Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection- browser redirects to google-analytics, epoclick.com


  • This topic is locked This topic is locked
23 replies to this topic

#1 kate smock

kate smock

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 22 November 2010 - 12:48 AM

Several months ago I got a virus that redirects my web browser to websites such as the ones listed above. I came here before for help, but after several days of trying to fix the problem, I had some personal problems and forgot to check back.

I ignored the virus for the past couple months, just closing the windows when they would pop up. But today, I seem to have gotten ANOTHER virus. My computer gave me warnings such as "RAM memory usage is critically high. RAM failure" and "A critical error has occurred while indexing data stored on hard drive. System restart required." Im currently trying to remove that on MBAM and I used rkill to end the process. (Update: MBAM found nothing) Because of all that I decided to come back here and try to fix the problem.

I'm also using Windows Vista.

Thank you for your help!

DDS-


DDS (Ver_10-11-10.01) - NTFSx86
Run by kate at 21:44:27.08 on Sun 11/21/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1324 [GMT -6:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\kate\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kate\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kate\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Google Update] "c:\users\kate\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [XadVPXkgvP.exe] c:\users\kate\appdata\local\temp\XadVPXkgvP.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\kate\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kate\appdata\roaming\mozilla\firefox\profiles\s76ljepi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\kate\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\kate\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\kate\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\kate\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kate\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\kate\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-29 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-11 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-11 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-11 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-11 56816]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-11 24652]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-9 38224]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-3-6 54416]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-3-6 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-3-6 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-3-6 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-3-6 114192]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-3-6 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-3-6 160400]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-19 19:21:59 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6e4f2dae-6a1a-4b18-a498-fe71e17cedaa}\mpengine.dll
2010-11-10 05:46:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-11-02 20:33:15 -------- d-----w- c:\users\kate\appdata\local\Neopets
2010-10-29 08:01:52 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-28 19:35:51 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-28 19:35:51 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-28 19:35:51 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-28 19:35:51 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-28 19:35:51 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-28 19:35:44 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-10-28 19:35:24 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-28 08:44:01 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-10-28 08:44:01 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-28 08:43:57 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-10-28 08:43:57 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-28 08:43:57 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-10-28 08:33:27 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-10-28 08:21:30 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-28 08:21:30 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-28 08:21:30 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-28 08:21:30 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-28 08:21:30 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-28 08:16:44 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-10-28 08:16:44 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-10-28 08:16:43 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-10-28 08:16:43 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-10-28 08:16:43 11264 ----a-w- c:\windows\system32\icardres.dll
2010-10-28 08:16:42 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-10-28 08:09:54 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-10-28 08:09:51 83968 ----a-w- c:\windows\system32\mscories.dll
2010-10-28 08:05:21 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-28 08:05:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-28 08:05:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-28 08:05:00 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-27 20:47:06 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-10-27 20:47:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-10-27 20:46:51 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-10-27 20:08:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 20:07:22 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-10-27 20:07:22 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-10-27 20:07:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-27 20:07:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-27 20:05:09 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-10-27 20:05:09 94720 ----a-w- c:\windows\system32\logagent.exe
2010-10-27 20:05:00 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-27 20:04:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-27 20:04:39 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-27 20:04:33 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-27 20:00:23 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-27 20:00:20 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-10-27 20:00:11 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-10-27 20:00:10 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-10-27 20:00:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-10-27 20:00:10 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-10-27 20:00:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-10-27 20:00:10 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-10-27 20:00:10 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-10-27 20:00:10 10240 ----a-w- c:\windows\system32\finger.exe
2010-10-27 19:59:18 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-10-27 19:59:18 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-10-27 19:59:18 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-10-27 19:59:18 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-10-27 19:59:13 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-27 19:59:07 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2010-10-27 19:59:04 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-10-27 19:59:02 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-27 19:59:02 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-27 19:59:02 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-27 19:57:59 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-10-27 19:56:58 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-10-27 19:50:20 90112 ----a-w- c:\windows\system32\wshext.dll
2010-10-27 19:50:20 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-10-27 19:50:20 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-10-27 19:50:20 155648 ----a-w- c:\windows\system32\wscript.exe
2010-10-27 19:50:20 135168 ----a-w- c:\windows\system32\wshom.ocx
2010-10-27 19:50:20 135168 ----a-w- c:\windows\system32\cscript.exe
2010-10-27 19:50:07 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-10-27 19:50:05 1645568 ----a-w- c:\windows\system32\connect.dll
2010-10-27 01:28:54 98304 ----a-w- c:\windows\system32\cabview.dll
2010-10-27 01:28:52 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-10-27 01:25:07 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-10-27 01:24:50 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-10-27 01:24:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-10-27 01:24:43 171608 ----a-w- c:\windows\system32\wuwebv.dll

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 17:26:59 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53:07 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28:29 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 14:11:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

============= FINISH: 21:44:59.32 ===============

Attached File  Attach.txt   3.57KB   0 downloads

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 30 November 2010 - 08:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 30 November 2010 - 09:19 PM

yep im still here :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 01 December 2010 - 04:49 PM

At the moment redirects mean rootkit so let's see if we can check that possibility out

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 01 December 2010 - 10:24 PM

TDSSKiller log-

2010/12/01 21:21:20.0244 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/01 21:21:20.0244 ================================================================================
2010/12/01 21:21:20.0244 SystemInfo:
2010/12/01 21:21:20.0244
2010/12/01 21:21:20.0244 OS Version: 6.0.6001 ServicePack: 1.0
2010/12/01 21:21:20.0244 Product type: Workstation
2010/12/01 21:21:20.0244 ComputerName: KATE-PC
2010/12/01 21:21:20.0245 UserName: kate
2010/12/01 21:21:20.0245 Windows directory: C:\Windows
2010/12/01 21:21:20.0245 System windows directory: C:\Windows
2010/12/01 21:21:20.0245 Processor architecture: Intel x86
2010/12/01 21:21:20.0245 Number of processors: 2
2010/12/01 21:21:20.0245 Page size: 0x1000
2010/12/01 21:21:20.0245 Boot type: Normal boot
2010/12/01 21:21:20.0245 ================================================================================
2010/12/01 21:21:20.0779 Initialize success
2010/12/01 21:21:26.0671 ================================================================================
2010/12/01 21:21:26.0671 Scan started
2010/12/01 21:21:26.0671 Mode: Manual;
2010/12/01 21:21:26.0671 ================================================================================
2010/12/01 21:21:27.0186 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/12/01 21:21:27.0359 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/01 21:21:27.0511 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/01 21:21:27.0558 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/01 21:21:27.0670 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/01 21:21:27.0835 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/12/01 21:21:28.0015 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/01 21:21:28.0171 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/01 21:21:28.0204 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/01 21:21:28.0267 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/01 21:21:28.0386 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/01 21:21:28.0426 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/01 21:21:28.0542 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/01 21:21:28.0577 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/01 21:21:28.0746 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/01 21:21:28.0867 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/01 21:21:28.0933 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/01 21:21:29.0046 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2010/12/01 21:21:29.0155 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/12/01 21:21:29.0265 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/01 21:21:29.0324 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/01 21:21:29.0446 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/01 21:21:29.0489 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/01 21:21:29.0687 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/01 21:21:29.0771 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/01 21:21:29.0870 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/01 21:21:29.0997 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/01 21:21:30.0073 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/01 21:21:30.0163 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/01 21:21:30.0204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/01 21:21:30.0290 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/01 21:21:30.0578 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/01 21:21:30.0711 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/01 21:21:30.0752 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/01 21:21:30.0857 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/12/01 21:21:31.0018 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/01 21:21:31.0052 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/01 21:21:31.0181 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/01 21:21:31.0315 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/01 21:21:31.0349 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/01 21:21:31.0537 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/12/01 21:21:31.0676 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/12/01 21:21:31.0829 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/01 21:21:31.0886 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/01 21:21:32.0032 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/01 21:21:32.0178 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/12/01 21:21:32.0330 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/01 21:21:32.0489 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/01 21:21:32.0575 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/12/01 21:21:32.0671 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/12/01 21:21:32.0794 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/01 21:21:32.0844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/01 21:21:32.0955 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/01 21:21:32.0999 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/01 21:21:33.0055 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/12/01 21:21:33.0198 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/01 21:21:33.0219 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/12/01 21:21:33.0250 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/01 21:21:33.0356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/01 21:21:33.0431 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/01 21:21:33.0539 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/01 21:21:33.0579 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/01 21:21:33.0629 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/01 21:21:33.0750 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/12/01 21:21:33.0807 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/01 21:21:33.0939 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/12/01 21:21:34.0077 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/01 21:21:34.0233 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/01 21:21:34.0338 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/01 21:21:34.0437 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/01 21:21:34.0646 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/01 21:21:34.0802 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/01 21:21:34.0938 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/01 21:21:35.0120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/01 21:21:35.0152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/01 21:21:35.0337 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/01 21:21:35.0474 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/01 21:21:35.0515 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/01 21:21:35.0592 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/01 21:21:35.0684 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/01 21:21:35.0728 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/01 21:21:35.0776 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/01 21:21:35.0887 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/01 21:21:35.0920 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/01 21:21:36.0050 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/12/01 21:21:36.0099 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2010/12/01 21:21:36.0240 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2010/12/01 21:21:36.0297 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/01 21:21:36.0465 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2010/12/01 21:21:36.0513 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/01 21:21:36.0570 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/01 21:21:36.0647 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/01 21:21:36.0702 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/01 21:21:36.0750 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/01 21:21:36.0868 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/01 21:21:36.0923 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/01 21:21:37.0052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/01 21:21:37.0092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/01 21:21:37.0151 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/01 21:21:37.0185 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2010/12/01 21:21:37.0229 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/01 21:21:37.0341 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/01 21:21:37.0399 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/01 21:21:37.0537 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/01 21:21:37.0571 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/12/01 21:21:37.0690 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/01 21:21:37.0735 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/01 21:21:37.0876 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/01 21:21:38.0005 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/12/01 21:21:38.0039 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/01 21:21:38.0188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/01 21:21:38.0226 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
2010/12/01 21:21:38.0372 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/01 21:21:38.0402 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/01 21:21:38.0525 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/01 21:21:38.0568 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/12/01 21:21:38.0712 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/01 21:21:38.0750 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/01 21:21:38.0859 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/12/01 21:21:38.0943 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/01 21:21:39.0101 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/12/01 21:21:39.0144 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/01 21:21:39.0264 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/01 21:21:39.0321 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/01 21:21:39.0353 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/01 21:21:39.0469 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/01 21:21:39.0519 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/01 21:21:39.0771 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/12/01 21:21:39.0968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/01 21:21:40.0005 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/12/01 21:21:40.0044 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/01 21:21:40.0179 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/12/01 21:21:40.0316 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/01 21:21:40.0339 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/01 21:21:40.0373 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/01 21:21:40.0409 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/01 21:21:40.0522 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/01 21:21:40.0620 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/01 21:21:40.0743 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/01 21:21:40.0787 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/12/01 21:21:40.0823 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/01 21:21:40.0930 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
2010/12/01 21:21:40.0968 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/01 21:21:41.0011 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/01 21:21:41.0183 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/01 21:21:41.0376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/01 21:21:41.0416 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/01 21:21:41.0586 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/01 21:21:41.0753 PTUMWBus (31152d655189703dec05d7d585281ab3) C:\Windows\system32\DRIVERS\PTUMWBus.sys
2010/12/01 21:21:41.0894 PTUMWCSP (800e9d0e8628b99191d4e6811237b166) C:\Windows\system32\DRIVERS\PTUMWCSP.sys
2010/12/01 21:21:42.0037 PTUMWFLT (154abe6f191c1a235ffb8dcc305f7955) C:\Windows\system32\DRIVERS\PTUMWFLT.sys
2010/12/01 21:21:42.0086 PTUMWMdm (3f3f7a22242d179146237cdda5023b31) C:\Windows\system32\DRIVERS\PTUMWMdm.sys
2010/12/01 21:21:42.0219 PTUMWNET (caed59c03a6eaf40d9a8bfeed537800c) C:\Windows\system32\DRIVERS\PTUMWNET.sys
2010/12/01 21:21:42.0355 PTUMWNSP (c21601f8a0302e4f07faa080afd8e639) C:\Windows\system32\DRIVERS\PTUMWNSP.sys
2010/12/01 21:21:42.0494 PTUMWVsp (9236328954fcaa0a1c895297bd1efe3a) C:\Windows\system32\DRIVERS\PTUMWVsp.sys
2010/12/01 21:21:42.0657 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/01 21:21:42.0818 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/01 21:21:42.0858 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/01 21:21:42.0965 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/01 21:21:43.0004 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/01 21:21:43.0036 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/01 21:21:43.0149 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/01 21:21:43.0175 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/01 21:21:43.0219 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/01 21:21:43.0261 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/01 21:21:43.0398 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/01 21:21:43.0436 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/12/01 21:21:43.0584 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/01 21:21:43.0613 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/01 21:21:43.0740 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/01 21:21:43.0778 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/01 21:21:43.0828 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/01 21:21:43.0941 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/01 21:21:43.0998 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/01 21:21:44.0123 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/01 21:21:44.0185 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/01 21:21:44.0224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/01 21:21:44.0342 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/01 21:21:44.0397 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/01 21:21:44.0426 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/01 21:21:44.0538 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/01 21:21:44.0564 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/01 21:21:44.0610 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/01 21:21:44.0700 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/01 21:21:44.0732 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/01 21:21:44.0784 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/12/01 21:21:44.0848 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/01 21:21:44.0989 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
2010/12/01 21:21:45.0124 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/12/01 21:21:45.0188 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/01 21:21:45.0341 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/01 21:21:45.0413 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/12/01 21:21:45.0593 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2010/12/01 21:21:45.0653 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/01 21:21:45.0752 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/01 21:21:45.0787 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/01 21:21:45.0835 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/01 21:21:45.0967 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/01 21:21:46.0063 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2010/12/01 21:21:46.0220 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/01 21:21:46.0335 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/01 21:21:46.0463 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/12/01 21:21:46.0513 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/01 21:21:46.0619 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/01 21:21:46.0672 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/01 21:21:46.0783 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/01 21:21:47.0019 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2010/12/01 21:21:47.0167 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/12/01 21:21:47.0236 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/01 21:21:47.0363 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/01 21:21:47.0386 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/01 21:21:47.0430 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/12/01 21:21:47.0495 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/01 21:21:47.0583 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/01 21:21:47.0724 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/01 21:21:47.0769 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/01 21:21:47.0891 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/01 21:21:47.0928 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/01 21:21:48.0023 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/01 21:21:48.0081 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/01 21:21:48.0210 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/01 21:21:48.0253 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/01 21:21:48.0387 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/01 21:21:48.0420 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/01 21:21:48.0530 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/01 21:21:48.0594 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/01 21:21:48.0697 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/01 21:21:48.0745 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/01 21:21:48.0858 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/01 21:21:48.0910 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/12/01 21:21:49.0040 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/01 21:21:49.0072 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/01 21:21:49.0179 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/01 21:21:49.0205 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/01 21:21:49.0243 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/01 21:21:49.0355 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
2010/12/01 21:21:49.0402 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/12/01 21:21:49.0523 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/12/01 21:21:49.0586 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/01 21:21:49.0709 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/01 21:21:49.0756 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 21:21:49.0778 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 21:21:49.0898 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/01 21:21:49.0946 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/01 21:21:50.0167 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/01 21:21:50.0255 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/01 21:21:50.0384 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/01 21:21:50.0445 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/01 21:21:50.0546 ================================================================================
2010/12/01 21:21:50.0547 Scan finished
2010/12/01 21:21:50.0547 ================================================================================





MBRCheck Log-


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite A305
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 146):
0x81E0E000 \SystemRoot\system32\ntkrnlpa.exe
0x821C7000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046B000 \SystemRoot\system32\PSHED.dll
0x8047C000 \SystemRoot\system32\BOOTVID.dll
0x80484000 \SystemRoot\system32\CLFS.SYS
0x804C5000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys
0x89A04000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x89ADD000 \SystemRoot\system32\drivers\atapi.sys
0x89AE5000 \SystemRoot\system32\drivers\ataport.SYS
0x89B03000 \SystemRoot\system32\drivers\fltmgr.sys
0x89B35000 \SystemRoot\system32\drivers\fileinfo.sys
0x89B45000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x89B54000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89C0A000 \SystemRoot\system32\drivers\ndis.sys
0x89D15000 \SystemRoot\system32\drivers\msrpc.sys
0x89D40000 \SystemRoot\system32\drivers\NETIO.SYS
0x89E0F000 \SystemRoot\System32\drivers\tcpip.sys
0x89EF9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A00B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A11A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A153000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8A158000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8A19B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A1A3000 \SystemRoot\System32\Drivers\mup.sys
0x8A1B2000 \SystemRoot\System32\drivers\ecache.sys
0x8A1D9000 \SystemRoot\system32\drivers\disk.sys
0x89F14000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A1EA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8DCE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DCEF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DCF8000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8DD00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DD0F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DE0A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E4EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E58D000 \SystemRoot\System32\drivers\watchdog.sys
0x8E59A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E5A5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E5E3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DD13000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DD25000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E80E000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EB95000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EBA5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EBB3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EBCD000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EBDE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8DD46000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8DD98000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EBF2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DDAB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EBFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E800000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E5F2000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8DDDA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x89F35000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89F63000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DDF2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89FA4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89FBB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89FDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89D7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89D8E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x89FED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E80B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89DA3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89E00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89BC5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89DCD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FC00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8079B000 \SystemRoot\system32\drivers\portcls.sys
0x807C8000 \SystemRoot\system32\drivers\drmk.sys
0x90002000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9011E000 \SystemRoot\system32\drivers\modem.sys
0x9012B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90134000 \SystemRoot\System32\Drivers\Null.SYS
0x9013B000 \SystemRoot\System32\Drivers\Beep.SYS
0x90142000 \SystemRoot\System32\drivers\vga.sys
0x9014E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9016F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90177000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9017F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9018A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90198000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x901A1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x901B7000 \SystemRoot\system32\DRIVERS\smb.sys
0x805A5000 \SystemRoot\system32\drivers\afd.sys
0x901CB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89DDE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x807ED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x805ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89DF4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9040A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90446000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90450000 \SystemRoot\System32\Drivers\dfsc.sys
0x90467000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90483000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90485000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9049C000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x904A4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x904C5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x904D2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x998A0000 \SystemRoot\System32\win32k.sys
0x905AB000 \SystemRoot\System32\drivers\Dxapi.sys
0x905B5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99AC0000 \SystemRoot\System32\TSDDD.dll
0x99AE0000 \SystemRoot\System32\cdd.dll
0x905C4000 \SystemRoot\system32\drivers\luafv.sys
0x905DF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8DC0B000 \SystemRoot\system32\drivers\spsys.sys
0x8DCBA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xACA0E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xACA38000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xACA42000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xACA55000 \SystemRoot\system32\drivers\HTTP.sys
0xACAC2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xACADF000 \SystemRoot\system32\DRIVERS\bowser.sys
0xACAF8000 \SystemRoot\System32\drivers\mpsdrv.sys
0xACB0D000 \SystemRoot\system32\drivers\mrxdav.sys
0xACB2D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xACB4C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xACB85000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xACB9D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xADC0B000 \SystemRoot\System32\DRIVERS\srv.sys
0xADC59000 \SystemRoot\system32\drivers\peauth.sys
0xADD37000 \SystemRoot\System32\Drivers\secdrv.SYS
0xADD41000 \SystemRoot\System32\drivers\tcpipreg.sys
0xADD4D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76DB0000 \Windows\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
528 C:\Windows\System32\smss.exe
640 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1000 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1044 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\audiodg.exe
1372 C:\Windows\System32\SLsvc.exe
1424 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\svchost.exe
1728 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1780 C:\Windows\System32\wlanext.exe
1868 C:\Windows\System32\spoolsv.exe
1896 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1932 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\agrsmsvc.exe
552 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
604 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12 C:\Program Files\Bonjour\mDNSResponder.exe
680 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
1364 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2272 C:\Windows\System32\svchost.exe
2284 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2312 C:\Windows\System32\svchost.exe
2356 C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
2408 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2508 C:\Windows\System32\TODDSrv.exe
2528 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2608 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2620 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2648 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2664 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2680 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\SearchIndexer.exe
3088 WmiPrvSE.exe
3272 C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
3352 unsecapp.exe
3600 C:\Windows\System32\dwm.exe
3620 C:\Windows\System32\taskeng.exe
4000 C:\Windows\System32\igfxtray.exe
4028 C:\Windows\System32\igfxsrvc.exe
4048 C:\Windows\System32\hkcmd.exe
4088 C:\Windows\System32\igfxpers.exe
2240 C:\Windows\RtHDVCpl.exe
2260 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2268 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
2732 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
1184 C:\Program Files\Windows Defender\MSASCui.exe
2908 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
892 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1796 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
3072 C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
3124 C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
3400 C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
3028 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3564 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1448 C:\Program Files\iTunes\iTunesHelper.exe
3868 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1308 C:\Windows\System32\wbem\unsecapp.exe
3960 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2252 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2940 C:\Windows\System32\taskeng.exe
2772 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
4696 C:\Program Files\iPod\bin\iPodService.exe
4968 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5680 C:\Windows\explorer.exe
5236 C:\Windows\System32\wuauclt.exe
5596 C:\Users\kate\AppData\Local\Google\Chrome\Application\chrome.exe
3188 C:\Users\kate\AppData\Local\Google\Chrome\Application\chrome.exe
4476 C:\Users\kate\AppData\Local\Google\Chrome\Application\chrome.exe
1456 C:\Windows\servicing\TrustedInstaller.exe
5908 WmiPrvSE.exe
3036 C:\Windows\System32\SearchProtocolHost.exe
5620 C:\Windows\System32\SearchFilterHost.exe
5956 dllhost.exe
3416 dllhost.exe
3856 C:\Users\kate\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV010M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 02 December 2010 - 06:03 PM

Good, so far there's nothing.


Please now run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 December 2010 - 06:56 PM

ComboFix 10-12-02.01 - kate 12/02/2010 17:47:30.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1654 [GMT -6:00]
Running from: c:\users\kate\Desktop\comfix.exe.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-02 to 2010-12-02 )))))))))))))))))))))))))))))))
.

2010-12-02 23:53 . 2010-12-02 23:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-02 23:53 . 2010-12-02 23:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-02 23:53 . 2010-12-02 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 21:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F13452-2E0C-40A7-9B98-1467A6726C10}\mpengine.dll
2010-11-10 05:46 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-08-11 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-29 08:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-27 20:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-27 19:49 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-27 19:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-27 19:49 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-27 19:49 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-28 19:35 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-28 19:35 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-28 19:35 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-28 19:35 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-28 19:35 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Google Update"="c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-02 07:36 321344 ----a-w- c:\users\kate\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 05:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-737594619-1414829202-3786626943-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-07-18 54416]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys [2009-07-18 160400]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-07-18 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-07-18 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-07-18 114192]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys [2009-07-18 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-07-18 160400]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-02 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:39]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\kate\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\kate\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\chachaguidebar@chacha.com
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\facepad@lazyrussian.com
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\firebug@software.joehewitt.com
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\kate\AppData\Roaming\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
AddRemove-Neopets - c:\program files\Neopets\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 17:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-02 17:55:21
ComboFix-quarantined-files.txt 2010-12-02 23:55
ComboFix2.txt 2010-08-13 01:45
ComboFix3.txt 2010-08-09 21:51

Pre-Run: 137,015,283,712 bytes free
Post-Run: 136,993,640,448 bytes free

- - End Of File - - 0B08DA2F1734F80BF5D33DC43C218151

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 02 December 2010 - 07:18 PM

This should remove the redirects. Please tell me if it does.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 December 2010 - 10:39 PM

I did everything you said but unfortunately the same thing is still going on. As soon as I got back on the internet to look at this thread it redirected the newly opened window to google-analytics.com.

Here's the log-


ComboFix 10-12-02.03 - kate 12/02/2010 21:22:47.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1631 [GMT -6:00]
Running from: c:\users\kate\Desktop\comfix.exe.exe
Command switches used :: c:\users\kate\Desktop\CFscript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 03:27 . 2010-12-03 03:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-03 03:27 . 2010-12-03 03:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-03 03:27 . 2010-12-03 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 21:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F13452-2E0C-40A7-9B98-1467A6726C10}\mpengine.dll
2010-11-10 05:46 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-08-11 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-29 08:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-27 20:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-27 19:49 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-27 19:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-27 19:49 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-27 19:49 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-28 19:35 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-28 19:35 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-28 19:35 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-28 19:35 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-28 19:35 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Google Update"="c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-02 07:36 321344 ----a-w- c:\users\kate\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 05:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-737594619-1414829202-3786626943-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-07-18 54416]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys [2009-07-18 160400]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-07-18 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-07-18 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-07-18 114192]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys [2009-07-18 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-07-18 160400]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-02 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:39]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\kate\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\kate\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\chachaguidebar@chacha.com
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\facepad@lazyrussian.com
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\firebug@software.joehewitt.com
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\kate\AppData\Roaming\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 21:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-02 21:29:01
ComboFix-quarantined-files.txt 2010-12-03 03:28
ComboFix2.txt 2010-12-02 23:55
ComboFix3.txt 2010-08-13 01:45
ComboFix4.txt 2010-08-09 21:51

Pre-Run: 136,341,749,760 bytes free
Post-Run: 136,317,566,976 bytes free

- - End Of File - - 3BE784F891D69E6A37AD80D64E02ED17

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 03 December 2010 - 07:34 PM

At the moment we are just trying to clean the PC. Don't be too alarmed if the redirections continue.

In this case the Combofix script was reversed by the malware.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Now run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Finally please run OTL which will scan your computer

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 December 2010 - 01:50 AM

the 2nd log from OTL never popped up :( thank you for your help so far

combofix-


ComboFix 10-12-03.01 - kate 12/03/2010 22:42:52.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1599 [GMT -6:00]
Running from: c:\users\kate\Desktop\comfix.exe.exe
Command switches used :: c:\users\kate\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 04:48 . 2010-12-04 04:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-04 04:48 . 2010-12-04 04:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-04 04:48 . 2010-12-04 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 21:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F13452-2E0C-40A7-9B98-1467A6726C10}\mpengine.dll
2010-11-10 05:46 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-08-11 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-29 08:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-27 20:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-27 19:49 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-27 19:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-27 19:49 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-27 19:49 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-28 19:35 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-28 19:35 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-28 19:35 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-28 19:35 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-28 19:35 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Google Update"="c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-02 07:36 321344 ----a-w- c:\users\kate\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 05:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-737594619-1414829202-3786626943-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-07-18 54416]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys [2009-07-18 160400]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-07-18 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-07-18 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-07-18 114192]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys [2009-07-18 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-07-18 160400]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-02 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:39]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\kate\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\kate\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\chachaguidebar@chacha.com
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\facepad@lazyrussian.com
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\firebug@software.joehewitt.com
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\kate\AppData\Roaming\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 22:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-03 22:49:53
ComboFix-quarantined-files.txt 2010-12-04 04:49
ComboFix2.txt 2010-12-03 03:29
ComboFix3.txt 2010-12-02 23:55
ComboFix4.txt 2010-08-13 01:45
ComboFix5.txt 2010-12-04 04:41

Pre-Run: 137,817,006,080 bytes free
Post-Run: 137,793,413,120 bytes free

- - End Of File - - 0F1570659D5CE50E497DAE4A22C334F3



MBAM-


ComboFix 10-12-03.01 - kate 12/03/2010 22:42:52.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1599 [GMT -6:00]
Running from: c:\users\kate\Desktop\comfix.exe.exe
Command switches used :: c:\users\kate\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 04:48 . 2010-12-04 04:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-04 04:48 . 2010-12-04 04:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-04 04:48 . 2010-12-04 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-30 21:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84F13452-2E0C-40A7-9B98-1467A6726C10}\mpengine.dll
2010-11-10 05:46 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-08-11 06:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-29 08:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-27 20:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-27 19:49 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-27 19:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-27 19:49 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-27 19:49 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-28 19:35 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-28 19:35 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-28 19:35 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-28 19:35 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-28 19:35 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"Google Update"="c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^kate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-02 07:36 321344 ----a-w- c:\users\kate\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 05:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-737594619-1414829202-3786626943-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-07-18 54416]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys [2009-07-18 160400]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-07-18 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-07-18 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-07-18 114192]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys [2009-07-18 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-07-18 160400]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-02 721904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:39]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
- c:\users\kate\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 05:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\kate\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\kate\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kate\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\kate\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\chachaguidebar@chacha.com
FF - Extension: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\facepad@lazyrussian.com
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\firebug@software.joehewitt.com
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\kate\AppData\Roaming\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 22:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-03 22:49:53
ComboFix-quarantined-files.txt 2010-12-04 04:49
ComboFix2.txt 2010-12-03 03:29
ComboFix3.txt 2010-12-02 23:55
ComboFix4.txt 2010-08-13 01:45
ComboFix5.txt 2010-12-04 04:41

Pre-Run: 137,817,006,080 bytes free
Post-Run: 137,793,413,120 bytes free

- - End Of File - - 0F1570659D5CE50E497DAE4A22C334F3



OTL-


OTL logfile created on: 12/4/2010 12:41:20 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\kate\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.53 Gb Total Space | 128.18 Gb Free Space | 44.27% Space Free | Partition Type: NTFS

Computer Name: KATE-PC | User Name: kate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kate\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\kate\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\kate\AppData\Local\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PTUMWBus) -- C:\Windows\System32\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV - (PTUMWVsp) -- C:\Windows\System32\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNSP) -- C:\Windows\System32\drivers\PTUMWNSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNET) -- C:\Windows\System32\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV - (PTUMWMdm) -- C:\Windows\System32\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWFLT) -- C:\Windows\System32\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV - (PTUMWCSP) -- C:\Windows\System32\drivers\PTUMWCSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.6.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.35
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59695

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/10/29 02:03:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 16:41:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 11:20:12 | 000,000,000 | ---D | M]

[2009/04/13 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mozilla\Extensions
[2009/04/11 16:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kate\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/13 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/02 15:17:38 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions
[2010/10/29 13:49:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/25 17:49:02 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/07/22 01:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/22 01:18:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/13 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\chachaguidebar@chacha.com
[2009/10/21 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\facepad@lazyrussian.com
[2009/07/17 02:53:05 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mozilla\Firefox\Profiles\s76ljepi.default\extensions\firebug@software.joehewitt.com
[2010/08/10 00:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 16:41:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/10 00:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/07 16:41:26 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/07 16:41:26 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 10:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/08/10 00:59:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/25 10:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 10:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/01/07 16:41:27 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/07 15:55:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/09/25 10:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/12/17 18:41:26 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/17 18:41:26 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/17 18:41:26 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/17 18:41:26 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/17 18:41:26 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/17 18:41:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/17 18:41:27 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/12 19:43:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\kate\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kate\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\kate\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/04 00:37:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\kate\Desktop\OTL.exe
[2010/12/03 22:49:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/03 22:49:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/03 22:40:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/01 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\kate\Desktop\tdsskiller (2)
[2010/11/28 18:38:08 | 001,344,088 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\kate\Desktop\TDSSKiller.exe
[2010/11/21 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\kate\Desktop\gmer (1)
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/04 00:37:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\kate\Desktop\OTL.exe
[2010/12/03 23:54:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/03 23:04:40 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/03 23:04:40 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/03 22:57:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 22:57:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 22:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000UA.job
[2010/12/03 22:40:40 | 003,984,255 | R--- | M] () -- C:\Users\kate\Desktop\comfix.exe.exe
[2010/12/02 22:58:12 | 000,002,048 | ---- | M] () -- C:\Users\kate\Desktop\Google Chrome.lnk
[2010/12/02 22:58:12 | 000,002,010 | ---- | M] () -- C:\Users\kate\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/01 21:22:59 | 000,080,384 | ---- | M] () -- C:\Users\kate\Desktop\MBRCheck.exe
[2010/12/01 21:19:57 | 001,229,411 | ---- | M] () -- C:\Users\kate\Desktop\tdsskiller (2).zip
[2010/11/29 19:54:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-737594619-1414829202-3786626943-1000Core.job
[2010/11/29 18:40:23 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 18:38:08 | 001,344,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\kate\Desktop\TDSSKiller.exe
[2010/11/22 01:14:15 | 581,503,197 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/21 21:48:10 | 000,288,107 | ---- | M] () -- C:\Users\kate\Desktop\gmer (1).zip
[2010/11/21 21:36:02 | 000,630,272 | ---- | M] () -- C:\Users\kate\Desktop\dds.scr
[2010/11/21 18:17:51 | 000,006,648 | ---- | M] () -- C:\Users\kate\AppData\Local\d3d9caps.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/02 17:39:39 | 003,984,255 | R--- | C] () -- C:\Users\kate\Desktop\comfix.exe.exe
[2010/12/01 21:22:58 | 000,080,384 | ---- | C] () -- C:\Users\kate\Desktop\MBRCheck.exe
[2010/12/01 21:19:54 | 001,229,411 | ---- | C] () -- C:\Users\kate\Desktop\tdsskiller (2).zip
[2010/11/22 01:13:17 | 581,503,197 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/21 21:48:09 | 000,288,107 | ---- | C] () -- C:\Users\kate\Desktop\gmer (1).zip
[2010/11/21 21:36:00 | 000,630,272 | ---- | C] () -- C:\Users\kate\Desktop\dds.scr
[2010/04/09 08:13:43 | 000,000,552 | ---- | C] () -- C:\Users\kate\AppData\Local\d3d8caps.dat
[2009/09/04 02:29:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/14 05:00:01 | 000,006,648 | ---- | C] () -- C:\Users\kate\AppData\Local\d3d9caps.dat
[2009/05/08 22:07:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/30 12:47:17 | 000,000,183 | ---- | C] () -- C:\Windows\aimpr.ini
[2009/04/26 05:48:36 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/04/26 05:48:21 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/13 23:03:56 | 000,000,600 | ---- | C] () -- C:\Users\kate\AppData\Roaming\winscp.rnd
[2009/04/13 17:41:23 | 000,034,304 | ---- | C] () -- C:\Users\kate\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 16:27:44 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/04/11 16:27:42 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/01/18 01:27:03 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/01/18 01:27:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/01/18 01:27:03 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/01/18 01:27:03 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/14 13:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/14 13:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/14 13:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/14 13:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/14 13:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/14 13:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/07/08 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\.purple
[2009/04/11 16:59:23 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\acccore
[2010/08/11 00:15:41 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Any Video Converter
[2010/08/07 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Atari
[2010/05/20 01:16:19 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\BitTorrent
[2009/06/02 01:56:51 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\DAEMON Tools Lite
[2009/09/19 01:19:09 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\DNA
[2009/04/12 22:22:36 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\FlashGet
[2009/08/27 17:44:55 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\FMZilla
[2009/04/12 22:32:55 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\GrabPro
[2009/07/08 04:15:20 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\gtk-2.0
[2009/04/14 02:32:54 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\IObit
[2009/12/06 16:13:48 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\IrfanView
[2009/04/15 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Leadertech
[2010/10/27 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\LimeWire
[2010/04/15 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Mael
[2009/04/26 05:54:02 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\MAGIX
[2009/08/27 01:45:16 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\NCH Swift Sound
[2009/11/11 01:30:50 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\OpenOffice.org
[2009/04/12 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Orbit
[2009/05/07 00:49:01 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\stickies
[2009/04/14 23:07:00 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\Thunderbird
[2009/05/29 13:56:57 | 000,000,000 | ---D | M] -- C:\Users\kate\AppData\Roaming\uTorrent
[2010/11/29 18:40:23 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/12/03 22:56:02 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 04 December 2010 - 11:04 AM

You've posted the Combofix log twice. Please post the MBAM log - to get to it, open MBAM and look for the Logs tab. Select the latest log and click it open. Now copy and paste it in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 December 2010 - 02:33 PM

ahh im sorry, i was really tired when i posted them because mbam took forever to finish.

here you go-

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/4/2010 12:37:05 AM
mbam-log-2010-12-04 (00-37-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 300113
Time elapsed: 1 hour(s), 36 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:27 AM

Posted 04 December 2010 - 06:09 PM

Okay, thanks. One more quicker scan to do

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#15 kate smock

kate smock
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 December 2010 - 11:06 PM

i'm trying to do that now, but during the initialization stage it said "Unexpected Error 2002" in red over the bar where it showed the progress of downloading the signature database...i tried it again and it did the same after 9%. i'll try it in another browser.

edit: nevermind, i got it to work in internet explorer! currently scanning

Edited by kate smock, 04 December 2010 - 11:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users