Jump to content

I am infected here are my logs


Recommended Posts

Malwarebytes' Anti-Malware 1.44

Database version: 3711

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

2/8/2010 8:49:09 PM

mbam-log-2010-02-08 (20-49-09).txt

Scan type: Quick Scan

Objects scanned: 110997

Time elapsed: 22 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 0:29:42.63 on Tue 02/09/2010

Internet Explorer: 7.0.6002.18005

AV: Trend Micro AntiVirus *On-access scanning enabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: Trend Micro AntiVirus *enabled* (Outdated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

BHO: MRI_DISABLED - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"

uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"

mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide

mRun: [RtHDVCpl] "RtHDVCpl.exe"

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

mRun: [HSON] "%ProgramFiles%\TOSHIBA\TBS\HSON.exe"

mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

mRun: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe"

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [Trend Micro AntiVirus 2007] "c:\program files\trend micro\antivirus 2007\tavui.exe" -1 --delay 15

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [spySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: %SYSTEMROOT%\system32\tmlsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-02-09 05:26:24 0 ----a-w- c:\users\owner\defogger_reenable

2010-02-09 01:25:36 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2010-02-09 01:25:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-09 01:25:24 0 d-----w- c:\programdata\Malwarebytes

2010-02-09 01:25:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-09 01:25:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-08 23:21:12 0 d-----w- c:\programdata\HP Product Assistant

2010-02-08 23:19:33 77376 ----a-w- c:\windows\hpqins05.dat

2010-02-08 23:14:32 0 d-----w- c:\users\owner\appdata\roaming\HpUpdate

2010-02-08 23:14:26 0 d-----w- c:\windows\Hewlett-Packard

2010-02-01 23:19:33 0 d-----w- c:\program files\iPod

2010-01-27 02:46:37 0 d-----w- c:\program files\TuneUpMedia

2010-01-27 02:46:21 0 d-----w- c:\users\owner\appdata\roaming\TuneUpMedia

2010-01-27 02:45:28 0 d-----w- c:\programdata\TuneUpMedia

2010-01-22 23:55:36 0 d-----w- c:\programdata\WEBREG

2010-01-22 22:21:28 166548 ------w- c:\windows\hpoins31.dat.temp

2010-01-22 22:21:27 1691 ------w- c:\windows\hpomdl31.dat.temp

2010-01-22 20:59:05 834048 ----a-w- c:\windows\system32\wininet.dll

2010-01-22 20:58:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-13 01:07:04 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-13 01:07:04 156672 ----a-w- c:\windows\system32\t2embed.dll

==================== Find3M ====================

2010-01-29 17:24:58 51200 ----a-w- c:\windows\inf\infpub.dat

2010-01-29 17:24:57 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-01-22 23:55:22 166174 ----a-w- c:\windows\hpoins31.dat

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

2009-11-17 20:43:56 86016 ----a-w- c:\windows\inf\infstor.dat

2009-11-17 20:43:56 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-06-25 21:31:26 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-08-20 21:30:56 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-17 02:37:19 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-15 03:25:39 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 0:32:27.11 ===============

ark.zip

Attach.zip

Link to post
Share on other sites

Hello schneiderc4

Welcome to Malwarebytes.

=====================

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

===============

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Link to post
Share on other sites

Thanks for the info. I tried to download TDsskiller and it would not let me unzip the folder because of permissions and it will not let me change the permissions. any suggestions.

Hello schneiderc4

Welcome to Malwarebytes.

=====================

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

===============

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Link to post
Share on other sites

It is a person laptop and I checked i am an administrator

The message I got is:

The Extract Compressed(zipped) folders extraction wizard

Access to the compressed (zipped) folder is denyed

Before you can extract the files, you must change the permissions for this compressed( zipped) folder.

Then when I go to properties and to security and the the change permissions tab I get: Can't open access control editor. The remote procedure call failed and did not execute.

I am not sure about exe's

Thanks for the help.

Link to post
Share on other sites

Ok give this a shot:

Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 10-02-09.03 - Owner 02/09/2010 21:53:28.7.2 - x86

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}

SP: Trend Micro AntiVirus *disabled* (Outdated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.flickr.com

hxxp://farm5.static.flickr.com

hxxp://farm3.static.flickr.com

.

((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))

.

2010-02-10 03:08 . 2010-02-10 03:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-10 02:50 . 2010-02-10 02:51 -------- d-----w- C:\32788R22FWJFW

2010-02-09 01:25 . 2010-02-09 01:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2010-02-09 01:25 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-09 01:25 . 2010-02-09 01:25 -------- d-----w- c:\programdata\Malwarebytes

2010-02-09 01:25 . 2010-02-09 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-09 01:25 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-08 23:21 . 2010-02-08 23:21 -------- d-----w- c:\programdata\HP Product Assistant

2010-02-08 23:19 . 2010-02-08 23:33 77376 ----a-w- c:\windows\hpqins05.dat

2010-02-08 23:14 . 2010-02-08 23:22 -------- d-----w- c:\users\Owner\AppData\Roaming\HpUpdate

2010-02-08 23:14 . 2010-02-08 23:14 -------- d-----w- c:\windows\Hewlett-Packard

2010-02-01 23:19 . 2010-02-01 23:19 -------- d-----w- c:\program files\iPod

2010-02-01 23:11 . 2010-02-01 23:11 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-01-27 02:46 . 2010-01-27 02:47 -------- d-----w- c:\program files\TuneUpMedia

2010-01-27 02:46 . 2010-02-09 16:41 -------- d-----w- c:\users\Owner\AppData\Roaming\TuneUpMedia

2010-01-27 02:45 . 2010-02-03 02:41 -------- d-----w- c:\programdata\TuneUpMedia

2010-01-22 23:55 . 2010-01-22 23:55 -------- d-----w- c:\programdata\WEBREG

2010-01-22 23:53 . 2010-01-22 23:57 -------- d-----w- c:\users\Owner\AppData\Roaming\HP

2010-01-22 23:53 . 2010-01-22 23:53 -------- d-----w- c:\users\Owner\AppData\Local\HP

2010-01-22 20:59 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll

2010-01-22 20:58 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-13 01:07 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 01:07 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-09 05:26 . 2009-06-26 19:57 -------- d-----w- c:\program files\Safari

2010-02-08 23:33 . 2009-08-30 19:57 -------- d-----w- c:\programdata\HP

2010-02-08 23:27 . 2009-06-25 19:41 83104 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-08 23:14 . 2009-08-30 20:02 -------- d-----w- c:\program files\HP

2010-02-08 21:32 . 2009-07-15 01:54 680 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat

2010-02-01 23:20 . 2009-10-30 23:30 -------- d-----w- c:\program files\iTunes

2010-02-01 23:19 . 2009-06-26 19:47 -------- d-----w- c:\program files\Common Files\Apple

2010-01-22 23:55 . 2009-08-30 19:58 166174 ----a-w- c:\windows\hpoins31.dat

2010-01-19 03:05 . 2009-07-07 21:20 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-14 16:12 . 2009-10-03 04:56 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-08 18:17 . 2009-10-22 04:31 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-01-08 18:16 . 2009-10-22 04:31 38784 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-08 18:16 . 2009-10-22 04:31 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-08 02:24 . 2010-01-08 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.

1

2009-12-17 20:48 . 2009-10-22 04:30 -------- d-----w- c:\program files\Quick Hit

2009-12-16 02:52 . 2009-12-16 02:52 -------- d-----w- c:\program files\QuickTime

2009-12-07 01:09 . 2009-12-07 01:09 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-02 06:22 . 2009-06-26 19:38 164 ----a-w- c:\windows\install.dat

2009-11-17 20:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-13 23:55 . 2009-11-13 23:55 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-05-13 19:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-04 30192]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"Trend Micro AntiVirus 2007"="c:\program files\Trend Micro\AntiVirus 2007\tavui.exe" [2008-05-08 4613384]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:):68,56,3f,8e,bc,3a,ca,01

R2 ehstart;Windows Media Center Service Launcher;c:\windows\system32\svchost.exe [2008-01-19 21504]

R2 tavsvc;Trend Micro AntiVirus Protection Service;c:\program files\Trend Micro\AntiVirus 2007\tavsvc.exe [2007-01-22 251408]

R2 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2008-01-19 21504]

R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe [2007-01-22 566872]

R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]

R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248]

R3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\drivers\brusbser.sys [2006-11-02 11904]

R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 DFSR;DFS Replication;c:\windows\system32\DFSR.exe [2009-04-11 2092544]

R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 117760]

R3 ehRecvr;Windows Media Center Receiver Service;c:\windows\ehome\ehRecvr.exe [2008-01-19 292352]

R3 ehSched;Windows Media Center Scheduler Service;c:\windows\ehome\ehsched.exe [2006-11-02 131072]

R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2008-01-19 27648]

R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;c:\windows\system32\drivers\gagp30kx.sys [2006-11-02 58984]

R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-04 30192]

R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 MsRPC;MsRPC; [x]

R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw4v32.sys [2006-12-09 2206720]

R3 odserv;Microsoft Office Diagnostics Service;c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

R3 p2pimsvc;Peer Networking Identity Manager;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 p2psvc;Peer Networking Grouping;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 PalmUSBD;PalmUSBD;c:\windows\system32\drivers\PalmUSBD.sys [2009-09-16 16694]

R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 PNRPsvc;Peer Name Resolution Protocol;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 QWAVE;Quality Windows Audio Video Experience;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 QWAVEdrv;QWAVE driver;c:\windows\system32\drivers\qwavedrv.sys [2008-01-19 31232]

R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 SessionEnv;Terminal Services Configuration;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 sffdisk;SFF Storage Class Driver;c:\windows\system32\DRIVERS\sffdisk.sys [2008-01-19 13312]

R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2006-11-02 12800]

R3 sffp_sd;SFF Storage Protocol Driver for SDBus;c:\windows\system32\DRIVERS\sffp_sd.sys [2009-04-11 11776]

R3 SLUINotify;SL UI Notification Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 SNMPTRAP;SNMP Trap;c:\windows\System32\snmptrap.exe [2006-11-02 12800]

R3 Tcpip6;Microsoft IPv6 Protocol Driver;c:\windows\system32\DRIVERS\tcpip.sys [2009-08-14 904776]

R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 Tosrfcom;Tosrfcom; [x]

R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2009-04-11 39424]

R3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2008-01-19 23552]

R3 uagp35;Microsoft AGPv3.5 Filter;c:\windows\system32\drivers\uagp35.sys [2006-11-02 56936]

R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2008-01-19 35840]

R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2006-11-02 58472]

R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2009-08-28 40448]

R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2008-01-19 21504]

R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2008-01-19 21504]

R3 WpdUsb;WpdUsb;c:\windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

R4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2006-11-02 420968]

R4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2006-11-02 297576]

R4 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2006-11-02 67688]

R4 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [x]

R4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\brserid.sys [2006-11-02 71808]

R4 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336]

R4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]

R4 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2006-11-02 35328]

R4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2006-11-02 38912]

R4 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2006-11-02 316520]

R4 HidBth;Microsoft Bluetooth HID Miniport;c:\windows\system32\drivers\hidbth.sys [2006-11-02 29184]

R4 HidIr;Microsoft Infrared HID Driver;c:\windows\system32\drivers\hidir.sys [2006-11-02 21504]

R4 HpCISSs;HpCISSs;c:\windows\system32\drivers\hpcisss.sys [2006-11-02 37480]

R4 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iastorv.sys [2006-11-02 232040]

R4 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\ipmidrv.sys [2006-11-02 65536]

R4 iteatapi;ITEATAPI_Service_Install;c:\windows\system32\drivers\iteatapi.sys [2006-11-02 35944]

R4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-02 35944]

R4 KR10I;KR10I;c:\windows\system32\drivers\kr10i.sys [2007-01-03 216320]

R4 KR10N;KR10N;c:\windows\system32\drivers\kr10n.sys [2007-01-03 207104]

R4 KR3NPXP;KR3NPXP;c:\windows\system32\drivers\kr3npxp.sys [2007-01-03 479488]

R4 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2006-11-02 65640]

R4 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2006-11-02 65640]

R4 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2006-11-02 65640]

R4 Mcx2Svc;Windows Media Center Extender Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

R4 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2006-11-02 28776]

R4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2006-11-02 78952]

R4 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2006-11-02 23144]

R4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2006-11-02 80488]

R4 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-02 45160]

R4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]

R4 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2006-11-02 40040]

R4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\system32\drivers\ql2300.sys [2006-11-02 900712]

R4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088]

R4 sbp2port;SBP-2 Transport/Protocol Bus Driver;c:\windows\system32\drivers\sbp2port.sys [2006-11-02 76392]

R4 sermouse;Serial Mouse Driver;c:\windows\system32\drivers\sermouse.sys [2008-01-19 19968]

R4 SiSRaid2;SiSRaid2;c:\windows\system32\drivers\sisraid2.sys [2006-11-02 38504]

R4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2006-11-02 71784]

R4 uliahci;uliahci;c:\windows\system32\drivers\uliahci.sys [2006-11-02 235112]

R4 UlSata;UlSata;c:\windows\system32\drivers\ulsata.sys [2006-11-02 98408]

R4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2006-11-02 115816]

R4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2006-11-02 68608]

R4 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2006-11-02 39424]

R4 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2006-11-02 112232]

R4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-11-02 20608]

R4 Wd;Microsoft Watchdog Timer Driver;c:\windows\system32\drivers\wd.sys [2006-11-02 19560]

R4 WmiAcpi;Microsoft Windows Management Interface for ACPI;c:\windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-04-11 245736]

S0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [2009-04-11 141288]

S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-01-19 58936]

S0 msisadrv;ISA/EISA Class Driver;c:\windows\system32\drivers\msisadrv.sys [2008-01-19 16440]

S0 spldr;Security Processor Loader Driver; [x]

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]

S0 sshrmd;sshrmd;c:\windows\system32\DRIVERS\sshrmd.sys [2009-11-06 23152]

S0 ssidrv;ssidrv;c:\windows\system32\DRIVERS\ssidrv.sys [2009-11-06 176752]

S0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver;c:\windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]

S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2008-01-19 52792]

S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-04-11 292840]

S0 Wdf01000;Kernel Mode Driver Frameworks service;c:\windows\system32\drivers\Wdf01000.sys [2008-01-19 503864]

S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-11 75264]

S1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-01-19 16384]

S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2008-01-19 6144]

S1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-04-11 66560]

S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2009-04-11 72192]

S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2008-01-19 62464]

S2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 CFSvcs;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-15 40960]

S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 hpqddsvc;HP CUE DeviceDiscovery Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 HPSLPSVC;HP Network Devices Support;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2008-01-19 47104]

S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-01-19 84480]

S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 Net Driver HPZ12;Net Driver HPZ12;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 netprofm;Network List Service;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2006-11-02 878080]

S2 pinger;pinger;c:\toshiba\IVP\ISM\pinger.exe [2007-01-26 136816]

S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 rspndr;Link-Layer Topology Discovery Responder;c:\windows\system32\DRIVERS\rspndr.sys [2008-01-19 60416]

S2 slsvc;Software Licensing;c:\windows\system32\SLsvc.exe [2009-04-11 3408896]

S2 Swupdtmr;Swupdtmr;c:\toshiba\IVP\swupdate\swupdtmr.exe [2007-01-26 63096]

S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-08-14 30720]

S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]

S2 tmxpflt;tmxpflt;c:\windows\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]

S2 TODDSrv;TOSHIBA Optical Disc Drive Service;c:\windows\system32\TODDSrv.exe [2006-05-26 114688]

S2 TosCoSrv;TOSHIBA Power Saver;c:\program files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-20 428152]

S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]

S2 UleadBurningHelper;Ulead Burning Helper;c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-24 49152]

S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 vsapint;vsapint;c:\windows\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]

S2 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2008-01-19 21504]

S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-12-02 1201640]

S2 WSearch;Windows Search;c:\windows\system32\SearchIndexer.exe [2009-04-11 441344]

S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2008-01-19 21504]

S3 bowser;bowser;c:\windows\system32\DRIVERS\bowser.sys [2008-01-19 69632]

S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-09-25 634880]

S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2008-01-19 21504]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 hpqcxs08;hpqcxs08;c:\windows\system32\svchost.exe [2008-01-19 21504]

S3 igfx;igfx;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]

S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-11 180712]

S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-06-15 9728]

S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2008-01-19 41984]

S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2008-01-19 64000]

S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2009-04-11 212992]

S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2009-04-11 79360]

S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-11 148480]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 sdbus;sdbus;c:\windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

S3 srv2;srv2;c:\windows\system32\DRIVERS\srv2.sys [2009-09-14 144896]

S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-04-11 98816]

S3 StillCam;Still Serial Digital Camera Driver;c:\windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]

S3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]

S3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;c:\windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]

S3 tifm21;tifm21;c:\windows\system32\drivers\tifm21.sys [2007-01-24 290304]

S3 tunmp;Microsoft Tun Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunmp.sys [2008-01-19 15360]

S3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2008-01-19 23040]

S3 umbus;UMBus Enumerator Driver;c:\windows\system32\DRIVERS\umbus.sys [2008-01-19 34816]

S3 usbvideo;USB Video Device (WDM);c:\windows\system32\Drivers\usbvideo.sys [2006-11-02 132352]

S3 UVCFTR;UVCFTR;c:\windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-27 17712]

S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2008-01-19 21504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2007-01-09 221696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

2010-02-09 c:\windows\Tasks\wrSpySweeper_L041F3AB303F04119AF58DF1A8DBFD988.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-06-26 20:19]

2010-02-09 c:\windows\Tasks\wrSpySweeper_L041F3AB303F04119AF58DF1A8DBFD988.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-06-26 20:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\tmlsp.dll

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E03618]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x87fb1d24

\Driver\ACPI -> acpi.sys @ 0x8069bd68

\Driver\atapi -> ataport.SYS @ 0x829dda2c

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2010-02-09 22:13:56

ComboFix-quarantined-files.txt 2010-02-10 03:13

Pre-Run: 93,772,640,256 bytes free

Post-Run: 93,767,094,272 bytes free

- - End Of File - - 7952C7A2D81ED2330A5751B7CEA8EA83

Link to post
Share on other sites

Ok just to double check everything please do the following:

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

So much for being free

Malwarebytes' Anti-Malware 1.44

Database version: 3731

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

2/12/2010 4:24:34 PM

mbam-log-2010-02-12 (16-24-34).txt

Scan type: Quick Scan

Objects scanned: 108172

Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

all the second log contained was

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Nope you are clean that is just a restriction to not show the search option in your start menu.

How are things running?

Please download DDS and save it to your desktop.

  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open as well as attach.txt.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

attach.txt

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

Glad we could help. ;)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.