR
2008-04-12 07:02 --------- d-----w C:\Program Files\SpywareBot
2008-04-12 07:02 --------- d-----w C:\Program Files\AdwareAlert
2008-04-03 01:29 --------- d-----w C:\Program Files\FBrowserAdvisor
2007-05-04 20:01 439,296 ----a-w C:\Documents and Settings\MafiaPrincess06\GoToAssist_phone__320_en.exe
2006-09-21 03:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-20 00:26 0 ----a-w C:\Program Files\pspbrwse.jbf
2005-11-22 18:03 0 ----a-w C:\Program Files\020004
2005-07-15 21:28 47 ----a-w C:\Program Files\setup.lid
2005-07-15 21:28 334 ----a-w C:\Program Files\layout.bin
2005-07-15 21:28 26,719,135 ----a-w C:\Program Files\data1.cab
2005-07-15 21:27 91 ----a-w C:\Program Files\DATA.TAG
2005-07-15 21:27 68 ----a-w C:\Program Files\SETUP.INI
2005-07-15 21:27 205,135 ----a-w C:\Program Files\_sys1.cab
2005-07-15 21:27 140,050 ----a-w C:\Program Files\_user1.cab
2005-04-21 01:51 105 ----a-w C:\Documents and Settings\All Users\B1.bat
2005-04-14 21:10 98,373 ----a-w C:\Program Files\setup.ins
1997-06-07 01:27 59,904 ----a-w C:\Program Files\SETUP.EXE
1997-06-02 20:44 317,092 ----a-w C:\Program Files\_INST32I.EX_
1997-06-02 20:17 8,192 ----a-w C:\Program Files\_ISDEL.EXE
1997-06-02 20:17 11,264 ----a-w C:\Program Files\_SETUP.DLL
1997-05-30 20:31 4,557 ----a-w C:\Program Files\lang.dat
1997-05-06 23:15 417 ----a-w C:\Program Files\os.dat
2007-05-14 02:22 152 --sh--r C:\WINDOWS\system32\3AF2163573.sys
2007-05-14 02:22 6,476 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD7B087C-F285-402C-A2B8-A925F288FF32}]
2008-04-02 21:19 265728 --a------ C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-16 22:05 171448]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 12:15 339968]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 19:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 19:51 122880]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 13:00 339968]
"PINGER"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37 151552]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 19:17 88358 C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 18:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 18:26 688218]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 08:33 122941]
"TPSMain"="TPSMain.exe" [2004-12-28 19:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 17:03 1077301]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 16:43 53408]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 17:35 28672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24 282624]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-03-28 18:28 290816]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40 34904]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-10-03 14:04 6104568]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 10:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 14:44 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 15:54 229952]
"HostManager"="C:\Program Files\Common Files\AOL\1163220949\ee\AOLSoftware.exe" [2006-05-09 20:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-12 21:40 185896]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 21:15 1838592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]

C:\Documents and Settings\MafiaPrincess06\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 10:08:48 372224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-03-21 12:10:02 118784]
Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [2007-07-25 00:28:57 192512]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-19 12:14:58 155648]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-20 10:36:49 122880]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2006-08-14 13:12:46 54776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\share dtaskscheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"= C:\WINDOWS\system32\shlahsd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyayy]
efcyayy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE]
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarSA]
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"C:\\Program Files\\Internet Explorer\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1163220949\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1163220949\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Comcast Rhapsody\\rhapsody.exe"=
"C:\\Documents and Settings\\All Users\\Favorites\\LimeWire\\LimeWire.exe"=

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 10:15]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 17:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-13 20:04]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 17:12]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 07:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-05-10 16:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-19 00:06:15 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-05-10 07:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 00:27:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2008-05-12 0:40:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 04:40:01

Pre-Run: 50,779,746,304 bytes free
Post-Run: 50,736,095,232 bytes free

376 --- E O F --- 2008-04-03 13:44:06
Last edited by HandleX : 12-May-2008 01:18 AM.
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,280 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
12-May-2008, 01:13 PM #5
Do you netware client authentication because it looks like you are missing the file.


I recommend removing AdwareAlert and Spywarebot because they have a dubious reputation see Here



Download the attached file CFScript.txt to your Desktop




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!
Attached Files
File Type: txt CFScript.txt (992 Bytes, 10 views)
__________________
My Blog
Microsoft Valuable Professional Consumer--Security 2007-2009
If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Concerned about Browser Security!!! Consider Mozilla Firefox 3.0 and NoScript
Operating System Ubuntu Gusty Gibbon 7.10
HandleX's Avatar
Senior Member with 384 posts.
  
Join Date: Mar 2006
12-May-2008, 10:23 PM #6
Things seem to me running MUCH better now!
I removed both the listed spyware utilities as instructed above.
Im not sure of the file you speak of, that you think im missing!?!?!? (inform me)
Here is the comboxfix log followed by the HJT log.

COMBOFIX LOG

ComboFix 08-05-11.1 - biggiebooboo 2008-05-12 21:56:08.2 - NTFSx86
Running from: C:\Documents and Settings\biggiebooboo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\biggiebooboo\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\gytuamwq.dll
C:\WINDOWS\system32\pdnejhhi.ini
C:\WINDOWS\system32\vfcgujxn.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FBrowserAdvisor
C:\Program Files\VirusProtect 3.9
C:\Program Files\VirusProtect 3.9\vpp.ini
C:\VundoFix Backups
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\iodwklpx.ini
C:\WINDOWS\system32\pdnejhhi.ini
C:\WINDOWS\system32\vfcgujxn.ini
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-12 15:11 . 2008-05-12 18:28 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-12 14:56 . 2008-05-12 16:39 <DIR> d-------- C:\Program Files\TrojanHunter 4.2
2008-05-12 14:53 . 2008-05-12 14:53 2 --a------ C:\WINDOWS\msoffice.ini
2008-05-12 14:45 . 2008-05-12 19:06 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-12 14:45 . 2008-05-12 14:45 <DIR> d-------- C:\Program Files\AVG
2008-05-12 14:45 . 2008-05-12 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-12 14:45 . 2008-05-12 14:45 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-12 14:45 . 2008-05-12 14:45 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-12 14:45 . 2008-05-12 14:45 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-12 14:44 . 2008-05-12 21:38 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-12 01:16 . 2008-05-12 01:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-12 01:16 . 2008-05-12 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 10:31 . 2008-05-11 10:31 <DIR> d-------- C:\Program Files\ewido
2008-05-10 01:18 . 2008-05-10 01:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 01:18 . 2008-05-12 00:13 <DIR> d-------- C:\Documents and Settings\biggiebooboo\Application Data\U3
2008-05-08 20:50 . 2008-05-08 20:50 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-08 20:50 . 2008-05-08 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 20:49 . 2008-05-08 20:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-08 20:48 . 2008-05-08 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 18:29 . 2008-05-08 18:29 <DIR> d-------- C:\Documents and Settings\biggiebooboo\Application Data\Arcsoft
2008-05-08 18:28 . 2008-05-08 18:28 <DIR> d-------- C:\Documents and Settings\biggiebooboo\Application Data\MySpace
2008-05-08 11:04 . 2005-04-20 17:35 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-08 11:04 . 2005-04-20 18:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-08 11:04 . 2005-04-20 17:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-05-08 11:04 . 2005-08-19 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-05-08 11:04 . 2005-04-20 18:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-05-08 11:04 . 2005-04-20 18:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-05-08 11:04 . 2005-11-20 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-08 11:04 . 2008-05-12 14:46 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-08 11:04 . 2008-05-12 19:21 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-21 09:49 . 2008-04-21 09:49 <DIR> d-------- C:\Program Files\Disney
2008-04-21 09:46 . 2008-04-21 22:25 <DIR> d-------- C:\Program Files\IMVU
2008-04-17 12:14 . 2008-04-17 12:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 12:14 . 2008-04-17 12:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 08:56 . 2008-04-17 08:56 <DIR> d-------- C:\Documents and Settings\MafiaPrincess06\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 01:38 --------- d-----w C:\Program Files\Pure Networks
2008-05-13 01:38 --------- d-----w C:\Program Files\Google
2008-05-12 18:54 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-12 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-12 18:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 23:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 23:17 --------- d-----w C:\Program Files\Comcast Play Games
2008-05-08 23:10 --------- d-----w C:\Documents and Settings\biggiebooboo\Application Data\Netscape
2008-05-08 23:07 --------- d-----w C:\Program Files\Verizon Online
2008-05-08 22:43 --------- d-----w C:\Program Files\ComcastToolbar
2008-05-08 22:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 00:22 --------- d-----w C:\Documents and Settings\MafiaPrincess06\Application Data\COMCASTTOOLBAR
2008-04-17 13:02 --------- d-----w C:\Documents and Settings\MafiaPrincess06\Application Data\Apple Computer
2008-04-13 21:41 --------- d-----w C:\Documents and Settings\doctor matzaball\Application Data\COMCASTTOOLBAR
2007-05-04 20:01 439,296 ----a-w C:\Documents and Settings\MafiaPrincess06\GoToAssist_phone__320_en.exe
2006-09-21 03:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-20 00:26 0 ----a-w C:\Program Files\pspbrwse.jbf
2005-11-22 18:03 0 ----a-w C:\Program Files\020004
2005-07-15 21:28 47 ----a-w C:\Program Files\setup.lid
2005-07-15 21:28 334 ----a-w C:\Program Files\layout.bin
2005-07-15 21:28 26,719,135 ----a-w C:\Program Files\data1.cab
2005-07-15 21:27 91 ----a-w C:\Program Files\DATA.TAG
2005-07-15 21:27 68 ----a-w C:\Program Files\SETUP.INI
2005-07-15 21:27 205,135 ----a-w C:\Program Files\_sys1.cab
2005-07-15 21:27 140,050 ----a-w C:\Program Files\_user1.cab
2005-04-21 01:51 105 ----a-w C:\Documents and Settings\All Users\B1.bat
2005-04-14 21:10 98,373 ----a-w C:\Program Files\setup.ins
1997-06-07 01:27 59,904 ----a-w C:\Program Files\SETUP.EXE
1997-06-02 20:44 317,092 ----a-w C:\Program Files\_INST32I.EX_
1997-06-02 20:17 8,192 ----a-w C:\Program Files\_ISDEL.EXE
1997-06-02 20:17 11,264 ----a-w C:\Program Files\_SETUP.DLL
1997-05-30 20:31 4,557 ----a-w C:\Program Files\lang.dat
1997-05-06 23:15 417 ----a-w C:\Program Files\os.dat
2007-05-14 02:22 152 --sh--r C:\WINDOWS\system32\3AF2163573.sys
2007-05-14 02:22 6,476 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-12_ 0.37.28.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 04:26:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 02:04:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 18:56:23 59,392 ------r C:\WINDOWS\streamhlp.dll
+ 2008-05-12 18:45:37 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAEBF24-6D3F-4DF2-9369-FD666892CAAB}]
C:\WINDOWS\system32\ddabx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-16 22:05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 12:15 339968]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 19:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 19:51 122880]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 13:00 339968]
"PINGER"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 20:37 151552]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 19:17 88358 C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 18:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 18:26 688218]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 08:33 122941]
"TPSMain"="TPSMain.exe" [2004-12-28 19:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 17:03 1077301]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 17:35 28672]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-03-28 18:28 290816]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-10-03 14:04 6104568]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 15:54 229952]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-12 21:40 185896]
"BMb78e940f"="C:\WINDOWS\system32\welvwgam.dll" [ ]
"b4bda793"="C:\WINDOWS\system32\xplkwdoi.dll" [ ]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-12 14:45 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]

C:\Documents and Settings\MafiaPrincess06\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 10:08:48 372224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-03-21 12:10:02 118784]
Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [2007-07-25 00:28:57 192512]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-19 12:14:58 155648]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-20 10:36:49 122880]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2006-08-14 13:12:46 54776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\share dtaskscheduler]
"{91316323-2ad5-4794-9589-52a2eaa60a68}"= C:\WINDOWS\system32\shlahsd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"C:\\Program Files\\Internet Explorer\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1163220949\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1163220949\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Comcast Rhapsody\\rhapsody.exe"=
"C:\\Documents and Settings\\All Users\\Favorites\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-12 14:45]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-12 14:45]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 14:45]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-12 14:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 17:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-13 20:04]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 17:12]
S3 SNDFCAM;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndfcam.sys [2004-09-16 14:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{6aaea8d2-1e50-11dd-bdc7-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 22:06:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1163220949\ee\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-05-12 22:13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 02:13:24
ComboFix2.txt 2008-05-12 04:40:35

Pre-Run: 52,703,739,904 bytes free
Post-Run: 52,714,430,464 bytes free

252 --- E O F --- 2008-04-03 13:44:06





HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:13 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1163220949\ee\aolsoftware.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3CAEBF24-6D3F-4DF2-9369-FD666892CAAB} - C:\WINDOWS\system32\ddabx.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BMb78e940f] Rundll32.exe "C:\WINDOWS\system32\welvwgam.dll",s
O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\xplkwdoi.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {C6E9F0B8-AFEA-46F3-831B-612E97381ABA} (imvustreamer Control) - http://www.imvu.com/activex/imvustreamer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O22 - SharedTaskScheduler: aposiopetic - {91316323-2ad5-4794-9589-52a2eaa60a68} - C:\WINDOWS\system32\shlahsd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11536 bytes
sjpritch25's Avatar
Computer Specs
Distinguished Member with 6,280 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
14-May-2008, 11:23 AM #7
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either