Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Notified of sirefef.ab,ao,ag,aw


  • This topic is locked This topic is locked
30 replies to this topic

#1 Sobobapotomas

Sobobapotomas

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 02 August 2012 - 03:57 PM

Several days ago received notice of .ao,.ag,.aw infection through Microsoft Security Essentials. No redirects occurred. Ran scans using mrt, mse and restored the system without success. Used Yorkt.exe through Panda Security multiple times. MSE notifications stopped....until this morning when notification of sirefef.ab appeared. I do not have a OS restore disk so I seek repair....if possible....with your help. Per your guidelines, forwarding the following:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Ron at 11:29:40 on 2012-08-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.293 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [CFSServ.exe] c:\program files\toshiba\configfree\CFSServ.exe -NoClient
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [WinPatrol] c:\progra~1\billps~1\winpat~1\winpatrol.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Append Link Target to Existing PDF
IE: Append to Existing PDF
IE: Convert Link Target to Adobe PDF
IE: Convert to Adobe PDF
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: live.com\safety
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341687508928
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341687500526
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_2.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{61C76790-69F7-4FEC-8AA5-1281FEA6CD85} : DhcpNameServer = 192.168.1.1 68.238.64.12
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ron\application data\mozilla\firefox\profiles\5ya7w6rv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-16 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl651c460b;MpKsl651c460b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72903b24-b478-44d4-a8dc-daddd16a04ad}\MpKsl651c460b.sys [2012-8-2 29904]
S3 iscFlash;iscFlash; [x]
S4 gupdate1c9e7d57be7dec0;Google Update Service (gupdate1c9e7d57be7dec0);c:\program files\google\update\GoogleUpdate.exe [2009-6-7 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-7 133104]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-02 16:49:30 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72903b24-b478-44d4-a8dc-daddd16a04ad}\MpKsl651c460b.sys
2012-08-02 16:44:20 -------- d-----w- C:\ece11c10242ea9822229a52381
2012-08-02 16:44:19 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72903b24-b478-44d4-a8dc-daddd16a04ad}\offreg.dll
2012-08-02 16:40:11 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72903b24-b478-44d4-a8dc-daddd16a04ad}\mpengine.dll
2012-08-01 20:08:05 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-08-01 20:08:05 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-08-01 20:08:05 221184 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-08-01 20:08:05 221184 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-08-01 20:08:02 602244 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-07-28 01:07:15 -------- d-----w- c:\windows\system32\DBBK
2012-07-28 00:21:14 -------- d-----w- c:\documents and settings\ron\local settings\application data\WinZip
2012-07-27 20:06:27 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-07-27 19:50:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-27 19:50:28 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-27 19:38:05 -------- d-----w- c:\documents and settings\ron\application data\ADCC6D61
2012-07-27 18:31:52 -------- d-----w- c:\documents and settings\ron\application data\SUPERAntiSpyware.com
2012-07-27 18:31:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-27 18:31:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-07-27 14:38:32 -------- d-----w- c:\documents and settings\ron\local settings\application data\{BA2348C6-D7F8-11E1-8270-B8AC6F996F26}
2012-07-19 00:55:27 -------- d-----w- c:\documents and settings\ron\application data\OpenOffice.org
2012-07-19 00:48:33 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-19 00:46:15 -------- d-----w- c:\program files\OpenOffice.org 3.4 (en-US) Installation Files
2012-07-18 01:44:01 -------- d-----w- c:\documents and settings\ron\local settings\application data\Adobe
2012-07-07 18:58:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
.
==================== Find3M ====================
.
2012-06-16 18:35:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 18:35:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 22:19:18 36963 -c----w- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 11:30:47.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:17 PM

Posted 04 August 2012 - 12:40 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:17 PM

Posted 06 August 2012 - 11:17 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 August 2012 - 01:30 PM

I apologize. I'm new to this and feel a bit clumsy but grateful for your assistance. I was stupidly waiting for an email notice so please accept my apology for my slow response. I'm following your directions and running checks now.

Thank you

#5 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 August 2012 - 01:41 PM

As requested, checkup text result:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Windows Defender Signatures
CCleaner
RegVac Registry Cleaner 5.02 (Trial Version)
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
WinPatrol winpatrol.exe
Microsoft Security Client Antimalware MsMpEng.exe
BILLPS~1 WINPAT~1 winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#6 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 August 2012 - 02:09 PM

Log from Combofix included. Scans and updates all seemed to run fine. Log forwarded immediately upon completion of scans. Will watch the unit operation. It never really indicated any problems but for what scans(MSE, MRT)and notices (MSE) revealed.

ComboFix 12-08-09.01 - Ron 08/09/2012 11:51:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.483 [GMT -7:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\toshiba
c:\documents and settings\Administrator\Application Data\toshiba\pcdiag\v3.0\wbeminfo.log
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Ron\Application Data\toshiba
c:\documents and settings\Ron\Application Data\toshiba\ConfigFree\CFXFER.ini
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\1394Test.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\1394Test.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\cddrivetest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\cddrivetest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\chkpc.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\chkpc.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\cputest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\DISPLAYTest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\DISPLAYTest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\disptest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\fddtest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\fddtest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\hddrivetest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\hddrivetest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\Logs\20060910.txt
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\memtest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\MODEMTest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\MODEMTest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\NETTest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\NETTest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\PCMCIATest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\PCMCIATest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\USBTest.csv
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\USBTest.log
c:\documents and settings\Ron\Application Data\toshiba\pcdiag\v3.0\wbeminfo.log
c:\documents and settings\Ron\WINDOWS
c:\documents and settings\Sherrie\Application Data\toshiba
c:\documents and settings\Sherrie\Application Data\toshiba\pcdiag\v3.0\wbeminfo.log
c:\documents and settings\Sherrie\WINDOWS
C:\install.exe
c:\windows\explorer(2).exe
c:\windows\system32\config\systemprofile\Application Data\toshiba
c:\windows\system32\config\systemprofile\Application Data\toshiba\pcdiag\v3.0\wbeminfo.log
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 14:58 . 2012-08-09 14:58 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557054AF-A6EF-4DE6-A6DE-15970CD6C6C3}\offreg.dll
2012-08-09 14:58 . 2012-08-09 14:58 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557054AF-A6EF-4DE6-A6DE-15970CD6C6C3}\MpKsl189649c5.sys
2012-08-09 14:56 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557054AF-A6EF-4DE6-A6DE-15970CD6C6C3}\mpengine.dll
2012-08-08 18:00 . 2012-08-08 18:00 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\{FDB0EF20-E182-11E1-8270-B8AC6F996F26}
2012-08-01 20:08 . 2000-10-05 22:55 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-08-01 20:08 . 2000-10-05 22:55 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-08-01 20:08 . 2000-10-05 22:50 221184 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-08-01 20:08 . 2000-10-05 22:49 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-08-01 20:08 . 2000-10-05 16:01 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-28 01:07 . 2012-08-02 16:27 -------- d-----w- c:\windows\system32\DBBK
2012-07-28 00:21 . 2012-07-28 00:21 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\WinZip
2012-07-27 20:06 . 2012-07-27 20:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-27 19:50 . 2012-07-27 19:50 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-27 19:38 . 2012-07-27 19:38 -------- d-----w- c:\documents and settings\Ron\Application Data\ADCC6D61
2012-07-27 18:31 . 2012-07-27 18:31 -------- d-----w- c:\documents and settings\Ron\Application Data\SUPERAntiSpyware.com
2012-07-27 18:31 . 2012-07-27 19:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-27 18:31 . 2012-07-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-27 14:38 . 2012-07-27 19:45 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\{BA2348C6-D7F8-11E1-8270-B8AC6F996F26}
2012-07-19 00:55 . 2012-07-19 00:55 -------- d-----w- c:\documents and settings\Ron\Application Data\OpenOffice.org
2012-07-19 00:48 . 2012-07-19 00:48 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-18 01:44 . 2012-07-18 01:44 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Adobe
2012-07-12 13:42 . 2012-07-12 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 08:44 . 2012-04-15 22:30 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 18:35 . 2012-03-30 21:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 18:35 . 2012-03-30 21:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19 . 2005-07-28 18:48 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-07-28 18:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2005-07-28 20:10 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-05 00:35 . 2005-05-26 12:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-07-28 18:48 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-05-16 02:52 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-05-16 02:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2005-07-28 20:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2005-07-28 20:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2012-07-07 18:58 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2005-07-28 20:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2005-07-28 20:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2005-07-28 18:47 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-05-16 02:52 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2005-07-28 20:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2005-07-28 20:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2007-05-17 00:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2005-12-12 22:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-07-28 18:47 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-07-28 18:48 916992 ----a-w- c:\windows\system32\wininet.dll
2003-08-27 22:19 . 2006-01-04 17:31 36963 -c----w- c:\program files\Common Files\SM1updtr.dll
2012-03-13 04:39 . 2012-04-06 20:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"CFSServ.exe"="c:\program files\TOSHIBA\ConfigFree\CFSServ.exe" [2005-04-13 794624]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-04-22 962560]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-21 230976]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-8-1 110592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 00:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1c9e7d57be7dec0"=2 (0x2)
"Fax"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Netlogon"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2009 8:57 AM 64288]
R1 MpKsl189649c5;MpKsl189649c5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{557054AF-A6EF-4DE6-A6DE-15970CD6C6C3}\MpKsl189649c5.sys [8/9/2012 7:58 AM 29904]
S3 iscFlash;iscFlash; [x]
S4 gupdate1c9e7d57be7dec0;Google Update Service (gupdate1c9e7d57be7dec0);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2009 6:07 PM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2009 6:07 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL189649C5
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:35]
.
2012-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 01:07]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 01:07]
.
2012-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF
IE: Append to Existing PDF
IE: Convert Link Target to Adobe PDF
IE: Convert to Adobe PDF
IE: E&xport to Microsoft Excel
Trusted Zone: live.com\safety
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\5ya7w6rv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-09 12:00:48
ComboFix-quarantined-files.txt 2012-08-09 19:00
.
Pre-Run: 52,798,083,072 bytes free
Post-Run: 53,015,879,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 347B773B4D5DDAA8E5BBD8FA141B4221

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:17 PM

Posted 09 August 2012 - 02:17 PM

no problem and let me have the combofix report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 August 2012 - 02:59 PM

Seems much faster online.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:17 PM

Posted 09 August 2012 - 03:16 PM

Greetings
Didn't see the post

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 August 2012 - 04:46 PM

tdss and aswMBR reports:

14:28:59.0461 4200 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:28:59.0471 4200 ============================================================
14:28:59.0471 4200 Current date / time: 2012/08/09 14:28:59.0471
14:28:59.0471 4200 SystemInfo:
14:28:59.0471 4200
14:28:59.0471 4200 OS Version: 5.1.2600 ServicePack: 3.0
14:28:59.0471 4200 Product type: Workstation
14:28:59.0471 4200 ComputerName: TOSHIBA
14:28:59.0471 4200 UserName: Ron
14:28:59.0471 4200 Windows directory: C:\WINDOWS
14:28:59.0471 4200 System windows directory: C:\WINDOWS
14:28:59.0471 4200 Processor architecture: Intel x86
14:28:59.0471 4200 Number of processors: 1
14:28:59.0471 4200 Page size: 0x1000
14:28:59.0471 4200 Boot type: Normal boot
14:28:59.0471 4200 ============================================================
14:29:01.0394 4200 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:29:01.0394 4200 ============================================================
14:29:01.0394 4200 \Device\Harddisk0\DR0:
14:29:01.0394 4200 MBR partitions:
14:29:01.0394 4200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9EAE68
14:29:01.0394 4200 ============================================================
14:29:01.0404 4200 C: <-> \Device\Harddisk0\DR0\Partition0
14:29:01.0404 4200 ============================================================
14:29:01.0404 4200 Initialize success
14:29:01.0404 4200 ============================================================
14:29:27.0030 5444 ============================================================
14:29:27.0030 5444 Scan started
14:29:27.0030 5444 Mode: Manual;
14:29:27.0030 5444 ============================================================
14:29:27.0571 5444 Abiosdsk - ok
14:29:27.0571 5444 abp480n5 - ok
14:29:27.0621 5444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:29:27.0621 5444 ACPI - ok
14:29:27.0661 5444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:29:27.0671 5444 ACPIEC - ok
14:29:27.0671 5444 adpu160m - ok
14:29:27.0721 5444 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINDOWS\system32\drivers\aeaudio.sys
14:29:27.0731 5444 aeaudio - ok
14:29:27.0752 5444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:29:27.0752 5444 aec - ok
14:29:27.0802 5444 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:29:27.0802 5444 AegisP - ok
14:29:27.0862 5444 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:29:27.0862 5444 AFD - ok
14:29:27.0972 5444 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:29:27.0992 5444 AgereSoftModem - ok
14:29:28.0002 5444 Aha154x - ok
14:29:28.0002 5444 aic78u2 - ok
14:29:28.0012 5444 aic78xx - ok
14:29:28.0052 5444 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:29:28.0052 5444 Alerter - ok
14:29:28.0082 5444 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:29:28.0082 5444 ALG - ok
14:29:28.0092 5444 AliIde - ok
14:29:28.0102 5444 amsint - ok
14:29:28.0182 5444 Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:29:28.0182 5444 Apple Mobile Device - ok
14:29:28.0192 5444 AppMgmt - ok
14:29:28.0212 5444 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:29:28.0222 5444 Arp1394 - ok
14:29:28.0222 5444 asc - ok
14:29:28.0232 5444 asc3350p - ok
14:29:28.0242 5444 asc3550 - ok
14:29:28.0282 5444 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
14:29:28.0282 5444 ASCTRM - ok
14:29:28.0332 5444 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
14:29:28.0332 5444 ASPI32 - ok
14:29:28.0443 5444 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:29:28.0443 5444 aspnet_state - ok
14:29:28.0473 5444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:29:28.0473 5444 AsyncMac - ok
14:29:28.0493 5444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:29:28.0493 5444 atapi - ok
14:29:28.0493 5444 Atdisk - ok
14:29:28.0513 5444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:29:28.0513 5444 Atmarpc - ok
14:29:28.0543 5444 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:29:28.0543 5444 AudioSrv - ok
14:29:28.0583 5444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:29:28.0583 5444 audstub - ok
14:29:28.0653 5444 Autodesk Licensing Service (9f29157695ee58875b06724743ce9c42) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
14:29:28.0653 5444 Autodesk Licensing Service - ok
14:29:28.0703 5444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:29:28.0703 5444 Beep - ok
14:29:28.0773 5444 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:29:28.0783 5444 BITS - ok
14:29:28.0803 5444 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:29:28.0813 5444 Browser - ok
14:29:28.0903 5444 catchme - ok
14:29:28.0953 5444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:29:28.0953 5444 cbidf2k - ok
14:29:28.0963 5444 cd20xrnt - ok
14:29:29.0003 5444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:29:29.0003 5444 Cdaudio - ok
14:29:29.0033 5444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:29:29.0033 5444 Cdfs - ok
14:29:29.0063 5444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:29:29.0063 5444 Cdrom - ok
14:29:29.0154 5444 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:29:29.0154 5444 CFSvcs - ok
14:29:29.0164 5444 Changer - ok
14:29:29.0194 5444 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:29:29.0194 5444 CiSvc - ok
14:29:29.0214 5444 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:29:29.0214 5444 ClipSrv - ok
14:29:29.0244 5444 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:29.0244 5444 clr_optimization_v2.0.50727_32 - ok
14:29:29.0264 5444 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:29:29.0264 5444 CmBatt - ok
14:29:29.0274 5444 CmdIde - ok
14:29:29.0284 5444 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:29:29.0284 5444 Compbatt - ok
14:29:29.0294 5444 COMSysApp - ok
14:29:29.0304 5444 Cpqarray - ok
14:29:29.0334 5444 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:29:29.0334 5444 CryptSvc - ok
14:29:29.0334 5444 dac2w2k - ok
14:29:29.0344 5444 dac960nt - ok
14:29:29.0394 5444 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:29:29.0404 5444 DcomLaunch - ok
14:29:29.0414 5444 DgiVecp - ok
14:29:29.0444 5444 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:29:29.0444 5444 Dhcp - ok
14:29:29.0454 5444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:29:29.0454 5444 Disk - ok
14:29:29.0464 5444 dmadmin - ok
14:29:29.0504 5444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:29:29.0514 5444 dmboot - ok
14:29:29.0544 5444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:29:29.0554 5444 dmio - ok
14:29:29.0584 5444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:29:29.0584 5444 dmload - ok
14:29:29.0624 5444 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:29:29.0634 5444 dmserver - ok
14:29:29.0664 5444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:29:29.0664 5444 DMusic - ok
14:29:29.0724 5444 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:29:29.0724 5444 Dnscache - ok
14:29:29.0774 5444 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:29:29.0774 5444 Dot3svc - ok
14:29:29.0784 5444 dpti2o - ok
14:29:29.0804 5444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:29:29.0804 5444 drmkaud - ok
14:29:29.0865 5444 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:29:29.0865 5444 drvmcdb - ok
14:29:29.0875 5444 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
14:29:29.0885 5444 drvnddm - ok
14:29:29.0925 5444 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
14:29:29.0925 5444 DVD-RAM_Service - ok
14:29:29.0975 5444 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:29:29.0975 5444 EapHost - ok
14:29:30.0085 5444 eeCtrl (08035db1987412cced1d4201263776ed) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:29:30.0085 5444 eeCtrl - ok
14:29:30.0145 5444 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:29:30.0145 5444 ERSvc - ok
14:29:30.0185 5444 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:29:30.0195 5444 Eventlog - ok
14:29:30.0265 5444 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:29:30.0275 5444 EventSystem - ok
14:29:30.0385 5444 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
14:29:30.0395 5444 EvtEng - ok
14:29:30.0485 5444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:29:30.0485 5444 Fastfat - ok
14:29:30.0536 5444 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:29:30.0546 5444 FastUserSwitchingCompatibility - ok
14:29:30.0586 5444 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:29:30.0596 5444 Fax - ok
14:29:30.0616 5444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:29:30.0616 5444 Fdc - ok
14:29:30.0646 5444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:29:30.0656 5444 Fips - ok
14:29:30.0656 5444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:29:30.0666 5444 Flpydisk - ok
14:29:30.0706 5444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:29:30.0706 5444 FltMgr - ok
14:29:30.0856 5444 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:29:30.0856 5444 FontCache3.0.0.0 - ok
14:29:30.0906 5444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:29:30.0906 5444 Fs_Rec - ok
14:29:30.0936 5444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:29:30.0936 5444 Ftdisk - ok
14:29:30.0956 5444 GEARAspiWDM - ok
14:29:30.0986 5444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:29:30.0986 5444 Gpc - ok
14:29:31.0086 5444 gupdate1c9e7d57be7dec0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:31.0086 5444 gupdate1c9e7d57be7dec0 - ok
14:29:31.0096 5444 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:31.0096 5444 gupdatem - ok
14:29:31.0166 5444 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:29:31.0166 5444 helpsvc - ok
14:29:31.0176 5444 HidServ - ok
14:29:31.0206 5444 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:29:31.0206 5444 HidUsb - ok
14:29:31.0277 5444 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:29:31.0277 5444 hkmsvc - ok
14:29:31.0287 5444 hpn - ok
14:29:31.0317 5444 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:29:31.0317 5444 HPZid412 - ok
14:29:31.0337 5444 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:29:31.0337 5444 HPZipr12 - ok
14:29:31.0357 5444 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:29:31.0357 5444 HPZius12 - ok
14:29:31.0407 5444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:29:31.0407 5444 HTTP - ok
14:29:31.0447 5444 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:29:31.0467 5444 HTTPFilter - ok
14:29:31.0477 5444 i2omgmt - ok
14:29:31.0487 5444 i2omp - ok
14:29:31.0527 5444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:29:31.0527 5444 i8042prt - ok
14:29:31.0637 5444 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:29:31.0667 5444 ialm - ok
14:29:31.0737 5444 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:29:31.0747 5444 IDriverT - ok
14:29:31.0918 5444 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:29:31.0928 5444 idsvc - ok
14:29:31.0998 5444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:29:31.0998 5444 Imapi - ok
14:29:32.0038 5444 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:29:32.0038 5444 ImapiService - ok
14:29:32.0048 5444 ini910u - ok
14:29:32.0078 5444 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:29:32.0078 5444 IntelIde - ok
14:29:32.0118 5444 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:29:32.0118 5444 intelppm - ok
14:29:32.0148 5444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:29:32.0158 5444 Ip6Fw - ok
14:29:32.0198 5444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:29:32.0198 5444 IpFilterDriver - ok
14:29:32.0238 5444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:29:32.0238 5444 IpInIp - ok
14:29:32.0258 5444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:29:32.0258 5444 IpNat - ok
14:29:32.0288 5444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:29:32.0288 5444 IPSec - ok
14:29:32.0308 5444 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:29:32.0308 5444 irda - ok
14:29:32.0328 5444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:29:32.0328 5444 IRENUM - ok
14:29:32.0378 5444 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
14:29:32.0378 5444 Irmon - ok
14:29:32.0388 5444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:29:32.0398 5444 isapnp - ok
14:29:32.0398 5444 iscFlash - ok
14:29:32.0468 5444 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
14:29:32.0478 5444 JavaQuickStarterService - ok
14:29:32.0508 5444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:29:32.0508 5444 Kbdclass - ok
14:29:32.0528 5444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:29:32.0538 5444 kmixer - ok
14:29:32.0588 5444 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
14:29:32.0598 5444 KR10N - ok
14:29:32.0639 5444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:29:32.0649 5444 KSecDD - ok
14:29:32.0699 5444 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:29:32.0699 5444 lanmanserver - ok
14:29:32.0749 5444 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:29:32.0759 5444 lanmanworkstation - ok
14:29:32.0789 5444 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:29:32.0789 5444 Lbd - ok
14:29:32.0799 5444 lbrtfdc - ok
14:29:32.0839 5444 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:29:32.0839 5444 LmHosts - ok
14:29:32.0879 5444 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
14:29:32.0889 5444 meiudf - ok
14:29:32.0909 5444 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:29:32.0919 5444 Messenger - ok
14:29:32.0949 5444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:29:32.0949 5444 mnmdd - ok
14:29:32.0979 5444 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:29:32.0979 5444 mnmsrvc - ok
14:29:32.0999 5444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:29:32.0999 5444 Modem - ok
14:29:33.0019 5444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:29:33.0019 5444 Mouclass - ok
14:29:33.0059 5444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:29:33.0059 5444 mouhid - ok
14:29:33.0069 5444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:29:33.0069 5444 MountMgr - ok
14:29:33.0119 5444 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:29:33.0129 5444 MpFilter - ok
14:29:33.0129 5444 mraid35x - ok
14:29:33.0149 5444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:29:33.0149 5444 MRxDAV - ok
14:29:33.0219 5444 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:29:33.0229 5444 MRxSmb - ok
14:29:33.0249 5444 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:29:33.0249 5444 MSDTC - ok
14:29:33.0279 5444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:29:33.0279 5444 Msfs - ok
14:29:33.0289 5444 MSIServer - ok
14:29:33.0299 5444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:29:33.0299 5444 MSKSSRV - ok
14:29:33.0410 5444 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:29:33.0410 5444 MsMpSvc - ok
14:29:33.0430 5444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:29:33.0430 5444 MSPCLOCK - ok
14:29:33.0440 5444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:29:33.0440 5444 MSPQM - ok
14:29:33.0470 5444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:29:33.0480 5444 mssmbios - ok
14:29:33.0510 5444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:29:33.0510 5444 Mup - ok
14:29:33.0560 5444 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:29:33.0570 5444 napagent - ok
14:29:33.0610 5444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:29:33.0610 5444 NDIS - ok
14:29:33.0650 5444 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:29:33.0650 5444 NdisTapi - ok
14:29:33.0670 5444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:29:33.0670 5444 Ndisuio - ok
14:29:33.0690 5444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:29:33.0690 5444 NdisWan - ok
14:29:33.0720 5444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:29:33.0730 5444 NDProxy - ok
14:29:33.0740 5444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:29:33.0740 5444 NetBIOS - ok
14:29:33.0760 5444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:29:33.0770 5444 NetBT - ok
14:29:33.0820 5444 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:29:33.0820 5444 NetDDE - ok
14:29:33.0830 5444 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:29:33.0830 5444 NetDDEdsdm - ok
14:29:33.0860 5444 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
14:29:33.0860 5444 Netdevio - ok
14:29:33.0880 5444 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:33.0880 5444 Netlogon - ok
14:29:33.0920 5444 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:29:33.0930 5444 Netman - ok
14:29:34.0061 5444 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:29:34.0061 5444 NetTcpPortSharing - ok
14:29:34.0101 5444 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:29:34.0101 5444 NIC1394 - ok
14:29:34.0151 5444 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:29:34.0161 5444 Nla - ok
14:29:34.0201 5444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:29:34.0201 5444 Npfs - ok
14:29:34.0261 5444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:29:34.0271 5444 Ntfs - ok
14:29:34.0281 5444 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:34.0281 5444 NtLmSsp - ok
14:29:34.0341 5444 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:29:34.0351 5444 NtmsSvc - ok
14:29:34.0381 5444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:29:34.0381 5444 Null - ok
14:29:34.0411 5444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:29:34.0411 5444 NwlnkFlt - ok
14:29:34.0431 5444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:29:34.0431 5444 NwlnkFwd - ok
14:29:34.0471 5444 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:29:34.0471 5444 ohci1394 - ok
14:29:34.0521 5444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:29:34.0521 5444 Parport - ok
14:29:34.0531 5444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:29:34.0531 5444 PartMgr - ok
14:29:34.0551 5444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:29:34.0551 5444 ParVdm - ok
14:29:34.0581 5444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:29:34.0581 5444 PCI - ok
14:29:34.0591 5444 PCIDump - ok
14:29:34.0621 5444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:29:34.0621 5444 PCIIde - ok
14:29:34.0661 5444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:29:34.0661 5444 Pcmcia - ok
14:29:34.0671 5444 PDCOMP - ok
14:29:34.0671 5444 PDFRAME - ok
14:29:34.0681 5444 PDRELI - ok
14:29:34.0691 5444 PDRFRAME - ok
14:29:34.0691 5444 perc2 - ok
14:29:34.0712 5444 perc2hib - ok
14:29:35.0132 5444 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:29:35.0132 5444 PlugPlay - ok
14:29:35.0182 5444 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
14:29:35.0182 5444 Pml Driver HPZ12 - ok
14:29:35.0182 5444 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:35.0182 5444 PolicyAgent - ok
14:29:35.0202 5444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:29:35.0202 5444 PptpMiniport - ok
14:29:35.0212 5444 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:35.0212 5444 ProtectedStorage - ok
14:29:35.0222 5444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:29:35.0222 5444 PSched - ok
14:29:35.0242 5444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:29:35.0252 5444 Ptilink - ok
14:29:35.0282 5444 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:29:35.0282 5444 PxHelp20 - ok
14:29:35.0292 5444 ql1080 - ok
14:29:35.0292 5444 Ql10wnt - ok
14:29:35.0302 5444 ql12160 - ok
14:29:35.0312 5444 ql1240 - ok
14:29:35.0312 5444 ql1280 - ok
14:29:35.0352 5444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:29:35.0352 5444 RasAcd - ok
14:29:35.0382 5444 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:29:35.0382 5444 RasAuto - ok
14:29:35.0423 5444 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:29:35.0423 5444 Rasirda - ok
14:29:35.0433 5444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:29:35.0433 5444 Rasl2tp - ok
14:29:35.0473 5444 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:29:35.0483 5444 RasMan - ok
14:29:35.0503 5444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:29:35.0503 5444 RasPppoe - ok
14:29:35.0523 5444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:29:35.0523 5444 Raspti - ok
14:29:35.0553 5444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:29:35.0553 5444 Rdbss - ok
14:29:35.0603 5444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:29:35.0603 5444 RDPCDD - ok
14:29:35.0663 5444 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:29:35.0663 5444 RDPWD - ok
14:29:35.0703 5444 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:29:35.0713 5444 RDSessMgr - ok
14:29:35.0743 5444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:29:35.0753 5444 redbook - ok
14:29:35.0893 5444 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
14:29:35.0893 5444 RegSrvc - ok
14:29:35.0953 5444 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:29:35.0953 5444 RemoteAccess - ok
14:29:35.0963 5444 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:29:35.0973 5444 RpcLocator - ok
14:29:36.0033 5444 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:29:36.0033 5444 RpcSs - ok
14:29:36.0063 5444 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:29:36.0073 5444 RSVP - ok
14:29:36.0154 5444 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
14:29:36.0194 5444 S24EventMonitor - ok
14:29:36.0224 5444 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:29:36.0224 5444 s24trans - ok
14:29:36.0244 5444 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:29:36.0244 5444 SamSs - ok
14:29:36.0274 5444 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:29:36.0274 5444 SCardSvr - ok
14:29:36.0324 5444 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:29:36.0324 5444 Schedule - ok
14:29:36.0374 5444 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:29:36.0374 5444 sdbus - ok
14:29:36.0414 5444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:29:36.0414 5444 Secdrv - ok
14:29:36.0434 5444 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:29:36.0434 5444 seclogon - ok
14:29:36.0444 5444 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:29:36.0454 5444 SENS - ok
14:29:36.0484 5444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:29:36.0484 5444 Serial - ok
14:29:36.0524 5444 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:29:36.0524 5444 sffdisk - ok
14:29:36.0544 5444 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:29:36.0554 5444 sffp_sd - ok
14:29:36.0574 5444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:29:36.0574 5444 Sfloppy - ok
14:29:36.0624 5444 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:29:36.0634 5444 SharedAccess - ok
14:29:36.0674 5444 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:29:36.0674 5444 ShellHWDetection - ok
14:29:36.0684 5444 Simbad - ok
14:29:36.0724 5444 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:29:36.0724 5444 SMCIRDA - ok
14:29:36.0774 5444 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
14:29:36.0784 5444 smwdm - ok
14:29:36.0855 5444 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
14:29:36.0865 5444 SoundMAX Agent Service (default) - ok
14:29:36.0865 5444 Sparrow - ok
14:29:36.0895 5444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:29:36.0895 5444 splitter - ok
14:29:36.0955 5444 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:29:36.0955 5444 Spooler - ok
14:29:37.0005 5444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:29:37.0005 5444 sr - ok
14:29:37.0055 5444 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:29:37.0055 5444 srservice - ok
14:29:37.0115 5444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:29:37.0115 5444 Srv - ok
14:29:37.0135 5444 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:29:37.0145 5444 sscdbhk5 - ok
14:29:37.0185 5444 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:29:37.0185 5444 SSDPSRV - ok
14:29:37.0195 5444 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
14:29:37.0195 5444 ssrtln - ok
14:29:37.0245 5444 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:29:37.0255 5444 stisvc - ok
14:29:37.0295 5444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:29:37.0295 5444 swenum - ok
14:29:37.0315 5444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:29:37.0315 5444 swmidi - ok
14:29:37.0325 5444 SwPrv - ok
14:29:37.0395 5444 Swupdtmr (486a64aabd88e4e174681e89e9736bc9) c:\Toshiba\IVP\swupdate\swupdtmr.exe
14:29:37.0395 5444 Swupdtmr - ok
14:29:37.0405 5444 symc810 - ok
14:29:37.0405 5444 symc8xx - ok
14:29:37.0415 5444 sym_hi - ok
14:29:37.0425 5444 sym_u3 - ok
14:29:37.0486 5444 SynTP (f6770219b73bd989d5613d2e9c78a227) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:29:37.0486 5444 SynTP - ok
14:29:37.0506 5444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:29:37.0516 5444 sysaudio - ok
14:29:37.0546 5444 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:29:37.0546 5444 SysmonLog - ok
14:29:37.0576 5444 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:29:37.0576 5444 TapiSrv - ok
14:29:37.0656 5444 TAPPSRV (7001c83d3633ff16dea9f7ade1c0f309) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
14:29:37.0666 5444 TAPPSRV - ok
14:29:37.0706 5444 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
14:29:37.0706 5444 TBiosDrv - ok
14:29:37.0766 5444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:29:37.0766 5444 Tcpip - ok
14:29:37.0816 5444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:29:37.0816 5444 TDPIPE - ok
14:29:37.0836 5444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:29:37.0836 5444 TDTCP - ok
14:29:37.0866 5444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:29:37.0876 5444 TermDD - ok
14:29:37.0916 5444 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:29:37.0926 5444 TermService - ok
14:29:37.0976 5444 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
14:29:37.0986 5444 tfsnboio - ok
14:29:37.0986 5444 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
14:29:37.0996 5444 tfsncofs - ok
14:29:37.0996 5444 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
14:29:37.0996 5444 tfsndrct - ok
14:29:38.0006 5444 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
14:29:38.0006 5444 tfsndres - ok
14:29:38.0036 5444 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
14:29:38.0036 5444 tfsnifs - ok
14:29:38.0046 5444 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
14:29:38.0046 5444 tfsnopio - ok
14:29:38.0046 5444 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
14:29:38.0056 5444 tfsnpool - ok
14:29:38.0066 5444 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
14:29:38.0076 5444 tfsnudf - ok
14:29:38.0086 5444 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
14:29:38.0086 5444 tfsnudfa - ok
14:29:38.0126 5444 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:29:38.0126 5444 Themes - ok
14:29:38.0187 5444 tifm21 (046ea1353dd599dac9abdcd13504b06c) C:\WINDOWS\system32\drivers\tifm21.sys
14:29:38.0187 5444 tifm21 - ok
14:29:38.0217 5444 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
14:29:38.0217 5444 toshidpt - ok
14:29:38.0227 5444 TosIde - ok
14:29:38.0257 5444 tosporte (e46fb54be8a2a395fe96633b838baafe) C:\WINDOWS\system32\DRIVERS\tosporte.sys
14:29:38.0257 5444 tosporte - ok
14:29:38.0287 5444 Tosrfbd (1d4f013b80787fb4dd2a8c5179d6eb4d) C:\WINDOWS\system32\Drivers\tosrfbd.sys
14:29:38.0287 5444 Tosrfbd - ok
14:29:38.0307 5444 Tosrfbnp (353b3dac1727e52eb46932ecdcb73840) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
14:29:38.0307 5444 Tosrfbnp - ok
14:29:38.0337 5444 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
14:29:38.0337 5444 Tosrfcom - ok
14:29:38.0357 5444 tosrfec (7d80888aba0b6127ac298efa48bef058) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
14:29:38.0367 5444 tosrfec - ok
14:29:38.0387 5444 Tosrfhid (37bcbccc4a71abbeaee90fd25e1132b2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
14:29:38.0387 5444 Tosrfhid - ok
14:29:38.0407 5444 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
14:29:38.0407 5444 tosrfnds - ok
14:29:38.0417 5444 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
14:29:38.0417 5444 TosRfSnd - ok
14:29:38.0437 5444 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
14:29:38.0447 5444 Tosrfusb - ok
14:29:38.0477 5444 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:29:38.0487 5444 TrkWks - ok
14:29:38.0517 5444 TVALD (c51bfed6c2d9d6512e346f25d92ad8d9) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
14:29:38.0517 5444 TVALD - ok
14:29:38.0557 5444 Tvs (29c1c3df7c29490b504da3e3b9099928) C:\WINDOWS\system32\DRIVERS\Tvs.sys
14:29:38.0557 5444 Tvs - ok
14:29:38.0607 5444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:29:38.0607 5444 Udfs - ok
14:29:38.0617 5444 ultra - ok
14:29:38.0667 5444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:29:38.0677 5444 Update - ok
14:29:38.0717 5444 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:29:38.0727 5444 upnphost - ok
14:29:38.0737 5444 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:29:38.0747 5444 UPS - ok
14:29:38.0767 5444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:29:38.0767 5444 usbccgp - ok
14:29:38.0817 5444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:29:38.0817 5444 usbehci - ok
14:29:38.0827 5444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:29:38.0837 5444 usbhub - ok
14:29:38.0847 5444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:29:38.0847 5444 usbprint - ok
14:29:38.0878 5444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:29:38.0878 5444 usbscan - ok
14:29:38.0908 5444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:29:38.0908 5444 USBSTOR - ok
14:29:38.0938 5444 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:29:38.0938 5444 usbuhci - ok
14:29:38.0958 5444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:29:38.0958 5444 VgaSave - ok
14:29:38.0958 5444 ViaIde - ok
14:29:38.0968 5444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:29:38.0968 5444 VolSnap - ok
14:29:39.0018 5444 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:29:39.0028 5444 VSS - ok
14:29:39.0178 5444 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:29:39.0218 5444 w29n51 - ok
14:29:39.0248 5444 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:29:39.0248 5444 W32Time - ok
14:29:39.0268 5444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:29:39.0268 5444 Wanarp - ok
14:29:39.0278 5444 wanatw - ok
14:29:39.0288 5444 WDICA - ok
14:29:39.0308 5444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:29:39.0308 5444 wdmaud - ok
14:29:39.0338 5444 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:29:39.0338 5444 WebClient - ok
14:29:39.0418 5444 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:29:39.0418 5444 winmgmt - ok
14:29:39.0468 5444 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
14:29:39.0468 5444 WmdmPmSN - ok
14:29:39.0488 5444 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:29:39.0488 5444 WmiApSrv - ok
14:29:39.0629 5444 WMPNetworkSvc (385d6044b793e18d8b502423370507b2) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:29:39.0669 5444 WMPNetworkSvc - ok
14:29:39.0749 5444 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:29:39.0749 5444 WS2IFSL - ok
14:29:39.0779 5444 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:29:39.0789 5444 wscsvc - ok
14:29:39.0799 5444 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:29:39.0799 5444 wuauserv - ok
14:29:39.0859 5444 WudfPf (1903ffcf876720d9bc3432f0c64559e9) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:29:39.0859 5444 WudfPf - ok
14:29:39.0889 5444 WudfRd (7fda30836fa3a5e52d16a09c686f9c2b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:29:39.0889 5444 WudfRd - ok
14:29:39.0949 5444 WudfSvc (9f4c2b077a58c0f3f00ee40a193a6437) C:\WINDOWS\System32\WUDFSvc.dll
14:29:39.0959 5444 WudfSvc - ok
14:29:40.0019 5444 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:29:40.0029 5444 WZCSVC - ok
14:29:40.0059 5444 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:29:40.0059 5444 xmlprov - ok
14:29:40.0109 5444 yukonwxp (e279c4e1287751dffa0a1f3ec4097491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:29:40.0119 5444 yukonwxp - ok
14:29:40.0159 5444 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
14:29:40.0550 5444 \Device\Harddisk0\DR0 - ok
14:29:40.0560 5444 Boot (0x1200) (4c380002c7f20a5f58569eabf685514e) \Device\Harddisk0\DR0\Partition0
14:29:40.0560 5444 \Device\Harddisk0\DR0\Partition0 - ok
14:29:40.0560 5444 ============================================================
14:29:40.0560 5444 Scan finished
14:29:40.0560 5444 ============================================================
14:29:40.0570 3744 Detected object count: 0
14:29:40.0570 3744 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 14:33:39
-----------------------------
14:33:39.924 OS Version: Windows 5.1.2600 Service Pack 3
14:33:39.924 Number of processors: 1 586 0xD08
14:33:39.924 ComputerName: TOSHIBA UserName: Ron
14:33:40.295 Initialize success
14:34:47.061 AVAST engine defs: 12080900
14:35:13.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:35:13.859 Disk 0 Vendor: TOSHIBA_MK1032GSX AS021G Size: 95396MB BusType: 3
14:35:13.869 Disk 0 MBR read successfully
14:35:13.869 Disk 0 MBR scan
14:35:13.939 Disk 0 unknown MBR code
14:35:13.939 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95189 MB offset 63
14:35:13.969 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 203 MB offset 194948775
14:35:13.999 Disk 0 scanning sectors +195366465
14:35:14.059 Disk 0 scanning C:\WINDOWS\system32\drivers
14:35:26.167 Service scanning
14:35:42.891 Modules scanning
14:35:54.598 Disk 0 trace - called modules:
14:35:54.618 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:35:54.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f66ab8]
14:35:54.618 3 CLASSPNP.SYS[f76f6fd7] -> nt!IofCallDriver -> \Device\00000082[0x86f69bb8]
14:35:54.618 5 ACPI.sys[f764d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fd3d98]
14:35:54.958 AVAST engine scan C:\WINDOWS
14:36:03.491 AVAST engine scan C:\WINDOWS\system32
14:38:26.406 AVAST engine scan C:\WINDOWS\system32\drivers
14:38:41.408 AVAST engine scan C:\Documents and Settings\Ron
14:41:58.902 AVAST engine scan C:\Documents and Settings\All Users
14:43:22.352 Scan finished successfully
14:43:45.565 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ron\Desktop\MBR.dat"
14:43:45.565 The log file has been saved successfully to "C:\Documents and Settings\Ron\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:17 PM

Posted 09 August 2012 - 05:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 09 August 2012 - 07:38 PM

There have been no other recognized issues with the machine. I've not rebooted or run any conventional scans since starting the cleaning process. I will advise if something comes up. Do I look clean? Any product advice regarding AV protection?

Combofix log2:

ComboFix 12-08-09.01 - Ron 08/09/2012 17:23:27.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.477 [GMT -7:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ron\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 00:10 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91C2B696-75DF-48FE-A493-AA5578B0E745}\mpengine.dll
2012-08-08 18:00 . 2012-08-08 18:00 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\{FDB0EF20-E182-11E1-8270-B8AC6F996F26}
2012-08-01 20:08 . 2000-10-05 22:55 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-08-01 20:08 . 2000-10-05 22:55 221184 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-08-01 20:08 . 2000-10-05 22:50 221184 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-08-01 20:08 . 2000-10-05 22:49 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-08-01 20:08 . 2000-10-05 16:01 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-28 01:07 . 2012-08-02 16:27 -------- d-----w- c:\windows\system32\DBBK
2012-07-28 00:21 . 2012-07-28 00:21 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\WinZip
2012-07-27 20:06 . 2012-07-27 20:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-27 19:50 . 2012-07-27 19:50 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-27 19:38 . 2012-07-27 19:38 -------- d-----w- c:\documents and settings\Ron\Application Data\ADCC6D61
2012-07-27 18:31 . 2012-07-27 18:31 -------- d-----w- c:\documents and settings\Ron\Application Data\SUPERAntiSpyware.com
2012-07-27 18:31 . 2012-07-27 19:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-27 18:31 . 2012-07-27 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-07-27 14:38 . 2012-07-27 19:45 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\{BA2348C6-D7F8-11E1-8270-B8AC6F996F26}
2012-07-19 00:55 . 2012-07-19 00:55 -------- d-----w- c:\documents and settings\Ron\Application Data\OpenOffice.org
2012-07-19 00:48 . 2012-07-19 00:48 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-18 01:44 . 2012-07-18 01:44 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Adobe
2012-07-12 13:42 . 2012-07-12 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 08:44 . 2012-04-15 22:30 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 18:35 . 2012-03-30 21:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 18:35 . 2012-03-30 21:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19 . 2005-07-28 18:48 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-07-28 18:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2005-07-28 20:10 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-05 00:35 . 2005-05-26 12:19 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2005-07-28 18:48 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-05-16 02:52 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-05-16 02:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2005-07-28 20:10 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2005-07-28 20:10 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2012-07-07 18:58 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2005-07-28 20:10 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2005-07-28 20:10 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2005-07-28 18:47 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-05-16 02:52 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2005-07-28 20:10 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2005-07-28 20:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2007-05-17 00:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2005-12-12 22:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-07-28 18:47 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-07-28 18:48 916992 ----a-w- c:\windows\system32\wininet.dll
2003-08-27 22:19 . 2006-01-04 17:31 36963 -c----w- c:\program files\Common Files\SM1updtr.dll
2012-03-13 04:39 . 2012-04-06 20:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"CFSServ.exe"="c:\program files\TOSHIBA\ConfigFree\CFSServ.exe" [2005-04-13 794624]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-04-22 962560]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-21 230976]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 40960]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-8-1 110592]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 00:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1c9e7d57be7dec0"=2 (0x2)
"Fax"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Netlogon"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2009 8:57 AM 64288]
S3 iscFlash;iscFlash; [x]
S4 gupdate1c9e7d57be7dec0;Google Update Service (gupdate1c9e7d57be7dec0);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2009 6:07 PM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2009 6:07 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 77639219
*NewlyCreated* - 97579834
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL189649C5
*Deregistered* - 77639219
*Deregistered* - 97579834
*Deregistered* - aswMBR
*Deregistered* - MpKsl189649c5
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:35]
.
2012-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 01:07]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 01:07]
.
2012-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF
IE: Append to Existing PDF
IE: Convert Link Target to Adobe PDF
IE: Convert to Adobe PDF
IE: E&xport to Microsoft Excel
Trusted Zone: live.com\safety
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\5ya7w6rv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1232)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2012-08-09 17:31:57
ComboFix-quarantined-files.txt 2012-08-10 00:31
ComboFix2.txt 2012-08-09 19:00
.
Pre-Run: 52,851,937,280 bytes free
Post-Run: 52,963,049,472 bytes free
.
- - End Of File - - 567C74C9432D8D3EDEFA3C579E27F85F

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:17 PM

Posted 10 August 2012 - 12:37 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31
Mozilla Firefox 11.0 (x86 en-US)<-- needs to be updated
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 10 August 2012 - 08:44 AM

Power has just been restored to our area. I expect to work through this by the end of the day.

I have updated Firefox though all indications were that it was up to date, and I use ccleaner daily and usu after each session.
Your recommendation remains to remove Firefox?

Thanks

#15 Sobobapotomas

Sobobapotomas
  • Topic Starter

  • Validating
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 10 August 2012 - 12:30 PM

Logs attached - very long reboot.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ron :: TOSHIBA [administrator]

8/10/2012 8:00:19 AM
mbam-log-2012-08-10 (08-00-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227432
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:54 AM, on 8/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Ron\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://safety.live.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341687508928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341687500526
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_2.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

--
End of file - 9345 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users