Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mozilla pop up with bad ads 3 times, told me one was an attack page


  • This topic is locked This topic is locked
46 replies to this topic

#1 vcalemine

vcalemine

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 18 March 2012 - 12:17 AM

i came from the other forum http://www.bleepingcomputer.com/forums/topic446633.html/page__gopid__2635061#entry2635061



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Toshiba at 1:10:17 on 2012-03-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1164 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxeacoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Trend Micro\Browser Guard\BGUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Toshiba\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard\TMAMS.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard\tmieg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\toshiba\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Trend Micro Browser Guard] "c:\program files\trend micro\browser guard\BGUI.EXE"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{48681A48-525C-4DA5-9B3F-BC63481AEEC7} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko10.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko8.dll
FF - component: c:\users\toshiba\appdata\roaming\mozilla\firefox\profiles\jpcl7fy1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toshiba\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-11-9 20352]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl2b048b3b;MpKsl2b048b3b;c:\programdata\microsoft\microsoft antimalware\definition updates\{088baf88-0484-49f0-9342-69a49f48f339}\MpKsl2b048b3b.sys [2012-3-17 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-13 490840]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-1-20 13440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-6-14 193192]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-5 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-12 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-2 135664]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-11-23 105984]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-11-23 105984]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-11-9 937984]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-1-29 23680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-18 03:43:48 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{088baf88-0484-49f0-9342-69a49f48f339}\MpKsl2b048b3b.sys
2012-03-18 03:22:01 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{088baf88-0484-49f0-9342-69a49f48f339}\mpengine.dll
2012-03-18 01:14:56 -------- d-----w- c:\users\toshiba\appdata\roaming\SUPERAntiSpyware.com
2012-03-18 01:14:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-18 01:14:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-17 18:01:37 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 18:01:37 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 09:51:26 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:51:23 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 09:51:23 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:51:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 09:51:08 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:51:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 09:51:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 09:51:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 09:51:05 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-18 06:17:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-18 06:17:20 16824 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-02-18 06:17:19 818104 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-02-18 06:17:19 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-18 06:17:19 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-18 06:17:19 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-18 06:17:19 441272 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-02-18 06:17:19 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-18 06:17:19 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-18 06:17:19 1969080 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-02-18 06:17:19 16312 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-02-18 06:17:19 101304 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-02-17 18:42:30 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aad25aa9-a36f-4639-aa4d-352f932b7333}\gapaengine.dll
2012-02-17 18:40:40 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-07 07:01:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-20 00:13:02 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-20 00:13:02 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-13 20:09:54 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 20:09:54 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 20:09:54 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 20:09:54 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 20:09:54 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 20:09:54 1259008 ----a-w- c:\windows\system32\lsasrv.dll
.
============= FINISH: 1:11:00.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 18 March 2012 - 02:55 AM

i just ran this gmer scan in the other forum. everything was fine. it took less than an hour to run. this time, it has been almost 3 hours, i have less things checked and it still wasn't finished. it was going sooooooooo slow. i will gladly run it again in the morning but i need to go to bed.

aside from the things i unchecked, there is one difference between this log and the one in the other forum--the second ? file


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-18 03:41:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-26UST0 rev.01.01A01
Running: 9m5r8mu8.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\pwlirfow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FACB640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 822B7DA4 4 Bytes [40, B6, AC, 8F]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A157000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A1A0000, 0x510, 0x40000040]
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
? C:\Users\Toshiba\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[4012] kernel32.dll!CreateThread + 1A 7658CB48 4 Bytes CALL 004553F1 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

#3 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 18 March 2012 - 09:57 AM

ok, so i deleted all the other gmers that were on my computer, booted up into safemode with networking. i started to run gmer and it was going through the files quickly. then it said it encountered an error and needed to close after 15 seconds or so. i closed it, then opened it up and ran it again. it switched to a blue screen and told me my computer was shutting down to protect itself.

when i rebooted, it told me i had recovered from an unexpected error. i copied this out of it. not sure if it is helpful.


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: AC620000
BCP2: 00000000
BCP3: 8225A784
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini031812-01.dmp
C:\Users\Toshiba\AppData\Local\temp\WER-72727-0.sysdata.xml
C:\Users\Toshiba\AppData\Local\temp\WERCA11.tmp.version.txt

I have run gmer one time fully and a partial time last night. should i attempt to run it again or should i just let it go for now?

blah, vonnie

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 19 March 2012 - 10:30 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 01:51 AM

I had copied the log and when i went to open firefox, it gave me that illegal thing. i rebooted but now i can't find the log. i thought the name had combo in it. do you know what it usually names its logs?

sorry to be a pain right off the bat

#6 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 02:31 AM

i ran it again. i hope that was ok.

my computer isn't acting weird. the only thing it does is have ads open up in a second window randomly. it hasn't done it tonight but i did go to the grocery store last night and when i got back i had three so the weirdness is random but if i have those ads something has to be on my comp, right?

ComboFix 12-03-18.04 - Toshiba 03/20/2012 3:02.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2058 [GMT -4:00]
Running from: c:\users\Toshiba\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 07:13 . 2012-03-20 07:13 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2012-03-20 07:13 . 2012-03-20 07:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-20 07:13 . 2012-03-20 07:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-20 07:13 . 2012-03-20 07:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 14:55 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A146B50D-5C40-4993-B415-E668A0C4F503}\mpengine.dll
2012-03-18 01:14 . 2012-03-18 01:14 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 01:14 . 2012-03-18 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-18 01:14 . 2012-03-18 01:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-17 18:01 . 2012-03-17 18:01 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 18:01 . 2012-03-17 18:01 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 09:51 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:51 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 09:51 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:51 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 09:51 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:51 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 09:51 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 09:51 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 09:51 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-08 20:11 . 2012-03-08 20:11 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:01 . 2011-06-01 06:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 18:37 . 2012-02-17 18:42 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAD25AA9-A36F-4639-AA4D-352F932B7333}\gapaengine.dll
2012-02-17 18:37 . 2011-05-06 03:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-08 06:03 . 2011-05-07 03:39 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-12-26 14:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 05:13 . 2012-01-30 05:13 388096 ----a-r- c:\users\Toshiba\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-20 00:13 . 2012-01-20 00:14 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-20 00:13 . 2010-09-30 18:31 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-13 20:09 . 2012-01-13 20:09 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 20:09 . 2012-01-13 20:09 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 20:09 . 2012-01-13 20:09 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 20:09 . 2012-01-13 20:09 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 20:09 . 2012-01-13 20:09 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 20:09 . 2012-01-13 20:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-10-12 20:33 . 2010-10-12 20:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 22:15 . 2010-10-12 22:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 20:37 . 2010-10-12 20:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 20:35 . 2010-10-12 20:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 20:34 . 2010-10-12 20:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 20:32 . 2010-10-12 20:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 20:35 . 2010-10-12 20:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 20:34 . 2010-10-12 20:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 16:42 . 2010-07-14 16:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 20:37 . 2010-10-12 20:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-03-17 18:01 . 2012-02-18 06:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-10 00:28 . 2010-05-21 12:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-20_06.30.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-03-20 06:43 68730 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-03-20 06:43 88038 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-09 23:31 . 2012-03-20 06:43 12880 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-460091276-2368940623-1154944213-1000_UserData.bin
- 2009-11-09 23:31 . 2012-03-20 06:11 12880 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-460091276-2368940623-1154944213-1000_UserData.bin
- 2012-03-20 06:09 . 2012-03-20 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 06:41 . 2012-03-20 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 06:09 . 2012-03-20 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-20 06:41 . 2012-03-20 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2012-03-20 06:47 606602 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-03-20 06:14 606602 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2012-03-20 06:47 105170 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2012-03-20 06:14 105170 c:\windows\System32\perfc009.dat
+ 2011-02-20 15:24 . 2012-03-20 06:40 385468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-20 15:24 . 2012-03-20 06:07 385468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-13 20:50 . 2012-03-20 06:40 2547904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-13 20:50 . 2012-03-20 06:07 2547904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-09 20:05 . 2012-03-20 06:40 3826980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-460091276-2368940623-1154944213-1000-8192.dat
- 2011-04-09 20:05 . 2012-03-20 06:07 3826980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-460091276-2368940623-1154944213-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Trend Micro Browser Guard"="c:\program files\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-26 787984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2011-01-24 00:08 148280 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-09-10 00:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-23 14:11 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2011-01-24 00:08 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-25 16:59 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 23:41]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 23:41]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-460091276-2368940623-1154944213-1000Core.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 04:21]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-460091276-2368940623-1154944213-1000UA.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 04:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\jpcl7fy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-20 03:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-20 03:22:33
ComboFix-quarantined-files.txt 2012-03-20 07:22
ComboFix2.txt 2012-03-20 06:38
.
Pre-Run: 166,549,606,400 bytes free
Post-Run: 166,501,937,152 bytes free
.
- - End Of File - - DA27FBE7AD345C76267265E1511E616D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 20 March 2012 - 02:36 AM

Greetings

i had three so the weirdness is random but if i have those ads something has to be on my comp, right?


Not necessarily - start keeping track of them and see if it happens on all websites or if it only happens on one

also check if it happens on only one browser or if it happens on all of them

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 03:21 AM

i have chrome open. i will see if anything pop ups. i never got pop up and these aren't even pop ups, just open in another window. they are shady adverts, like virus scan stuff, contests, vacations. i opened the properties of one of the pages. i have it save on my comp. i don't know if that will help you or not



04:16:33.0184 1384 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
04:16:33.0486 1384 ============================================================
04:16:33.0486 1384 Current date / time: 2012/03/20 04:16:33.0486
04:16:33.0486 1384 SystemInfo:
04:16:33.0486 1384
04:16:33.0486 1384 OS Version: 6.0.6002 ServicePack: 2.0
04:16:33.0486 1384 Product type: Workstation
04:16:33.0486 1384 ComputerName: TOSHIBA-PC
04:16:33.0486 1384 UserName: Toshiba
04:16:33.0486 1384 Windows directory: C:\Windows
04:16:33.0487 1384 System windows directory: C:\Windows
04:16:33.0487 1384 Processor architecture: Intel x86
04:16:33.0487 1384 Number of processors: 2
04:16:33.0487 1384 Page size: 0x1000
04:16:33.0487 1384 Boot type: Normal boot
04:16:33.0487 1384 ============================================================
04:16:34.0631 1384 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:16:34.0633 1384 \Device\Harddisk0\DR0:
04:16:34.0634 1384 MBR used
04:16:34.0634 1384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
04:16:34.0687 1384 Initialize success
04:16:34.0687 1384 ============================================================
04:16:36.0886 4376 ============================================================
04:16:36.0886 4376 Scan started
04:16:36.0886 4376 Mode: Manual;
04:16:36.0886 4376 ============================================================
04:16:38.0323 4376 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:16:38.0327 4376 ACPI - ok
04:16:38.0407 4376 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
04:16:38.0411 4376 adp94xx - ok
04:16:38.0457 4376 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
04:16:38.0460 4376 adpahci - ok
04:16:38.0494 4376 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
04:16:38.0495 4376 adpu160m - ok
04:16:38.0529 4376 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
04:16:38.0531 4376 adpu320 - ok
04:16:38.0591 4376 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:16:38.0595 4376 AFD - ok
04:16:38.0675 4376 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
04:16:38.0685 4376 AgereSoftModem - ok
04:16:38.0724 4376 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
04:16:38.0725 4376 agp440 - ok
04:16:38.0753 4376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:16:38.0754 4376 aic78xx - ok
04:16:38.0799 4376 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
04:16:38.0800 4376 aliide - ok
04:16:38.0821 4376 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
04:16:38.0822 4376 amdagp - ok
04:16:38.0853 4376 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
04:16:38.0854 4376 amdide - ok
04:16:38.0884 4376 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
04:16:38.0885 4376 AmdK7 - ok
04:16:38.0924 4376 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
04:16:38.0925 4376 AmdK8 - ok
04:16:38.0973 4376 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
04:16:38.0975 4376 arc - ok
04:16:38.0998 4376 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
04:16:38.0999 4376 arcsas - ok
04:16:39.0036 4376 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:16:39.0036 4376 AsyncMac - ok
04:16:39.0080 4376 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:16:39.0080 4376 atapi - ok
04:16:39.0218 4376 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
04:16:39.0225 4376 athr - ok
04:16:39.0344 4376 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
04:16:39.0367 4376 atikmdag - ok
04:16:39.0390 4376 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
04:16:39.0390 4376 AtiPcie - ok
04:16:39.0421 4376 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:16:39.0422 4376 Beep - ok
04:16:39.0476 4376 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
04:16:39.0477 4376 blbdrive - ok
04:16:39.0519 4376 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:16:39.0520 4376 bowser - ok
04:16:39.0542 4376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:16:39.0543 4376 BrFiltLo - ok
04:16:39.0571 4376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:16:39.0572 4376 BrFiltUp - ok
04:16:39.0614 4376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:16:39.0615 4376 Brserid - ok
04:16:39.0638 4376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:16:39.0639 4376 BrSerWdm - ok
04:16:39.0670 4376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:16:39.0671 4376 BrUsbMdm - ok
04:16:39.0717 4376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:16:39.0718 4376 BrUsbSer - ok
04:16:39.0753 4376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:16:39.0754 4376 BTHMODEM - ok
04:16:39.0820 4376 catchme - ok
04:16:39.0854 4376 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:16:39.0855 4376 cdfs - ok
04:16:39.0918 4376 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
04:16:39.0918 4376 Cdr4_xp - ok
04:16:39.0931 4376 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
04:16:39.0933 4376 Cdralw2k - ok
04:16:39.0970 4376 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:16:39.0971 4376 cdrom - ok
04:16:40.0017 4376 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
04:16:40.0018 4376 circlass - ok
04:16:40.0069 4376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:16:40.0072 4376 CLFS - ok
04:16:40.0125 4376 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
04:16:40.0125 4376 CmBatt - ok
04:16:40.0155 4376 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
04:16:40.0156 4376 cmdide - ok
04:16:40.0184 4376 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
04:16:40.0185 4376 Compbatt - ok
04:16:40.0208 4376 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
04:16:40.0212 4376 crcdisk - ok
04:16:40.0248 4376 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
04:16:40.0249 4376 Crusoe - ok
04:16:40.0307 4376 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
04:16:40.0308 4376 ctxusbm - ok
04:16:40.0356 4376 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:16:40.0357 4376 DfsC - ok
04:16:40.0435 4376 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:16:40.0436 4376 disk - ok
04:16:40.0497 4376 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
04:16:40.0499 4376 Dot4 - ok
04:16:40.0523 4376 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:16:40.0523 4376 Dot4Print - ok
04:16:40.0555 4376 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
04:16:40.0556 4376 dot4usb - ok
04:16:40.0591 4376 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:16:40.0591 4376 drmkaud - ok
04:16:40.0641 4376 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:16:40.0647 4376 DXGKrnl - ok
04:16:40.0681 4376 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:16:40.0682 4376 E1G60 - ok
04:16:40.0742 4376 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:16:40.0744 4376 Ecache - ok
04:16:40.0828 4376 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
04:16:40.0832 4376 elxstor - ok
04:16:40.0878 4376 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
04:16:40.0878 4376 ErrDev - ok
04:16:40.0944 4376 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:16:40.0946 4376 exfat - ok
04:16:41.0037 4376 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:16:41.0039 4376 fastfat - ok
04:16:41.0130 4376 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
04:16:41.0131 4376 fdc - ok
04:16:41.0171 4376 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:16:41.0172 4376 FileInfo - ok
04:16:41.0208 4376 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:16:41.0209 4376 Filetrace - ok
04:16:41.0235 4376 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:16:41.0236 4376 flpydisk - ok
04:16:41.0261 4376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:16:41.0264 4376 FltMgr - ok
04:16:41.0307 4376 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
04:16:41.0307 4376 fssfltr - ok
04:16:41.0346 4376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:16:41.0347 4376 Fs_Rec - ok
04:16:41.0364 4376 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
04:16:41.0365 4376 FwLnk - ok
04:16:41.0396 4376 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
04:16:41.0397 4376 gagp30kx - ok
04:16:41.0457 4376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
04:16:41.0458 4376 GEARAspiWDM - ok
04:16:41.0523 4376 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:16:41.0526 4376 HdAudAddService - ok
04:16:41.0588 4376 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:16:41.0593 4376 HDAudBus - ok
04:16:41.0620 4376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:16:41.0621 4376 HidBth - ok
04:16:41.0658 4376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:16:41.0659 4376 HidIr - ok
04:16:41.0724 4376 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:16:41.0725 4376 HidUsb - ok
04:16:41.0753 4376 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
04:16:41.0754 4376 HpCISSs - ok
04:16:41.0830 4376 HtcUsbMdmV32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys
04:16:41.0831 4376 HtcUsbMdmV32 - ok
04:16:41.0858 4376 HtcVCom32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcVComV32.sys
04:16:41.0859 4376 HtcVCom32 - ok
04:16:41.0906 4376 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:16:41.0910 4376 HTTP - ok
04:16:41.0942 4376 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
04:16:41.0943 4376 i2omp - ok
04:16:42.0018 4376 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:16:42.0019 4376 i8042prt - ok
04:16:42.0046 4376 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
04:16:42.0050 4376 iaStorV - ok
04:16:42.0088 4376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:16:42.0088 4376 iirsp - ok
04:16:42.0195 4376 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
04:16:42.0210 4376 IntcAzAudAddService - ok
04:16:42.0238 4376 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
04:16:42.0239 4376 intelide - ok
04:16:42.0275 4376 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:16:42.0276 4376 intelppm - ok
04:16:42.0306 4376 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:16:42.0307 4376 IpFilterDriver - ok
04:16:42.0325 4376 IpInIp - ok
04:16:42.0363 4376 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
04:16:42.0364 4376 IPMIDRV - ok
04:16:42.0398 4376 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:16:42.0400 4376 IPNAT - ok
04:16:42.0428 4376 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:16:42.0429 4376 IRENUM - ok
04:16:42.0464 4376 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
04:16:42.0466 4376 isapnp - ok
04:16:42.0526 4376 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:16:42.0528 4376 iScsiPrt - ok
04:16:42.0558 4376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:16:42.0559 4376 iteatapi - ok
04:16:42.0588 4376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:16:42.0588 4376 iteraid - ok
04:16:42.0638 4376 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
04:16:42.0639 4376 jswpslwf - ok
04:16:42.0687 4376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:16:42.0688 4376 kbdclass - ok
04:16:42.0709 4376 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:16:42.0710 4376 kbdhid - ok
04:16:42.0760 4376 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
04:16:42.0763 4376 KR10I - ok
04:16:42.0796 4376 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
04:16:42.0798 4376 KR10N - ok
04:16:42.0856 4376 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
04:16:42.0860 4376 KSecDD - ok
04:16:42.0922 4376 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:16:42.0923 4376 lltdio - ok
04:16:42.0975 4376 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
04:16:42.0976 4376 LSI_FC - ok
04:16:43.0008 4376 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
04:16:43.0009 4376 LSI_SAS - ok
04:16:43.0049 4376 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
04:16:43.0050 4376 LSI_SCSI - ok
04:16:43.0071 4376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:16:43.0072 4376 luafv - ok
04:16:43.0113 4376 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
04:16:43.0114 4376 megasas - ok
04:16:43.0312 4376 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
04:16:43.0316 4376 MegaSR - ok
04:16:43.0353 4376 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:16:43.0354 4376 Modem - ok
04:16:43.0373 4376 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:16:43.0374 4376 monitor - ok
04:16:43.0431 4376 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
04:16:43.0432 4376 motccgp - ok
04:16:43.0469 4376 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
04:16:43.0470 4376 motccgpfl - ok
04:16:43.0495 4376 motmodem (4b4cc4125d39104d3bbfa890f572c33d) C:\Windows\system32\DRIVERS\motmodem.sys
04:16:43.0496 4376 motmodem - ok
04:16:43.0530 4376 motport (4b4cc4125d39104d3bbfa890f572c33d) C:\Windows\system32\DRIVERS\motport.sys
04:16:43.0531 4376 motport - ok
04:16:43.0568 4376 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:16:43.0569 4376 mouclass - ok
04:16:43.0597 4376 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:16:43.0598 4376 mouhid - ok
04:16:43.0628 4376 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:16:43.0629 4376 MountMgr - ok
04:16:43.0672 4376 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
04:16:43.0674 4376 MpFilter - ok
04:16:43.0712 4376 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
04:16:43.0714 4376 mpio - ok
04:16:43.0740 4376 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:16:43.0741 4376 MpNWMon - ok
04:16:43.0770 4376 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:16:43.0772 4376 mpsdrv - ok
04:16:43.0819 4376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:16:43.0820 4376 Mraid35x - ok
04:16:43.0860 4376 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:16:43.0861 4376 MRxDAV - ok
04:16:43.0930 4376 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:16:43.0931 4376 mrxsmb - ok
04:16:43.0986 4376 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:16:43.0989 4376 mrxsmb10 - ok
04:16:44.0014 4376 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:16:44.0016 4376 mrxsmb20 - ok
04:16:44.0045 4376 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
04:16:44.0046 4376 msahci - ok
04:16:44.0079 4376 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
04:16:44.0080 4376 msdsm - ok
04:16:44.0114 4376 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:16:44.0114 4376 Msfs - ok
04:16:44.0142 4376 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:16:44.0143 4376 msisadrv - ok
04:16:44.0182 4376 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:16:44.0182 4376 MSKSSRV - ok
04:16:44.0214 4376 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:16:44.0214 4376 MSPCLOCK - ok
04:16:44.0246 4376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:16:44.0247 4376 MSPQM - ok
04:16:44.0275 4376 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:16:44.0277 4376 MsRPC - ok
04:16:44.0310 4376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:16:44.0311 4376 mssmbios - ok
04:16:44.0345 4376 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:16:44.0346 4376 MSTEE - ok
04:16:44.0359 4376 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:16:44.0360 4376 Mup - ok
04:16:44.0434 4376 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:16:44.0436 4376 NativeWifiP - ok
04:16:44.0473 4376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:16:44.0478 4376 NDIS - ok
04:16:44.0495 4376 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:16:44.0496 4376 NdisTapi - ok
04:16:44.0516 4376 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:16:44.0517 4376 Ndisuio - ok
04:16:44.0543 4376 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:16:44.0544 4376 NdisWan - ok
04:16:44.0566 4376 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:16:44.0567 4376 NDProxy - ok
04:16:44.0600 4376 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:16:44.0601 4376 NetBIOS - ok
04:16:44.0639 4376 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:16:44.0642 4376 netbt - ok
04:16:44.0698 4376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:16:44.0699 4376 nfrd960 - ok
04:16:44.0745 4376 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:16:44.0746 4376 NisDrv - ok
04:16:44.0820 4376 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:16:44.0821 4376 Npfs - ok
04:16:44.0852 4376 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:16:44.0853 4376 nsiproxy - ok
04:16:44.0931 4376 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:16:44.0942 4376 Ntfs - ok
04:16:44.0967 4376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:16:44.0968 4376 ntrigdigi - ok
04:16:44.0994 4376 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:16:44.0995 4376 Null - ok
04:16:45.0033 4376 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
04:16:45.0035 4376 nvraid - ok
04:16:45.0065 4376 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
04:16:45.0066 4376 nvstor - ok
04:16:45.0099 4376 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
04:16:45.0100 4376 nv_agp - ok
04:16:45.0112 4376 NwlnkFlt - ok
04:16:45.0127 4376 NwlnkFwd - ok
04:16:45.0169 4376 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
04:16:45.0170 4376 ohci1394 - ok
04:16:45.0217 4376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:16:45.0218 4376 Parport - ok
04:16:45.0268 4376 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:16:45.0269 4376 partmgr - ok
04:16:45.0298 4376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:16:45.0299 4376 Parvdm - ok
04:16:45.0340 4376 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:16:45.0342 4376 pci - ok
04:16:45.0358 4376 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:16:45.0359 4376 pciide - ok
04:16:45.0397 4376 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:16:45.0399 4376 pcmcia - ok
04:16:45.0458 4376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:16:45.0466 4376 PEAUTH - ok
04:16:45.0546 4376 pneteth (713e294439d982bb161317de0136faa0) C:\Windows\system32\DRIVERS\pneteth.sys
04:16:45.0547 4376 pneteth - ok
04:16:45.0593 4376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:16:45.0594 4376 PptpMiniport - ok
04:16:45.0627 4376 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
04:16:45.0628 4376 Processor - ok
04:16:45.0689 4376 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:16:45.0690 4376 PSched - ok
04:16:45.0707 4376 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
04:16:45.0709 4376 PxHelp20 - ok
04:16:45.0776 4376 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
04:16:45.0786 4376 ql2300 - ok
04:16:45.0818 4376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:16:45.0819 4376 ql40xx - ok
04:16:45.0858 4376 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:16:45.0860 4376 QWAVEdrv - ok
04:16:45.0880 4376 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:16:45.0881 4376 RasAcd - ok
04:16:45.0911 4376 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:16:45.0912 4376 Rasl2tp - ok
04:16:45.0969 4376 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:16:45.0970 4376 RasPppoe - ok
04:16:46.0004 4376 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:16:46.0005 4376 RasSstp - ok
04:16:46.0042 4376 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:16:46.0045 4376 rdbss - ok
04:16:46.0068 4376 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:16:46.0069 4376 RDPCDD - ok
04:16:46.0108 4376 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
04:16:46.0111 4376 rdpdr - ok
04:16:46.0197 4376 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:16:46.0198 4376 RDPENCDD - ok
04:16:46.0316 4376 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
04:16:46.0318 4376 RDPWD - ok
04:16:46.0353 4376 RimUsb - ok
04:16:46.0388 4376 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
04:16:46.0389 4376 RimVSerPort - ok
04:16:46.0408 4376 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
04:16:46.0409 4376 ROOTMODEM - ok
04:16:46.0436 4376 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:16:46.0438 4376 rspndr - ok
04:16:46.0491 4376 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
04:16:46.0494 4376 RTL8169 - ok
04:16:46.0513 4376 RTSTOR (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS
04:16:46.0514 4376 RTSTOR - ok
04:16:46.0629 4376 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:16:46.0630 4376 SASDIFSV - ok
04:16:46.0647 4376 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:16:46.0648 4376 SASKUTIL - ok
04:16:46.0686 4376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:16:46.0687 4376 sbp2port - ok
04:16:46.0743 4376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:16:46.0744 4376 secdrv - ok
04:16:46.0778 4376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:16:46.0779 4376 Serenum - ok
04:16:46.0846 4376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:16:46.0847 4376 Serial - ok
04:16:46.0868 4376 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:16:46.0869 4376 sermouse - ok
04:16:46.0938 4376 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
04:16:46.0939 4376 sffdisk - ok
04:16:46.0983 4376 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
04:16:46.0984 4376 sffp_mmc - ok
04:16:47.0012 4376 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
04:16:47.0013 4376 sffp_sd - ok
04:16:47.0036 4376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:16:47.0037 4376 sfloppy - ok
04:16:47.0070 4376 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
04:16:47.0071 4376 sisagp - ok
04:16:47.0101 4376 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
04:16:47.0102 4376 SiSRaid2 - ok
04:16:47.0135 4376 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
04:16:47.0136 4376 SiSRaid4 - ok
04:16:47.0172 4376 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:16:47.0173 4376 Smb - ok
04:16:47.0262 4376 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
04:16:47.0263 4376 SMSIVZAM5 - ok
04:16:47.0320 4376 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:16:47.0320 4376 spldr - ok
04:16:47.0379 4376 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:16:47.0382 4376 srv - ok
04:16:47.0420 4376 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:16:47.0423 4376 srv2 - ok
04:16:47.0462 4376 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:16:47.0464 4376 srvnet - ok
04:16:47.0510 4376 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
04:16:47.0511 4376 StillCam - ok
04:16:47.0540 4376 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:16:47.0541 4376 swenum - ok
04:16:47.0586 4376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:16:47.0587 4376 Symc8xx - ok
04:16:47.0616 4376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:16:47.0617 4376 Sym_hi - ok
04:16:47.0650 4376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:16:47.0651 4376 Sym_u3 - ok
04:16:47.0708 4376 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
04:16:47.0710 4376 SynTP - ok
04:16:47.0853 4376 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
04:16:47.0860 4376 Tcpip - ok
04:16:47.0920 4376 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
04:16:47.0928 4376 Tcpip6 - ok
04:16:47.0998 4376 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
04:16:47.0999 4376 tcpipreg - ok
04:16:48.0038 4376 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
04:16:48.0039 4376 tdcmdpst - ok
04:16:48.0081 4376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:16:48.0082 4376 TDPIPE - ok
04:16:48.0116 4376 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:16:48.0117 4376 TDTCP - ok
04:16:48.0154 4376 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:16:48.0156 4376 tdx - ok
04:16:48.0192 4376 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:16:48.0193 4376 TermDD - ok
04:16:48.0263 4376 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
04:16:48.0266 4376 tos_sps32 - ok
04:16:48.0322 4376 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:16:48.0323 4376 tssecsrv - ok
04:16:48.0357 4376 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:16:48.0358 4376 tunmp - ok
04:16:48.0396 4376 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:16:48.0397 4376 tunnel - ok
04:16:48.0446 4376 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
04:16:48.0447 4376 TVALZ - ok
04:16:48.0470 4376 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
04:16:48.0471 4376 uagp35 - ok
04:16:48.0525 4376 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:16:48.0528 4376 udfs - ok
04:16:48.0582 4376 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
04:16:48.0583 4376 uliagpkx - ok
04:16:48.0629 4376 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
04:16:48.0631 4376 uliahci - ok
04:16:48.0663 4376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:16:48.0664 4376 UlSata - ok
04:16:48.0708 4376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:16:48.0710 4376 ulsata2 - ok
04:16:48.0724 4376 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:16:48.0725 4376 umbus - ok
04:16:48.0784 4376 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
04:16:48.0785 4376 USBAAPL - ok
04:16:48.0797 4376 usbbus - ok
04:16:48.0832 4376 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:16:48.0833 4376 usbccgp - ok
04:16:48.0864 4376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:16:48.0865 4376 usbcir - ok
04:16:48.0880 4376 UsbDiag - ok
04:16:48.0939 4376 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:16:48.0941 4376 usbehci - ok
04:16:48.0987 4376 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:16:48.0991 4376 usbhub - ok
04:16:49.0004 4376 USBModem - ok
04:16:49.0035 4376 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
04:16:49.0036 4376 usbohci - ok
04:16:49.0082 4376 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:16:49.0083 4376 usbprint - ok
04:16:49.0137 4376 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
04:16:49.0139 4376 usbscan - ok
04:16:49.0189 4376 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:16:49.0191 4376 USBSTOR - ok
04:16:49.0221 4376 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
04:16:49.0222 4376 usbuhci - ok
04:16:49.0263 4376 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
04:16:49.0265 4376 usbvideo - ok
04:16:49.0310 4376 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
04:16:49.0311 4376 vga - ok
04:16:49.0346 4376 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:16:49.0347 4376 VgaSave - ok
04:16:49.0379 4376 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
04:16:49.0380 4376 viaagp - ok
04:16:49.0418 4376 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
04:16:49.0419 4376 ViaC7 - ok
04:16:49.0457 4376 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
04:16:49.0459 4376 viaide - ok
04:16:49.0494 4376 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:16:49.0495 4376 volmgr - ok
04:16:49.0535 4376 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:16:49.0539 4376 volmgrx - ok
04:16:49.0580 4376 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:16:49.0583 4376 volsnap - ok
04:16:49.0605 4376 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
04:16:49.0608 4376 vsmraid - ok
04:16:49.0674 4376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:16:49.0675 4376 WacomPen - ok
04:16:49.0701 4376 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:49.0702 4376 Wanarp - ok
04:16:49.0709 4376 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:16:49.0711 4376 Wanarpv6 - ok
04:16:49.0751 4376 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
04:16:49.0752 4376 Wd - ok
04:16:49.0832 4376 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:16:49.0837 4376 Wdf01000 - ok
04:16:49.0940 4376 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
04:16:49.0941 4376 WinUSB - ok
04:16:49.0986 4376 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
04:16:49.0987 4376 WmiAcpi - ok
04:16:50.0041 4376 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:16:50.0042 4376 ws2ifsl - ok
04:16:50.0099 4376 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:16:50.0100 4376 WUDFRd - ok
04:16:50.0143 4376 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
04:16:50.0197 4376 \Device\Harddisk0\DR0 - ok
04:16:50.0207 4376 Boot (0x1200) (837a8982be8c986768a5eb7cde524361) \Device\Harddisk0\DR0\Partition0
04:16:50.0209 4376 \Device\Harddisk0\DR0\Partition0 - ok
04:16:50.0210 4376 ============================================================
04:16:50.0210 4376 Scan finished
04:16:50.0210 4376 ============================================================
04:16:50.0232 4628 Detected object count: 0
04:16:50.0232 4628 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-20 03:48:32
-----------------------------
03:48:32.396 OS Version: Windows 6.0.6002 Service Pack 2
03:48:32.396 Number of processors: 2 586 0x6802
03:48:32.397 ComputerName: TOSHIBA-PC UserName: Toshiba
03:48:33.972 Initialize success
03:49:38.591 AVAST engine defs: 12031700
03:49:47.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:49:47.464 Disk 0 Vendor: WDC_WD2500BEVS-26UST0 01.01A01 Size: 238475MB BusType: 3
03:49:47.514 Disk 0 MBR read successfully
03:49:47.517 Disk 0 MBR scan
03:49:47.539 Disk 0 Windows VISTA default MBR code
03:49:47.553 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
03:49:47.578 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
03:49:47.587 Disk 0 scanning sectors +488396800
03:49:47.668 Disk 0 scanning C:\Windows\system32\drivers
03:49:59.811 Service scanning
03:50:34.790 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
03:51:12.022 Modules scanning
03:51:17.012 Disk 0 trace - called modules:
03:51:17.037 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
03:51:17.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85833a58]
03:51:17.052 3 CLASSPNP.SYS[82f128b3] -> nt!IofCallDriver -> [0x85776c10]
03:51:17.059 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8574d5e0]
03:51:18.362 AVAST engine scan C:\Windows
03:51:23.525 AVAST engine scan C:\Windows\system32
03:56:23.853 AVAST engine scan C:\Windows\system32\drivers
03:56:39.555 AVAST engine scan C:\Users\Toshiba
04:03:45.059 AVAST engine scan C:\ProgramData
04:08:13.295 Scan finished successfully
04:14:51.706 Disk 0 MBR has been saved successfully to "C:\Users\Toshiba\Desktop\MBR.dat"
04:14:51.713 The log file has been saved successfully to "C:\Users\Toshiba\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-20 03:48:32
-----------------------------
03:48:32.396 OS Version: Windows 6.0.6002 Service Pack 2
03:48:32.396 Number of processors: 2 586 0x6802
03:48:32.397 ComputerName: TOSHIBA-PC UserName: Toshiba
03:48:33.972 Initialize success
03:49:38.591 AVAST engine defs: 12031700
03:49:47.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:49:47.464 Disk 0 Vendor: WDC_WD2500BEVS-26UST0 01.01A01 Size: 238475MB BusType: 3
03:49:47.514 Disk 0 MBR read successfully
03:49:47.517 Disk 0 MBR scan
03:49:47.539 Disk 0 Windows VISTA default MBR code
03:49:47.553 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
03:49:47.578 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
03:49:47.587 Disk 0 scanning sectors +488396800
03:49:47.668 Disk 0 scanning C:\Windows\system32\drivers
03:49:59.811 Service scanning
03:50:34.790 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
03:51:12.022 Modules scanning
03:51:17.012 Disk 0 trace - called modules:
03:51:17.037 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
03:51:17.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85833a58]
03:51:17.052 3 CLASSPNP.SYS[82f128b3] -> nt!IofCallDriver -> [0x85776c10]
03:51:17.059 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8574d5e0]
03:51:18.362 AVAST engine scan C:\Windows
03:51:23.525 AVAST engine scan C:\Windows\system32
03:56:23.853 AVAST engine scan C:\Windows\system32\drivers
03:56:39.555 AVAST engine scan C:\Users\Toshiba
04:03:45.059 AVAST engine scan C:\ProgramData
04:08:13.295 Scan finished successfully
04:14:51.706 Disk 0 MBR has been saved successfully to "C:\Users\Toshiba\Desktop\MBR.dat"
04:14:51.713 The log file has been saved successfully to "C:\Users\Toshiba\Desktop\aswMBR.txt"
04:17:55.626 Disk 0 MBR has been saved successfully to "C:\Users\Toshiba\Desktop\MBR.dat"
04:17:55.633 The log file has been saved successfully to "C:\Users\Toshiba\Desktop\aswMBR.txt"

#9 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 09:30 AM

why did this line C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 come up as yellow?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 20 March 2012 - 01:04 PM

Greetings

I have seen that line allot and is not a problem

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 02:18 PM

the computer is running fine. i haven't seen any pop ups since yesterday afternoon. however, the first time i got a pop up, i had a few back to back and then i didn't get any for a few days. then i got like one a day for a few days in a row, except when i went to the store and came back to three. so i don't know if it is something we are doing or if it is just hibernating or something.


ComboFix 12-03-18.04 - Toshiba 03/20/2012 14:46:49.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2118 [GMT -4:00]
Running from: c:\users\Toshiba\Downloads\ComboFix.exe
Command switches used :: c:\users\Toshiba\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 18:57 . 2012-03-20 18:58 -------- d-----w- c:\users\Toshiba\AppData\Local\temp
2012-03-20 18:57 . 2012-03-20 18:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-20 18:57 . 2012-03-20 18:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-20 18:57 . 2012-03-20 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 14:55 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A146B50D-5C40-4993-B415-E668A0C4F503}\mpengine.dll
2012-03-18 01:14 . 2012-03-18 01:14 -------- d-----w- c:\users\Toshiba\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 01:14 . 2012-03-18 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-18 01:14 . 2012-03-18 01:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-17 18:01 . 2012-03-17 18:01 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 18:01 . 2012-03-17 18:01 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 09:51 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:51 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 09:51 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:51 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 09:51 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:51 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 09:51 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 09:51 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 09:51 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-08 20:11 . 2012-03-08 20:11 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 07:01 . 2011-06-01 06:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 18:37 . 2012-02-17 18:42 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAD25AA9-A36F-4639-AA4D-352F932B7333}\gapaengine.dll
2012-02-17 18:37 . 2011-05-06 03:37 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-08 06:03 . 2011-05-07 03:39 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-12-26 14:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 05:13 . 2012-01-30 05:13 388096 ----a-r- c:\users\Toshiba\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-20 00:13 . 2012-01-20 00:14 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-20 00:13 . 2010-09-30 18:31 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-13 20:09 . 2012-01-13 20:09 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 20:09 . 2012-01-13 20:09 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 20:09 . 2012-01-13 20:09 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 20:09 . 2012-01-13 20:09 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 20:09 . 2012-01-13 20:09 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 20:09 . 2012-01-13 20:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-10-12 20:33 . 2010-10-12 20:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 22:15 . 2010-10-12 22:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 20:37 . 2010-10-12 20:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 20:35 . 2010-10-12 20:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 20:34 . 2010-10-12 20:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 20:32 . 2010-10-12 20:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 20:35 . 2010-10-12 20:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 20:34 . 2010-10-12 20:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 16:42 . 2010-07-14 16:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 20:37 . 2010-10-12 20:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-03-17 18:01 . 2012-02-18 06:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-10 00:28 . 2010-05-21 12:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-20_06.30.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-03-20 07:28 68762 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-03-20 07:28 88054 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-09 23:31 . 2012-03-20 07:28 12880 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-460091276-2368940623-1154944213-1000_UserData.bin
- 2009-11-09 23:31 . 2012-03-20 06:11 12880 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-460091276-2368940623-1154944213-1000_UserData.bin
+ 2012-03-20 07:26 . 2012-03-20 07:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 06:09 . 2012-03-20 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 06:09 . 2012-03-20 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-20 07:26 . 2012-03-20 07:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2012-03-20 07:32 606602 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2012-03-20 06:14 606602 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2012-03-20 07:32 105170 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2012-03-20 06:14 105170 c:\windows\System32\perfc009.dat
+ 2011-02-20 15:24 . 2012-03-20 07:24 385468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-20 15:24 . 2012-03-20 06:07 385468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-13 20:50 . 2012-03-20 07:24 2547904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-13 20:50 . 2012-03-20 06:07 2547904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-09 20:05 . 2012-03-20 07:24 3826980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-460091276-2368940623-1154944213-1000-8192.dat
- 2011-04-09 20:05 . 2012-03-20 06:07 3826980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-460091276-2368940623-1154944213-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Trend Micro Browser Guard"="c:\program files\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-26 787984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2011-01-24 00:08 148280 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-09-10 00:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-23 14:11 206240 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2011-01-24 00:08 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-25 16:59 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00190960
*NewlyCreated* - 08481824
*NewlyCreated* - 85982290
*NewlyCreated* - 92263731
*NewlyCreated* - ASWMBR
*Deregistered* - 00190960
*Deregistered* - 08481824
*Deregistered* - 85982290
*Deregistered* - 92263731
*Deregistered* - aswMBR
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 23:41]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 23:41]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-460091276-2368940623-1154944213-1000Core.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 04:21]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-460091276-2368940623-1154944213-1000UA.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 04:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\jpcl7fy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-20 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-20 15:07:21
ComboFix-quarantined-files.txt 2012-03-20 19:07
ComboFix2.txt 2012-03-20 07:22
ComboFix3.txt 2012-03-20 06:38
.
Pre-Run: 166,137,675,776 bytes free
Post-Run: 165,619,580,928 bytes free
.
- - End Of File - - A7370040D4E15FE98C03AD1C7EBABEE6

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 20 March 2012 - 04:50 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 07:38 PM

I am getting ready to run hijack this. i copied this report and then closed it. to save me from finding it, i am just posting it. sorry

alwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Toshiba :: TOSHIBA-PC [administrator]

3/20/2012 8:28:59 PM
mbam-log-2012-03-20 (20-28-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201235
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 vcalemine

vcalemine
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:wilmington, nc
  • Local time:11:06 AM

Posted 20 March 2012 - 07:51 PM

hmm, when i first started hijack this, it said something about not being allowed to write and to type something in my search bar under start. and to delete something and to call something "hosts." it seemed like it was saying it wasn't allowed to automatically save the report? it created the report and i saved it to my desk top

i tried to run it again to see if i could read the message better but now it is telling me that it is running already, even though high jack this and all its components are closed. firefox will do this to me a lot too. i close it, try to reopen it and it says it is already running but it did that way before the pop up thing started. i still haven't had any pop ups today


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:54 AM, on 1/30/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEGBH0 - {9F3209E2-334B-41E9-B09C-703F398742E7} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\Windows\system32\lxeacoms.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13042 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 20 March 2012 - 08:26 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users