Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus IS


  • This topic is locked This topic is locked
28 replies to this topic

#1 CHUPACABRA HUNTER

CHUPACABRA HUNTER

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 18 September 2010 - 09:38 PM

Hi everyone. My son's laptop is infected with some type of malware/virus. It has hijacked I.E. and all the applications on it.
I did a search on here but I couldnt find the "exact" description of AntiVirus IS. When I googled it I found this website. I tried following the directions as indicated on the webpage; however, once I got in downloaded onto my pc just see if it would work it did find some issues but it required me to purchase it to fix the issues....I didnt feel comfortable purchasing this as the Antivirus IS ask for the same thing...
I am not as proficient on pcs, so any help would be greatly appreciated.
GLenna
"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 19 September 2010 - 12:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 12:08 AM

Ok, Thank you Gringo! I follow your instructions..I appreciate your time!
flowers.gif
"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#4 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 01:25 AM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #1
==============================================
>Processes
==============================================
0x8655A608 [260] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x86BD0D40 [412] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86E5A530 [472] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x86E5E530 [480] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86DA2490 [544] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x86DA81B0 [552] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x86DA9D40 [560] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x86DA5AB0 [572] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x86DFB838 [696] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86EC3768 [760] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86EC1D40 [808] C:\Windows\System32\atiesrxx.exe (AMD, AMD External Events Service Module)
0x8782AAE8 [876] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x866B2598 [932] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87028D40 [968] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86FE34A8 [1008] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87038A28 [1124] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86E61D40 [1132] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x8771CD40 [1240] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation, SmoothView)
0x8705B1E0 [1248] C:\Windows\System32\atieclxx.exe (AMD, AMD External Events Client Module)
0x8709ED40 [1328] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x870F99A8 [1436] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x870A4D40 [1472] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8715AAB0 [1540] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x87121980 [1560] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x871C1470 [1680] C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0x8506F6D0 [1792] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x86E6E030 [1936] C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation, TDCSrv Application)
0x86E21A58 [2032] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0x874DC398 [2176] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation, TOSHIBA Power Saver)
0x8770E2C8 [2196] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION, KeNotify MFC Application)
0x874D41F0 [2208] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
0x8770FB10 [2268] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation, TOSHIBA Flash Cards)
0x87728030 [2288] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation, TOSHIBA Service Station)
0x87961030 [2616] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x873295A0 [2668] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8733DD40 [2720] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87347960 [2876] C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0x873790D0 [2912] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x87389030 [2960] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x879F2D40 [2992] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x877462D8 [3068] C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC, LimeWire)
0x87739D40 [3076] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x8722F9D0 [3100] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x87491920 [3368] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor, HD Audio Control Panel)
0x874958E0 [3384] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
0x8748A340 [3416] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x86F99D40 [3556] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x84E470C0 [3940] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8715D030 [4032] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x8775A9F0 [4088] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
0x879FBD40 [4216] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION, ConfigFree Task Tray Menu)
0x85670D40 [4644] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x87036198 [4728] C:\Users\G-ASH\Desktop\MOM'S DOWNLOADS DO NOT ERASE\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x84CB6030 [5016] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation, TSS TMachInfo Service)
0x84D682F8 [5372] C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION, ConfigFree Switch Manager Process)
0x84DEE030 [5628] C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION, ConfigFree Service Process)
0x84EC1548 [5656] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, ConfigFree Service Process)
0x84EC9D40 [5772] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84F295C8 [5824] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation, TosSmartSrv.exe)
0x84F115C0 [5884] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation, TosSENotify.exe.mui)
0x84A73AE8 [4] System
==============================================
>Drivers
==============================================
0x8E83B000 C:\windows\system32\DRIVERS\atikmdag.sys 5328896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82A37000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A37000 PnpManager 4259840 bytes
0x82A37000 RAW 4259840 bytes
0x82A37000 WMIxWDM 4259840 bytes
0x9380F000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x93C70000 Win32k 2400256 bytes
0x93C70000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x99204000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100918.003\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0x8841F000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x88015000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8DE84000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88232000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83467000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x94B41000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x94A00000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8D384000 C:\windows\system32\drivers\NIS\1007000.01E\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x83512000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8ED89000 C:\windows\system32\DRIVERS\RTL8187Se.sys 405504 bytes (Realtek Semiconductor Corporation , Realtek RTL8187S PCIE NDIS Driverr)
0x95AFC000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x88182000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8D6DC000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x99364000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100917.001\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0x95AA9000 C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0x95A58000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x95A09000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x83774000 C:\windows\system32\drivers\NIS\1007000.01E\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8DF45000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8367A000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83591000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8F39C000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8F347000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8DE10000 C:\windows\system32\drivers\NIS\1007000.01E\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0x83425000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D238000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88599000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x882E9000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x94AD3000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8ED50000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82A00000 ACPI_HAL 225280 bytes
0x82A00000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8372F000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F305000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8D660000 C:\windows\system32\drivers\NIS\1007000.01E\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0x8F213000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x88379000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8D736000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88568000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x93AAB000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8834C000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8E800000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x88144000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D600000 C:\windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83604000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x883AB000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88327000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8D694000 C:\windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x836F9000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x94AB0000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F29B000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D20E000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8DE52000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x837C3000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D7DA000 C:\windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x88211000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8DF9F000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D76F000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93F00000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x993BC000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x8D343000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x93B82000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x94B0E000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x93B9D000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x94A85000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x93ADA000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8D36C000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DFBE000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F278000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F2BD000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F2D5000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F2EC000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D63E000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93B3B000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x94B29000 C:\windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x836DA000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8D6C7000 C:\windows\system32\drivers\NIS\1007000.01E\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0x99350000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100918.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x93B5D000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8816F000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x93BD7000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D7AD000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F266000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x94A9E000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DE73000 C:\windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x88400000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x93B1F000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83763000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F38B000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83646000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8340C000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8D78E000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x93BB7000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x885E5000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x93BC7000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D7C0000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8366A000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8DF90000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8D200000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8D79F000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D630000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x836CC000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x881DF000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8D6B9000 C:\windows\system32\drivers\NIS\1007000.01E\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver)
0x8F339000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83583000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F259000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x93AFD000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DFD6000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x83639000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x8F248000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x94BE2000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x837E4000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8D360000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x88000000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8365F000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x93B0A000 C:\windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x93B52000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83401000 C:\windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x93B30000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x93B77000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x835EA000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F290000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D655000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8362E000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x93B15000 C:\windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x93AF3000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8371C000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8D283000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D279000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x94BD8000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8D7D0000 C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8E82C000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0x8DF3B000 C:\windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8EDEC000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x83726000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x836F0000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x881ED000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x993D9000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93ED0000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x835D9000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88411000 C:\windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (Advanced Micro Devices Inc., AMD PCIE Filter Driver for ATI PCIE chipset)
0x8341D000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83657000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x885F5000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA7000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x835E2000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8800C000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x881F6000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x837F1000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x885DD000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x883F9000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x93B70000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x883F2000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x836C5000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D768000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8EDF6000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x885D8000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8F255000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8F303000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F246000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00640000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 102400 bytes
0x063F0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 102400 bytes
0x067E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 102400 bytes
0x04560000 Hidden Image-->PCHealthInfo.dll [ EPROCESS 0x87728030 ] PID: 2288, 110592 bytes
0x041D0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 110592 bytes
0x003A0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 118784 bytes
0x039C0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 118784 bytes
0x06EF0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 1224704 bytes
0x04580000 Hidden Image-->SwUpdates.dll [ EPROCESS 0x87728030 ] PID: 2288, 126976 bytes
0x06AE0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 126976 bytes
0x06D00000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 1748992 bytes
0x063B0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 208896 bytes
0x06EB0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 217088 bytes
0x06A20000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 282624 bytes
0x00610000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 28672 bytes
0x007B0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 28672 bytes
0x00760000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x00630000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x03C10000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x03FF0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x03FA0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x03FC0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04000000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04020000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x041A0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04420000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x045B0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x045C0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x046E0000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04710000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04880000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x048B0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x048C0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04D50000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x04C30000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x05BD0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x05BC0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x05FE0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x064D0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x060F0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06110000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06120000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06350000 Hidden Image-->Branding.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06390000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x064C0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06500000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x066B0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06A10000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 28672 bytes
0x06B00000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 315392 bytes
0x07640000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 323584 bytes
0x07690000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 339968 bytes
0x04550000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 348160 bytes
0x03D90000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 36864 bytes
0x03A00000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x03E70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x048A0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x04D70000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x04DB0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x05950000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x05C80000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x064E0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x06A00000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 36864 bytes
0x06A70000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 405504 bytes
0x06450000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 413696 bytes
0x06860000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 421888 bytes
0x005E0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 45056 bytes
0x00600000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 45056 bytes
0x03D80000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 45056 bytes
0x00620000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x00600000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x00930000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x03D30000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x04B00000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x04DA0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x05920000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x05A60000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 45056 bytes
0x06520000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 503808 bytes
0x03A10000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x03C00000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x03E60000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x03FB0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x04010000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x04890000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x04D60000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x04DD0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x05C70000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x063A0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x06430000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x066A0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x064F0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 53248 bytes
0x07860000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 585728 bytes
0xA4834F2E Unknown thread object [ ETHREAD 0x86E9AD48 ] , 600 bytes
0x05710000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 61440 bytes
0x05AB0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 61440 bytes
0x05C10000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 61440 bytes
0x05C50000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 61440 bytes
0x039E0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 69632 bytes
0x03B20000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 69632 bytes
0x03D40000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x8775A9F0 ] PID: 4088, 69632 bytes
0x05A90000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 69632 bytes
0x05BF0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 69632 bytes
0x05FC0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 69632 bytes
0x00770000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8748A340 ] PID: 3416, 77824 bytes
0x00770000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 77824 bytes
0x04860000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 77824 bytes
0x04B10000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 77824 bytes
0x079C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 790528 bytes
0x079D0000 Hidden Image-->Microsoft.mshtml.dll [ EPROCESS 0x87728030 ] PID: 2288, 8015872 bytes
0x04AD0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 86016 bytes
0x06370000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 86016 bytes
0x040C0000 Hidden Image-->Alerts.dll [ EPROCESS 0x87728030 ] PID: 2288, 94208 bytes
0x05C30000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 94208 bytes
0x07430000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL [ EPROCESS 0x8775A9F0 ] PID: 4088, 962560 bytes

"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#5 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 01:26 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by G-ASH at 0:17:12.24 on Sun 09/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.888 [GMT -5:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\G-ASH\Desktop\MOM'S DOWNLOADS DO NOT ERASE\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bleepingcomputer.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\g-ash\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: bleepingcomputer.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.0.30\CoIEPlg.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-9-18 310320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100917.001\IDSvix86.sys [2010-9-18 344112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-28 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-9-18 117640]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007000.01e\BHDrvx86.sys [2009-8-27 259632]
R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007000.01e\cchpx86.sys [2009-8-27 482432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 101936]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-28 167936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007000.01e\symndisv.sys [2009-8-27 48688]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-28 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-13 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-15 1343400]

=============== Created Last 30 ================

2010-09-19 05:16:07 0 ----a-w- c:\users\g-ash\defogger_reenable
2010-09-19 02:14:53 0 d-----w- c:\program files\Loaris
2010-09-19 02:14:06 0 d-----w- c:\users\g-ash\appdata\roaming\Malwarebytes
2010-09-19 02:14:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 02:14:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 02:14:00 0 d-----w- c:\programdata\Malwarebytes
2010-09-19 02:14:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 02:03:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-16 20:53:26 0 d-----r- c:\program files\Norton Support
2010-09-16 03:44:46 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 03:35:12 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-16 03:35:12 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-16 03:35:12 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-16 03:34:43 0 d-----w- c:\program files\Symantec
2010-09-16 03:34:43 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-04 03:45:51 0 d-----w- c:\users\g-ash\appdata\roaming\WildTangent
2010-08-24 21:04:24 571904 ----a-w- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-08-19 20:22:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-13 18:12:08 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:18:09.22 ===============

"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 19 September 2010 - 01:34 AM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 01:05 PM

Hi! It is actually doing better, i think i got lucky and deleted a couple reg files that looked what i found on that link i posted in the heading...but that was purely luck i am sure as I have no idea about registry files other than if i delete the wrong ones i am screwed... rip_1.gif
"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#8 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 02:16 PM

Hi Gringo,
I don't know if it worked or not or whether I did it right.
I encountered the following error once it was done.
Also, there was nothing in the c:/combofix.txt; however, here is what I found in that log:


ComboFix 10-09-17.04 - G-ASH 09/19/2010 13:30:20.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1083 [GMT -5:00]
Running from: C:\Users\G-ASH\Desktop\ComboFix.exe
.



[/b
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 7a
BCP1: C04E84D8
BCP2: C0000185
BCP3: 365ABBE0
BCP4: 9D09B000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\091910-27003-01.dmp
C:\Users\G-ASH\AppData\Local\Temp\WER-84911-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104...mp;clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt

---------------------------------------------------------------------------------

1. Once it ran and rebooted I did not see a Log as indicated on the "combo fix log file" on the instructions.

2. I did not do the Windows Recover Console as this pc is 7 and I did not see the instruction for 7 - only for XP, not sure if this created an issue/problem for or not??

3. When the pc did reboot it went directly into Reboot with choices of Safe Mode, Safe Mode with Networking, Normal, etc.. *** I just let it reboot on it's on with Normal.

4. I manually restored Norton and my Internet Connection.

PLEASE ADVISE AT YOUR CONVENIENCE.

[b]I REALLY APPRECIATE YOUR EFFORT IN HELPING ME!

"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 19 September 2010 - 07:18 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 08:08 PM

Gringo
Combotfix is not rebooting at all after it does the Log File. It is just frozen.
do you want me to manaully reboot if Safe Mode?
"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#11 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 19 September 2010 - 08:35 PM

I ran it in Safe Mode as indicated.
It didnt reboot on its on, so I did once more.
I made two different logs for each time.
Both times ComboFix would not restart the pc on its on - I had to manually do it.
I have attached the LOGS.

FIRST TIME IN SAFE MODE:
ComboFix 10-09-17.04 - G-ASH 09/19/2010 19:42:32.2.1 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1026 [GMT -5:00]
Running from: c:\users\G-ASH\Desktop\MOM'S DOWNLOADS DO NOT ERASE\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 00:47 . 2010-09-20 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 00:41 . 2010-09-20 00:41 -------- d-----w- C:\32788R22FWJFW
2010-09-19 22:15 . 2010-09-19 22:15 -------- d-----w- c:\program files\Common Files\Java
2010-09-19 22:13 . 2010-09-19 22:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-19 22:00 . 2010-09-19 22:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-19 21:54 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-19 21:37 . 2010-09-19 21:37 -------- d-----w- c:\users\G-ASH\AppData\Local\Microsoft Help
2010-09-19 21:17 . 2010-09-19 21:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-19 21:14 . 2010-09-19 21:14 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-19 21:14 . 2010-09-19 21:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-19 21:12 . 2010-09-19 21:17 -------- d-----w- c:\users\G-ASH\AppData\Local\Adobe
2010-09-19 21:01 . 2010-09-19 21:01 0 ----a-w- c:\windows\nsreg.dat
2010-09-19 21:01 . 2010-09-19 21:01 -------- d-----w- c:\users\G-ASH\AppData\Local\Mozilla
2010-09-19 20:59 . 2010-09-19 21:01 38434288 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\4d92cef8-7ed7-402d-aa91-6eda708f6bb8\171515_14.32.13.TC00143300K.exe
2010-09-19 20:54 . 2010-09-19 20:54 -------- d-----w- c:\program files\iPod
2010-09-19 20:52 . 2010-09-19 21:31 -------- d-----w- c:\program files\QuickTime
2010-09-19 20:50 . 2010-09-19 20:50 -------- d-----w- c:\program files\Bonjour
2010-09-19 20:39 . 2010-09-19 20:39 -------- d-----w- c:\program files\Secunia
2010-09-19 20:06 . 2010-09-19 20:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-19 19:28 . 2010-09-19 19:28 -------- d-----w- c:\users\G-ASH\AppData\Local\WindowsUpdate
2010-09-19 02:28 . 2010-09-19 02:28 -------- d-----w- c:\users\G-ASH\AppData\Local\ElevatedDiagnostics
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\program files\Loaris
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\users\G-ASH\AppData\Roaming\Malwarebytes
2010-09-19 02:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\programdata\Malwarebytes
2010-09-19 02:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 03:44 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 21:38 . 2010-09-19 04:15 -------- d-----w- c:\users\G-ASH\AppData\Local\jugckuapd
2010-09-04 03:45 . 2010-09-04 03:45 -------- d-----w- c:\users\G-ASH\AppData\Roaming\WildTangent
2010-09-04 01:12 . 2010-09-04 01:12 -------- d-----w- c:\users\G-ASH\AppData\Local\Diagnostics
2010-09-01 14:12 . 2010-09-01 14:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-24 21:04 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 00:40 . 2009-08-28 04:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-19 22:11 . 2010-08-19 21:24 -------- d-----w- c:\users\G-ASH\AppData\Roaming\LimeWire
2010-09-19 21:48 . 2010-06-28 21:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-19 21:43 . 2010-06-28 21:25 -------- d-----w- c:\programdata\Microsoft Help
2010-09-19 21:43 . 2010-06-28 21:19 -------- d-----w- c:\program files\Microsoft Works
2010-09-19 21:05 . 2009-08-28 04:05 -------- d-----w- c:\program files\TOSHIBA
2010-09-19 20:55 . 2010-08-19 21:03 -------- d-----w- c:\program files\iTunes
2010-09-19 20:54 . 2010-08-19 21:01 -------- d-----w- c:\program files\Common Files\Apple
2010-09-19 20:37 . 2009-08-28 04:17 -------- d-----w- c:\program files\Google
2010-09-19 20:06 . 2009-08-28 04:17 -------- d-----w- c:\programdata\Norton
2010-09-19 20:05 . 2009-08-28 04:17 -------- d-----w- c:\programdata\NortonInstaller
2010-09-19 20:03 . 2010-08-19 21:24 -------- d-----w- c:\program files\Ask.com
2010-09-19 03:23 . 2009-08-28 04:18 -------- d-----w- c:\programdata\Symantec
2010-09-19 02:03 . 2010-09-19 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-16 03:36 . 2009-08-28 04:17 -------- d-----w- c:\programdata\Partner
2010-09-04 03:45 . 2009-08-28 04:10 -------- d-----w- c:\programdata\WildTangent
2010-08-19 21:24 . 2010-08-19 21:22 -------- d-----w- c:\program files\LimeWire
2010-08-19 21:21 . 2010-08-19 21:04 -------- d-----w- c:\users\G-ASH\AppData\Roaming\Apple Computer
2010-08-19 21:03 . 2010-08-19 21:03 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-19 21:03 . 2010-08-19 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-08-19 21:02 . 2010-08-19 21:02 -------- d-----w- c:\program files\Apple Software Update
2010-08-19 21:02 . 2010-08-19 21:01 -------- d-----w- c:\programdata\Apple
2010-08-19 20:22 . 2010-08-19 20:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-18 17:58 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-13 18:15 . 2010-08-13 18:15 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb1DAF.tmp.exe
2010-08-13 18:14 . 2010-08-13 18:14 79136 ----a-w- c:\users\G-ASH\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-13 18:13 . 2010-08-13 18:13 -------- d-----w- c:\users\G-ASH\AppData\Roaming\ATI
2010-08-13 18:12 . 2010-08-13 18:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-08-13 18:12 . 2009-08-28 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 18:11 . 2010-08-13 18:11 -------- d-----w- c:\users\G-ASH\AppData\Roaming\WinBatch
2010-07-29 06:30 . 2010-08-16 19:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-16 19:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 23:44 . 2010-07-27 23:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44 . 2010-07-27 23:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 23:44 . 2010-07-27 23:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 23:44 . 2010-07-27 23:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-30 06:25 . 2010-08-16 18:51 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 21:13 . 2010-06-28 21:13 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-22 02:47 . 2010-08-16 19:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-16 19:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-16 19:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\G-ASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1343400]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: bleepingcomputer.com\www
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\G-ASH\AppData\Roaming\Mozilla\Firefox\Profiles\amfuapcr.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-19 19:49:12
ComboFix-quarantined-files.txt 2010-09-20 00:49

Pre-Run: 213,583,228,928 bytes free
Post-Run: 218,149,146,624 bytes free

- - End Of File - - 5D1815E568534EFD1A017320FC510AF0




2ND LOG AFTER RUNNING IN SAFE MODE:


ComboFix 10-09-17.04 - G-ASH 09/19/2010 19:55:34.3.1 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.998 [GMT -5:00]
Running from: c:\users\G-ASH\Desktop\MOM'S DOWNLOADS DO NOT ERASE\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 01:00 . 2010-09-20 01:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-20 01:00 . 2010-09-20 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-20 00:54 . 2010-09-20 00:54 -------- d-----w- C:\32788R22FWJFW
2010-09-19 22:15 . 2010-09-19 22:15 -------- d-----w- c:\program files\Common Files\Java
2010-09-19 22:13 . 2010-09-19 22:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-19 22:00 . 2010-09-19 22:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-19 21:54 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-19 21:37 . 2010-09-19 21:37 -------- d-----w- c:\users\G-ASH\AppData\Local\Microsoft Help
2010-09-19 21:17 . 2010-09-19 21:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-19 21:14 . 2010-09-19 21:14 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-19 21:14 . 2010-09-19 21:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-19 21:12 . 2010-09-19 21:17 -------- d-----w- c:\users\G-ASH\AppData\Local\Adobe
2010-09-19 21:01 . 2010-09-19 21:01 0 ----a-w- c:\windows\nsreg.dat
2010-09-19 21:01 . 2010-09-19 21:01 -------- d-----w- c:\users\G-ASH\AppData\Local\Mozilla
2010-09-19 20:59 . 2010-09-19 21:01 38434288 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\4d92cef8-7ed7-402d-aa91-6eda708f6bb8\171515_14.32.13.TC00143300K.exe
2010-09-19 20:54 . 2010-09-19 20:54 -------- d-----w- c:\program files\iPod
2010-09-19 20:52 . 2010-09-19 21:31 -------- d-----w- c:\program files\QuickTime
2010-09-19 20:50 . 2010-09-19 20:50 -------- d-----w- c:\program files\Bonjour
2010-09-19 20:39 . 2010-09-19 20:39 -------- d-----w- c:\program files\Secunia
2010-09-19 20:06 . 2010-09-19 20:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-19 19:28 . 2010-09-19 19:28 -------- d-----w- c:\users\G-ASH\AppData\Local\WindowsUpdate
2010-09-19 02:28 . 2010-09-19 02:28 -------- d-----w- c:\users\G-ASH\AppData\Local\ElevatedDiagnostics
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\program files\Loaris
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\users\G-ASH\AppData\Roaming\Malwarebytes
2010-09-19 02:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\programdata\Malwarebytes
2010-09-19 02:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 03:44 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 21:38 . 2010-09-19 04:15 -------- d-----w- c:\users\G-ASH\AppData\Local\jugckuapd
2010-09-04 03:45 . 2010-09-04 03:45 -------- d-----w- c:\users\G-ASH\AppData\Roaming\WildTangent
2010-09-04 01:12 . 2010-09-04 01:12 -------- d-----w- c:\users\G-ASH\AppData\Local\Diagnostics
2010-09-01 14:12 . 2010-09-01 14:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-24 21:04 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 00:40 . 2009-08-28 04:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-19 22:11 . 2010-08-19 21:24 -------- d-----w- c:\users\G-ASH\AppData\Roaming\LimeWire
2010-09-19 21:48 . 2010-06-28 21:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-19 21:43 . 2010-06-28 21:25 -------- d-----w- c:\programdata\Microsoft Help
2010-09-19 21:43 . 2010-06-28 21:19 -------- d-----w- c:\program files\Microsoft Works
2010-09-19 21:05 . 2009-08-28 04:05 -------- d-----w- c:\program files\TOSHIBA
2010-09-19 20:55 . 2010-08-19 21:03 -------- d-----w- c:\program files\iTunes
2010-09-19 20:54 . 2010-08-19 21:01 -------- d-----w- c:\program files\Common Files\Apple
2010-09-19 20:37 . 2009-08-28 04:17 -------- d-----w- c:\program files\Google
2010-09-19 20:06 . 2009-08-28 04:17 -------- d-----w- c:\programdata\Norton
2010-09-19 20:05 . 2009-08-28 04:17 -------- d-----w- c:\programdata\NortonInstaller
2010-09-19 20:03 . 2010-08-19 21:24 -------- d-----w- c:\program files\Ask.com
2010-09-19 03:23 . 2009-08-28 04:18 -------- d-----w- c:\programdata\Symantec
2010-09-19 02:03 . 2010-09-19 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-16 03:36 . 2009-08-28 04:17 -------- d-----w- c:\programdata\Partner
2010-09-04 03:45 . 2009-08-28 04:10 -------- d-----w- c:\programdata\WildTangent
2010-08-19 21:24 . 2010-08-19 21:22 -------- d-----w- c:\program files\LimeWire
2010-08-19 21:21 . 2010-08-19 21:04 -------- d-----w- c:\users\G-ASH\AppData\Roaming\Apple Computer
2010-08-19 21:03 . 2010-08-19 21:03 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-19 21:03 . 2010-08-19 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-08-19 21:02 . 2010-08-19 21:02 -------- d-----w- c:\program files\Apple Software Update
2010-08-19 21:02 . 2010-08-19 21:01 -------- d-----w- c:\programdata\Apple
2010-08-19 20:22 . 2010-08-19 20:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-18 17:58 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-13 18:15 . 2010-08-13 18:15 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb1DAF.tmp.exe
2010-08-13 18:14 . 2010-08-13 18:14 79136 ----a-w- c:\users\G-ASH\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-13 18:13 . 2010-08-13 18:13 -------- d-----w- c:\users\G-ASH\AppData\Roaming\ATI
2010-08-13 18:12 . 2010-08-13 18:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-08-13 18:12 . 2009-08-28 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 18:11 . 2010-08-13 18:11 -------- d-----w- c:\users\G-ASH\AppData\Roaming\WinBatch
2010-07-29 06:30 . 2010-08-16 19:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-16 19:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 23:44 . 2010-07-27 23:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44 . 2010-07-27 23:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 23:44 . 2010-07-27 23:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 23:44 . 2010-07-27 23:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-30 06:25 . 2010-08-16 18:51 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 21:13 . 2010-06-28 21:13 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-22 02:47 . 2010-08-16 19:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-16 19:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-16 19:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-20_00.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-20 00:40 . 2010-09-20 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-20 00:51 . 2010-09-20 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-20 00:40 . 2010-09-20 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-20 00:51 . 2010-09-20 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-09-20 00:58 623940 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-09-20 00:45 623940 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-09-20 00:58 106316 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-09-20 00:45 106316 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\G-ASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1343400]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: bleepingcomputer.com\www
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\G-ASH\AppData\Roaming\Mozilla\Firefox\Profiles\amfuapcr.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-19 20:02:31
ComboFix-quarantined-files.txt 2010-09-20 01:02
ComboFix2.txt 2010-09-20 00:49

Pre-Run: 218,317,529,088 bytes free
Post-Run: 218,179,694,592 bytes free

- - End Of File - - EFCCE1191C5AABAB13DBE9F34C09DDE9

Attached Files


"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 19 September 2010 - 10:56 PM

I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Folder::
c:\users\G-ASH\AppData\Local\jugckuapd

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>;*.local


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 20 September 2010 - 08:23 PM

Trying it now. it said an updated version of combofix was available so i went ahead and clicked yes for the upgrade...
will let you know how it goes..
thanks whistling.gif
"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#14 CHUPACABRA HUNTER

CHUPACABRA HUNTER
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DEEP SOUTH
  • Local time:05:20 AM

Posted 20 September 2010 - 09:06 PM

Hi Gringo,
Hope your day went well.
I ran combofix with script.
Encountered a couple of issues - 1. Windows Explorer Stopped Working error msg. 2. Rundll32.exe application unable to start correctly....

Here is a copy of the log:

ComboFix 10-09-20.02 - G-ASH 09/20/2010 20:46:51.5.1 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.943 [GMT -5:00]
Running from: c:\users\G-ASH\Desktop\MOM'S DOWNLOADS DO NOT ERASE\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\G-ASH\AppData\Local\Temp\jna7514578373457434452.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 01:51 . 2010-09-21 01:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-21 01:51 . 2010-09-21 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 01:45 . 2010-09-21 01:46 -------- d-----w- C:\32788R22FWJFW
2010-09-19 22:15 . 2010-09-19 22:15 -------- d-----w- c:\program files\Common Files\Java
2010-09-19 22:13 . 2010-09-19 22:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-19 22:00 . 2010-09-19 22:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-19 21:54 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-19 21:37 . 2010-09-19 21:37 -------- d-----w- c:\users\G-ASH\AppData\Local\Microsoft Help
2010-09-19 21:17 . 2010-09-19 21:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-19 21:14 . 2010-09-19 21:14 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-19 21:14 . 2010-09-19 21:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-19 21:12 . 2010-09-19 21:17 -------- d-----w- c:\users\G-ASH\AppData\Local\Adobe
2010-09-19 21:01 . 2010-09-19 21:01 0 ----a-w- c:\windows\nsreg.dat
2010-09-19 21:01 . 2010-09-19 21:01 -------- d-----w- c:\users\G-ASH\AppData\Local\Mozilla
2010-09-19 20:59 . 2010-09-19 21:01 38434288 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\4d92cef8-7ed7-402d-aa91-6eda708f6bb8\171515_14.32.13.TC00143300K.exe
2010-09-19 20:54 . 2010-09-19 20:54 -------- d-----w- c:\program files\iPod
2010-09-19 20:52 . 2010-09-19 21:31 -------- d-----w- c:\program files\QuickTime
2010-09-19 20:50 . 2010-09-19 20:50 -------- d-----w- c:\program files\Bonjour
2010-09-19 20:39 . 2010-09-19 20:39 -------- d-----w- c:\program files\Secunia
2010-09-19 20:06 . 2010-09-19 20:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-19 19:28 . 2010-09-19 19:28 -------- d-----w- c:\users\G-ASH\AppData\Local\WindowsUpdate
2010-09-19 02:28 . 2010-09-19 02:28 -------- d-----w- c:\users\G-ASH\AppData\Local\ElevatedDiagnostics
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\program files\Loaris
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\users\G-ASH\AppData\Roaming\Malwarebytes
2010-09-19 02:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 02:14 . 2010-09-19 02:14 -------- d-----w- c:\programdata\Malwarebytes
2010-09-19 02:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-16 03:44 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-04 03:45 . 2010-09-04 03:45 -------- d-----w- c:\users\G-ASH\AppData\Roaming\WildTangent
2010-09-04 01:12 . 2010-09-04 01:12 -------- d-----w- c:\users\G-ASH\AppData\Local\Diagnostics
2010-09-01 14:12 . 2010-09-01 14:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-24 21:04 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 01:39 . 2010-08-19 21:24 -------- d-----w- c:\users\G-ASH\AppData\Roaming\LimeWire
2010-09-20 00:40 . 2009-08-28 04:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-19 21:48 . 2010-06-28 21:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-19 21:43 . 2010-06-28 21:25 -------- d-----w- c:\programdata\Microsoft Help
2010-09-19 21:43 . 2010-06-28 21:19 -------- d-----w- c:\program files\Microsoft Works
2010-09-19 21:05 . 2009-08-28 04:05 -------- d-----w- c:\program files\TOSHIBA
2010-09-19 20:55 . 2010-08-19 21:03 -------- d-----w- c:\program files\iTunes
2010-09-19 20:54 . 2010-08-19 21:01 -------- d-----w- c:\program files\Common Files\Apple
2010-09-19 20:37 . 2009-08-28 04:17 -------- d-----w- c:\program files\Google
2010-09-19 20:06 . 2009-08-28 04:17 -------- d-----w- c:\programdata\Norton
2010-09-19 20:05 . 2009-08-28 04:17 -------- d-----w- c:\programdata\NortonInstaller
2010-09-19 20:03 . 2010-08-19 21:24 -------- d-----w- c:\program files\Ask.com
2010-09-19 03:23 . 2009-08-28 04:18 -------- d-----w- c:\programdata\Symantec
2010-09-19 02:03 . 2010-09-19 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-16 03:36 . 2009-08-28 04:17 -------- d-----w- c:\programdata\Partner
2010-09-04 03:45 . 2009-08-28 04:10 -------- d-----w- c:\programdata\WildTangent
2010-08-19 21:24 . 2010-08-19 21:22 -------- d-----w- c:\program files\LimeWire
2010-08-19 21:21 . 2010-08-19 21:04 -------- d-----w- c:\users\G-ASH\AppData\Roaming\Apple Computer
2010-08-19 21:03 . 2010-08-19 21:03 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-19 21:03 . 2010-08-19 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-08-19 21:02 . 2010-08-19 21:02 -------- d-----w- c:\program files\Apple Software Update
2010-08-19 21:02 . 2010-08-19 21:01 -------- d-----w- c:\programdata\Apple
2010-08-19 20:22 . 2010-08-19 20:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-18 17:58 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-13 18:15 . 2010-08-13 18:15 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb1DAF.tmp.exe
2010-08-13 18:14 . 2010-08-13 18:14 79136 ----a-w- c:\users\G-ASH\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-13 18:13 . 2010-08-13 18:13 -------- d-----w- c:\users\G-ASH\AppData\Roaming\ATI
2010-08-13 18:12 . 2010-08-13 18:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-08-13 18:12 . 2009-08-28 04:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 18:11 . 2010-08-13 18:11 -------- d-----w- c:\users\G-ASH\AppData\Roaming\WinBatch
2010-07-29 06:30 . 2010-08-16 19:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-16 19:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 23:44 . 2010-07-27 23:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44 . 2010-07-27 23:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 23:44 . 2010-07-27 23:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 23:44 . 2010-07-27 23:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-30 06:25 . 2010-08-16 18:51 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 21:13 . 2010-06-28 21:13 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-20_00.47.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 04:25 . 2010-09-20 01:29 25486 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-21 01:39 45214 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-08-13 18:07 . 2010-09-19 21:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-13 18:07 . 2010-09-21 01:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-13 18:07 . 2010-09-19 21:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-13 18:07 . 2010-09-21 01:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-09-21 01:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-19 21:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-13 18:15 . 2010-09-21 01:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-13 18:15 . 2010-09-19 21:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-13 18:15 . 2010-09-19 21:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-13 18:15 . 2010-09-21 01:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-13 18:15 . 2010-09-21 01:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-13 18:15 . 2010-09-19 21:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-13 18:15 . 2010-09-21 01:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-13 18:15 . 2010-09-19 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-14 01:31 . 2010-09-19 22:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-14 01:31 . 2010-09-21 01:20 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-14 01:31 . 2010-09-19 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-08-14 01:31 . 2010-09-21 01:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-08-14 01:31 . 2010-09-19 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-08-14 01:31 . 2010-09-21 01:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-08-13 18:15 . 2010-09-19 22:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-13 18:15 . 2010-09-21 01:34 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-13 18:15 . 2010-09-19 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-13 18:15 . 2010-09-21 01:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-20 01:44 . 2010-09-20 01:44 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
- 2010-09-20 00:40 . 2010-09-20 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-21 01:44 . 2010-09-21 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-20 00:40 . 2010-09-20 00:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-21 01:44 . 2010-09-21 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-20 01:43 . 2010-09-20 01:43 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
+ 2010-08-14 02:26 . 2010-09-21 01:43 234030 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-09-20 00:45 623940 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-09-21 01:49 623940 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-09-20 00:45 106316 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-09-21 01:49 106316 c:\windows\System32\perfc009.dat
+ 2010-09-20 01:52 . 2010-09-20 01:52 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e30ded9b9c19a264a974b1cc40d7d2cc\System.Runtime.Remoting.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-20 01:45 . 2010-09-20 01:45 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
+ 2010-09-20 01:44 . 2010-09-20 01:44 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\95d92a700a1fba76f89a30ab46864f10\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
- 2009-07-14 02:03 . 2010-09-19 21:35 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-09-20 01:41 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-09-20 01:52 . 2010-09-20 01:52 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
+ 2010-09-20 01:52 . 2010-09-20 01:52 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
+ 2010-09-20 01:45 . 2010-09-20 01:45 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll
+ 2010-09-20 01:44 . 2010-09-20 01:44 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 1137664 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e95f51d720705725942dda0017055464\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2010-09-20 01:43 . 2010-09-20 01:43 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll
+ 2010-09-20 01:46 . 2010-09-20 01:46 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
+ 2010-09-20 01:45 . 2010-09-20 01:45 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\G-ASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-15 1343400]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: bleepingcomputer.com\www
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\G-ASH\AppData\Roaming\Mozilla\Firefox\Profiles\amfuapcr.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-20 20:54:01
ComboFix-quarantined-files.txt 2010-09-21 01:54
ComboFix2.txt 2010-09-20 01:02
ComboFix3.txt 2010-09-20 00:49

Pre-Run: 218,219,814,912 bytes free
Post-Run: 218,047,885,312 bytes free

- - End Of File - - 770B86BE5F6FBCBAA2A2A36B714FE626



"If you only knew the magnificence of the three, the six & the nine... then you would have a key to the universe." Nikola Tesla

"It's not the size of the dog in the fight, but the size of the fight in the dog." Bear Bryant.


Posted Image


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 20 September 2010 - 09:52 PM

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\Qoobox\Add-Remove Programs.txt
  • click ok
  • copy and paste the report into this topic for me to review


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users