Jump to content

Google redirect issues


Recommended Posts

Hi,

I Noticed on June 19th a fake antivirus program popping up on my computer saying that my computer was infected with "W32 blaster.worm" (or something to that effect.) I have McAfee Internet Security and Microsoft Security Essentials and none of these programs seemed to pick it up. I downloaded Malwarebytes and ran it and it removed, "Rouge.Spypro, Trojan.FakeAlert, and Rogue.MSAntiSpyware."

When I search on Google, I am still being redirected to sites like "Scour.com" and others like it. I tried to check my bank account the other day, and my banking site came up but when I went to login, my sitekey was missing and in place was a page of questions asking for very sensitive information, (SSN#, passwords, etc)...needless to say I did not continue.

I ran the defogger and I am attaching my DDS and GMER files, and the newest Malwarebytes scan. I would really appreciate any help.

Thanks so much!

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7002

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/1/2011 10:48:10 PM

mbam-log-2011-07-01 (22-48-10).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 265029

Time elapsed: 1 hour(s), 42 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

New Compressed (zipped) Folder.zip

Link to post
Share on other sites

Hello usethemap and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hi,

Thanks for your help! Things seem better. I tried a couple searches on google, and I didn't get redirected. I'll let you know if that changes. For now, here are the logs requested. Let me know if they are concerning.

2011/07/02 14:22:54.0875 0168 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/07/02 14:22:55.0203 0168 ================================================================================

2011/07/02 14:22:55.0203 0168 SystemInfo:

2011/07/02 14:22:55.0203 0168

2011/07/02 14:22:55.0203 0168 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/02 14:22:55.0203 0168 Product type: Workstation

2011/07/02 14:22:55.0203 0168 ComputerName: BOBO

2011/07/02 14:22:55.0203 0168 UserName: Administrator

2011/07/02 14:22:55.0203 0168 Windows directory: C:\WINDOWS

2011/07/02 14:22:55.0203 0168 System windows directory: C:\WINDOWS

2011/07/02 14:22:55.0203 0168 Processor architecture: Intel x86

2011/07/02 14:22:55.0203 0168 Number of processors: 2

2011/07/02 14:22:55.0203 0168 Page size: 0x1000

2011/07/02 14:22:55.0203 0168 Boot type: Safe boot with network

2011/07/02 14:22:55.0203 0168 ================================================================================

2011/07/02 14:22:57.0406 0168 Initialize success

2011/07/02 14:22:59.0781 3224 ================================================================================

2011/07/02 14:22:59.0781 3224 Scan started

2011/07/02 14:22:59.0781 3224 Mode: Manual;

2011/07/02 14:22:59.0781 3224 ================================================================================

2011/07/02 14:23:02.0000 3224 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/02 14:23:02.0046 3224 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/02 14:23:02.0156 3224 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/02 14:23:02.0203 3224 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/07/02 14:23:02.0250 3224 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/02 14:23:02.0562 3224 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/07/02 14:23:02.0921 3224 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/02 14:23:03.0281 3224 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/07/02 14:23:03.0406 3224 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/02 14:23:03.0468 3224 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/02 14:23:03.0562 3224 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/02 14:23:03.0656 3224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/02 14:23:03.0703 3224 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/02 14:23:04.0015 3224 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/02 14:23:04.0093 3224 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/02 14:23:04.0203 3224 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS

2011/07/02 14:23:04.0234 3224 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/02 14:23:04.0312 3224 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/02 14:23:04.0359 3224 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/02 14:23:04.0531 3224 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/02 14:23:04.0781 3224 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/02 14:23:05.0046 3224 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/02 14:23:05.0125 3224 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/07/02 14:23:05.0156 3224 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/07/02 14:23:05.0218 3224 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

2011/07/02 14:23:05.0296 3224 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/07/02 14:23:05.0328 3224 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/07/02 14:23:05.0375 3224 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/07/02 14:23:05.0468 3224 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2011/07/02 14:23:05.0656 3224 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/07/02 14:23:05.0703 3224 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/07/02 14:23:05.0859 3224 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/02 14:23:05.0906 3224 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/02 14:23:06.0015 3224 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/02 14:23:06.0171 3224 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/02 14:23:06.0343 3224 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/02 14:23:06.0375 3224 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/07/02 14:23:06.0421 3224 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/07/02 14:23:06.0515 3224 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/02 14:23:06.0656 3224 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/07/02 14:23:06.0890 3224 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/02 14:23:06.0968 3224 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/07/02 14:23:07.0093 3224 FdRedir (8affa5814b135417494e48eb9c0b6c5e) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

2011/07/02 14:23:07.0125 3224 FileDisk2 (6ed5c6a25174118036e978b42f0974d1) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

2011/07/02 14:23:07.0250 3224 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/02 14:23:07.0375 3224 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/02 14:23:07.0484 3224 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/02 14:23:07.0578 3224 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/02 14:23:07.0609 3224 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/02 14:23:07.0687 3224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/07/02 14:23:07.0718 3224 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/02 14:23:07.0906 3224 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/02 14:23:08.0078 3224 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys

2011/07/02 14:23:08.0156 3224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/02 14:23:08.0312 3224 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/07/02 14:23:08.0468 3224 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/02 14:23:08.0734 3224 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/02 14:23:08.0796 3224 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/02 14:23:09.0000 3224 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/02 14:23:09.0046 3224 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/02 14:23:09.0109 3224 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/02 14:23:09.0218 3224 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/02 14:23:09.0281 3224 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/02 14:23:09.0453 3224 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/02 14:23:09.0546 3224 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys

2011/07/02 14:23:09.0593 3224 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/02 14:23:09.0687 3224 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/02 14:23:09.0781 3224 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/07/02 14:23:10.0000 3224 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/02 14:23:10.0046 3224 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/02 14:23:10.0109 3224 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/02 14:23:10.0187 3224 KR10N (a1963360e74931222a67356c8ad48378) C:\WINDOWS\system32\drivers\KR10N.sys

2011/07/02 14:23:10.0312 3224 KR10N2K (eba03724cd19fb8de735a9752887aedc) C:\WINDOWS\system32\drivers\KR10N2K.sys

2011/07/02 14:23:10.0468 3224 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/02 14:23:10.0656 3224 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/07/02 14:23:10.0734 3224 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/07/02 14:23:10.0781 3224 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/02 14:23:10.0890 3224 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/02 14:23:10.0937 3224 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/02 14:23:11.0062 3224 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/02 14:23:11.0203 3224 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/02 14:23:11.0281 3224 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/07/02 14:23:11.0750 3224 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/02 14:23:11.0843 3224 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/02 14:23:11.0906 3224 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/02 14:23:11.0984 3224 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/02 14:23:12.0031 3224 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/02 14:23:12.0187 3224 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/02 14:23:12.0328 3224 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/02 14:23:12.0406 3224 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/02 14:23:12.0484 3224 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/02 14:23:12.0546 3224 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/02 14:23:12.0734 3224 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/02 14:23:12.0890 3224 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/02 14:23:12.0953 3224 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/02 14:23:13.0000 3224 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/02 14:23:13.0046 3224 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/02 14:23:13.0109 3224 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/02 14:23:13.0265 3224 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/02 14:23:13.0421 3224 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/02 14:23:13.0500 3224 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/07/02 14:23:13.0593 3224 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/02 14:23:13.0640 3224 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/02 14:23:13.0734 3224 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/02 14:23:13.0921 3224 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/02 14:23:14.0234 3224 nv (874a0ee8abd39d054cd9272e076d065e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/02 14:23:14.0531 3224 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/02 14:23:14.0578 3224 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/02 14:23:14.0640 3224 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/02 14:23:14.0734 3224 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/02 14:23:14.0765 3224 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/02 14:23:14.0828 3224 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/02 14:23:14.0859 3224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/02 14:23:14.0953 3224 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/02 14:23:15.0031 3224 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/07/02 14:23:15.0421 3224 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2011/07/02 14:23:15.0671 3224 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/02 14:23:15.0718 3224 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/02 14:23:15.0812 3224 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/02 14:23:15.0843 3224 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/02 14:23:16.0109 3224 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/02 14:23:16.0187 3224 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/02 14:23:16.0234 3224 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/02 14:23:16.0281 3224 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/02 14:23:16.0343 3224 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/02 14:23:16.0375 3224 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/02 14:23:16.0468 3224 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/02 14:23:16.0718 3224 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/02 14:23:16.0781 3224 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/02 14:23:16.0968 3224 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/07/02 14:23:17.0093 3224 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/07/02 14:23:17.0328 3224 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/02 14:23:17.0437 3224 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/02 14:23:17.0562 3224 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/07/02 14:23:17.0593 3224 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/07/02 14:23:17.0656 3224 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/02 14:23:17.0781 3224 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/02 14:23:17.0921 3224 smihlp (aef89571c4e567575db8bdf120765b6c) C:\Program Files\Protector Suite QL\smihlp.sys

2011/07/02 14:23:18.0218 3224 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/02 14:23:18.0281 3224 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/02 14:23:18.0375 3224 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/02 14:23:18.0531 3224 STHDA (43f6a0513268c56a1f0adb491f27417b) C:\WINDOWS\system32\drivers\sthda.sys

2011/07/02 14:23:18.0796 3224 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/02 14:23:18.0859 3224 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/02 14:23:18.0890 3224 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/02 14:23:19.0203 3224 SynTP (127214c3fc1167c81d20e42ffde5ec6d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/02 14:23:19.0234 3224 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/02 14:23:19.0328 3224 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2011/07/02 14:23:19.0406 3224 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/02 14:23:19.0625 3224 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/07/02 14:23:19.0687 3224 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/02 14:23:19.0750 3224 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/02 14:23:19.0796 3224 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/02 14:23:19.0890 3224 thdudf (140a81813099b1179fdb060d8a4be8f5) C:\WINDOWS\system32\DRIVERS\thdudf.sys

2011/07/02 14:23:19.0953 3224 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys

2011/07/02 14:23:20.0031 3224 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2011/07/02 14:23:20.0312 3224 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2011/07/02 14:23:20.0375 3224 Tosrfbd (294675c8e4316302efe14b1a1219d942) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/07/02 14:23:20.0406 3224 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2011/07/02 14:23:20.0500 3224 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2011/07/02 14:23:20.0531 3224 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2011/07/02 14:23:20.0593 3224 Tosrfhid (31b0145c289d2b3e3e9948345caa7b6f) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/07/02 14:23:20.0640 3224 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2011/07/02 14:23:20.0875 3224 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2011/07/02 14:23:20.0921 3224 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/07/02 14:23:21.0093 3224 TOS_SPS (0d1ecddc36918c05fd964dab0c09844a) C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys

2011/07/02 14:23:21.0203 3224 ttv300x (14bcc2ae53ba45ff23bbe352eaf28478) C:\WINDOWS\system32\drivers\ttv300x.sys

2011/07/02 14:23:21.0453 3224 TVALZ (99606af3c5479e2ede6388d4cb3b6ba0) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS

2011/07/02 14:23:21.0500 3224 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/02 14:23:21.0640 3224 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/02 14:23:21.0750 3224 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/02 14:23:21.0812 3224 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/02 14:23:21.0875 3224 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/02 14:23:22.0093 3224 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/02 14:23:22.0156 3224 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/02 14:23:22.0203 3224 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/02 14:23:22.0265 3224 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/02 14:23:22.0328 3224 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/02 14:23:22.0375 3224 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/02 14:23:22.0671 3224 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/02 14:23:22.0843 3224 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/07/02 14:23:22.0921 3224 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/02 14:23:23.0171 3224 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/07/02 14:23:23.0281 3224 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/02 14:23:23.0531 3224 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/02 14:23:23.0812 3224 MBR (0x1B8) (33acd7f96c8c543021d4b4a4c6afbe8a) \Device\Harddisk0\DR0

2011/07/02 14:23:23.0812 3224 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)

2011/07/02 14:23:24.0234 3224 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

2011/07/02 14:23:24.0265 3224 Boot (0x1200) (4573dae85fd7dc10cbe6260c332d63c4) \Device\Harddisk0\DR0\Partition0

2011/07/02 14:23:24.0296 3224 Boot (0x1200) (0736870ebe57c8ecffe3e45b389062a3) \Device\Harddisk1\DR1\Partition0

2011/07/02 14:23:24.0328 3224 ================================================================================

2011/07/02 14:23:24.0328 3224 Scan finished

2011/07/02 14:23:24.0328 3224 ================================================================================

2011/07/02 14:23:24.0375 3200 Detected object count: 1

2011/07/02 14:23:24.0375 3200 Actual detected object count: 1

2011/07/02 14:26:00.0921 3200 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot

2011/07/02 14:26:00.0921 3200 \Device\Harddisk0\DR0 - ok

2011/07/02 14:26:00.0921 3200 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/02 14:27:14.0921 3844 Deinitialize success

ComboFix 11-07-02.02 - Me 07/02/2011 15:08:43.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.425 [GMT -7:00]

Running from: c:\documents and settings\Me\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))

.

.

2011-07-02 18:57 . 2011-07-02 18:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-07-02 18:15 . 2011-07-02 18:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-07-02 04:01 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FAD4E4F-2645-4039-82B0-C0BF59ABB802}\mpengine.dll

2011-07-01 23:29 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-30 23:30 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-30 23:20 . 2011-06-30 23:22 -------- d-----w- c:\program files\Microsoft Security Client

2011-06-20 01:07 . 2011-06-20 01:07 -------- d-----w- c:\documents and settings\Friends\Application Data\Malwarebytes

2011-06-20 01:07 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-20 01:07 . 2011-06-20 01:07 -------- d-----w- c:\program files\Tangerine

2011-06-20 01:07 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-20 01:02 . 2011-06-20 01:02 -------- d-sh--w- c:\documents and settings\Friends\PrivacIE

2011-06-20 00:58 . 2011-06-20 00:58 -------- d-sh--w- c:\documents and settings\Friends\IETldCache

2011-06-20 00:35 . 2011-06-20 00:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-06-18 06:20 . 2011-06-18 06:20 -------- d-----w- C:\spoolerlogs

2011-06-15 20:46 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2006-01-13 17:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-01-13 15:49 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-01-13 15:48 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-01-13 15:49 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-01-13 15:48 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-01-13 15:48 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-01-13 15:48 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-01-13 15:48 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-18 20:18 . 2011-04-18 20:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2006-09-26 05:23 . 2006-09-26 05:23 1355912 ------w- c:\program files\install_flash_player.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 39408]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-03-01 245760]

"000StTHK"="000StTHK.exe" [2001-06-23 24576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-23 7340032]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-08 761947]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]

"TPSMain"="TPSMain.exe" [2005-12-07 315392]

"TPSODDCtl"="TPSODDCtl.exe" [2005-12-07 110592]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"TFNF5"="TFNF5.exe" [2005-12-09 581632]

"Kraidman"="c:\program files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-09-30 1126484]

"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]

"NDSTray.exe"="NDSTray.exe" [bU]

"TFncKy"="TFncKy.exe" [bU]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]

"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2006-1-13 329472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-12-22 05:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ c:\windows\system32\ldpsgoji.exe c:\windows\system32\ldpsgoji.exe:changelist\0c:\windows\system32\psrhgsik.exe c:\windows\system32\psrhgsik.exe:changelist\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

backup=c:\windows\pss\RAMASST.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\Me\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 KR10N2K;KR10N2K;c:\windows\system32\drivers\KR10N2K.sys [1/13/2006 8:49 AM 207360]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 10:55 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 10:55 PM 33024]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 10:25 PM 3456]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [1/13/2006 11:15 AM 66816]

R2 TOS_SPS;TOSHIBA SPS Driver;c:\program files\Toshiba\TMP2VDec\tos_sps.sys [12/21/2005 12:27 PM 169216]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/28/2007 12:00 AM 24652]

R3 ttv300x;TOSHIBA PCI TV Tuner;c:\windows\system32\drivers\ttv300x.sys [1/17/2006 2:18 PM 136960]

S0 jwmvqlds;jwmvqlds;c:\windows\system32\drivers\fmrmdw.sys --> c:\windows\system32\drivers\fmrmdw.sys [?]

S1 MpKsl1aa3d5a4;MpKsl1aa3d5a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF94CA10-E622-44FF-9A0C-BB0DD19ABA85}\MpKsl1aa3d5a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF94CA10-E622-44FF-9A0C-BB0DD19ABA85}\MpKsl1aa3d5a4.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2009 6:39 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2009 6:39 PM 135664]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

.

2011-07-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 00:46]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 01:39]

.

2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 01:39]

.

2011-07-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-McAfee Clean Up Tool - c:\docume~1\Me\LOCALS~1\TEMPOR~1\Content.IE5\U070B10G\UNWISE.EXE

AddRemove-McAfee Virtual Technician - c:\program files\McAfee\Supportability\MVT\MVTInstaller.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-02 15:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(860)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\crypto.dll

.

- - - - - - - > 'explorer.exe'(3592)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

Completion time: 2011-07-02 15:19:50

ComboFix-quarantined-files.txt 2011-07-02 22:19

ComboFix2.txt 2011-07-02 03:56

.

Pre-Run: 29,926,379,520 bytes free

Post-Run: 29,958,389,760 bytes free

.

- - End Of File - - FF78F53F3A7517E16FC87D42A447CBA7

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

Glad to hear things are better! :D

However, I need you to understand one of the serious infections that you just had (and still might have):

One or more of the identified infections (W32.Sinowal) is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately once you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on internet theft and when to reformat!

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

Please note: This is an older infection, and as you can tell we are already making progress. The information I have included above was merely to warn you about the severity of the infection, not to scare you :).

If you would like to puruse cleaning this computer, please proceed with the following ;):

---------------

We still have some cleanup to do.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

jwmvqlds

File::

c:\windows\system32\ldpsgoji.exe

c:\windows\system32\psrhgsik.exe

c:\windows\system32\psqlpwd.dll

c:\windows\system32\drivers\fmrmdw.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix,txt in your next reply, and let me know how your system is running now :).

Link to post
Share on other sites

Thank you for the information about the rootkit. That is definitely concerning. I checked my bank website and the page asking for my sensitive information did not appear this time, which is good. I'm still not comfortable checking my banking information, though. Can Macs be attacked like my PC? This isn't the first time I've had problems with rootkits.

Here is the log you requested.

Thanks again

ComboFix 11-07-03.01 - Me 07/03/2011 16:44:37.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.380 [GMT -7:00]

Running from: c:\documents and settings\Me\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Me\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\system32\drivers\fmrmdw.sys"

"c:\windows\system32\ldpsgoji.exe"

"c:\windows\system32\psqlpwd.dll"

"c:\windows\system32\psrhgsik.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_jwmvqlds

.

.

((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))

.

.

2011-07-03 22:06 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D69716B9-BA65-4417-B0FF-BB18E538CA59}\mpengine.dll

2011-07-02 18:57 . 2011-07-02 18:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-07-02 18:15 . 2011-07-02 18:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-07-01 23:29 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-30 23:30 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-30 23:20 . 2011-06-30 23:22 -------- d-----w- c:\program files\Microsoft Security Client

2011-06-20 01:07 . 2011-06-20 01:07 -------- d-----w- c:\documents and settings\Friends\Application Data\Malwarebytes

2011-06-20 01:07 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-20 01:07 . 2011-06-20 01:07 -------- d-----w- c:\program files\Tangerine

2011-06-20 01:07 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-20 01:02 . 2011-06-20 01:02 -------- d-sh--w- c:\documents and settings\Friends\PrivacIE

2011-06-20 00:58 . 2011-06-20 00:58 -------- d-sh--w- c:\documents and settings\Friends\IETldCache

2011-06-20 00:35 . 2011-06-20 00:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-06-18 06:20 . 2011-06-18 06:20 -------- d-----w- C:\spoolerlogs

2011-06-15 20:46 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2006-01-13 17:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-01-13 15:49 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-01-13 15:48 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-01-13 15:49 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-01-13 15:48 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-01-13 15:48 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-01-13 15:48 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-01-13 15:48 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-18 20:18 . 2011-04-18 20:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2006-09-26 05:23 . 2006-09-26 05:23 1355912 ------w- c:\program files\install_flash_player.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-02_03.45.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-01-13 17:24 . 2011-07-02 12:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-01-13 17:24 . 2011-07-01 21:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-01-13 17:24 . 2011-07-02 12:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-01-13 17:24 . 2011-07-01 21:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 39408]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-03-01 245760]

"000StTHK"="000StTHK.exe" [2001-06-23 24576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-23 7340032]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-08 761947]

"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]

"TPSMain"="TPSMain.exe" [2005-12-07 315392]

"TPSODDCtl"="TPSODDCtl.exe" [2005-12-07 110592]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"TFNF5"="TFNF5.exe" [2005-12-09 581632]

"Kraidman"="c:\program files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-09-30 1126484]

"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]

"NDSTray.exe"="NDSTray.exe" [bU]

"TFncKy"="TFncKy.exe" [bU]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]

"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Metamail Trust Manager.lnk - c:\program files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2006-1-13 329472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-12-22 05:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ c:\windows\system32\ldpsgoji.exe c:\windows\system32\ldpsgoji.exe:changelist\0c:\windows\system32\psrhgsik.exe c:\windows\system32\psrhgsik.exe:changelist\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk

backup=c:\windows\pss\RAMASST.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\Me\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 KR10N2K;KR10N2K;c:\windows\system32\drivers\KR10N2K.sys [1/13/2006 8:49 AM 207360]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 10:55 PM 13568]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 10:55 PM 33024]

R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 10:25 PM 3456]

R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [1/13/2006 11:15 AM 66816]

R2 TOS_SPS;TOSHIBA SPS Driver;c:\program files\Toshiba\TMP2VDec\tos_sps.sys [12/21/2005 12:27 PM 169216]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/28/2007 12:00 AM 24652]

R3 ttv300x;TOSHIBA PCI TV Tuner;c:\windows\system32\drivers\ttv300x.sys [1/17/2006 2:18 PM 136960]

S1 MpKsl1aa3d5a4;MpKsl1aa3d5a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF94CA10-E622-44FF-9A0C-BB0DD19ABA85}\MpKsl1aa3d5a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF94CA10-E622-44FF-9A0C-BB0DD19ABA85}\MpKsl1aa3d5a4.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2009 6:39 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/21/2009 6:39 PM 135664]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

.

2011-07-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 00:46]

.

2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 01:39]

.

2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 01:39]

.

2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-03 16:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(864)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\bio.dll

c:\program files\Protector Suite QL\remote.dll

c:\program files\Protector Suite QL\mysafe.dll

c:\program files\Protector Suite QL\crypto.dll

.

- - - - - - - > 'explorer.exe'(3404)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\TPSMain.exe

c:\windows\system32\TFNF5.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\TPSBattM.exe

c:\program files\Protector Suite QL\psqltray.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\lxcrcoms.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\progra~1\METAMA~1\METAMA~1\METAMA~2.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\msiexec.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\AIM6\aolsoftware.exe

.

**************************************************************************

.

Completion time: 2011-07-03 17:02:15 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-04 00:02

ComboFix2.txt 2011-07-02 22:19

ComboFix3.txt 2011-07-02 03:56

.

Pre-Run: 29,850,152,960 bytes free

Post-Run: 29,844,168,704 bytes free

.

- - End Of File - - 4371BCF4598743FD839E0A824CF1547D

Link to post
Share on other sites

Your logs are looking better! ;)

Can Macs be attacked like my PC?

In short, yes. However, because Macs are less targeted compared to PCs, you stand a better chance of not getting infected. There still are many viruses which attack Macs, however.

I need to know: are you still being redirected?

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

------

Please include both ESET and BitDefender results in your next reply ;)

Link to post
Share on other sites

So far, so good. I tried some searches and I haven't been redirected at all.

Here are the two logs you requested:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=226e0c713ec71a4bbce6ab3d00b1714e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-04 04:28:34

# local_time=2011-07-03 09:28:34 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=84570

# found=0

# cleaned=0

# scan_time=3063

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Sun Jul 03 21:35:25 2011

Machine ID: 5C326160

No infection found.

-------------------

Processes

---------

Adobe Reader and Acrobat Manager 3788 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AOL Service Libraries 3340 C:\Program Files\AIM6\aim6.exe

AOL Service Libraries 3000 C:\Program Files\AIM6\aolsoftware.exe

Bluetooth Stack for Windows by TOSHIBA 716 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

Bluetooth Stack for Windows by Toshiba 3012 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

Bluetooth Stack for Windows by TOSHIBA 2668 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

Bonjour 464 C:\Program Files\Bonjour\mDNSResponder.exe

C-Major Audio 344 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

CD/DVD Drive Acoustic Silencer 4000 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

ConfigFree 560 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

Device Monitor 3352 C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

Drive Letter Access Component 2804 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

DVD-RAM Utility Helper Service 656 C:\WINDOWS\system32\DVDRAMSV.exe

hp digital imaging - hp all-in-one seri 624 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

hp digital imaging - hp all-in-one seri 632 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

hp digital imaging - hp all-in-one seri 3708 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

Intel PROSet/Wireless 4884 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

Intel® PROSet/Wireless 1660 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

Intel® PROSet/Wireless Event Log 1308 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

Intel® PROSet/Wireless Registry Servi 1512 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

Intel® PROSet/Wireless Service 1348 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

iTunes 3984 C:\Program Files\iPod\bin\iPodService.exe

iTunes 616 C:\Program Files\iTunes\iTunesHelper.exe

Lexmark Fast Pics Application 3132 C:\Program Files\Lexmark 2400 Series\ezprint.exe

Metamail 1200 C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE

Metamail Trust Manager 3572 C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe

Microsoft® Windows® Operating System 2584 C:\WINDOWS\ehome\ehmsas.exe

Microsoft® Windows® Operating System 688 C:\WINDOWS\ehome\ehrecvr.exe

Microsoft® Windows® Operating System 808 C:\WINDOWS\ehome\ehSched.exe

Microsoft® Windows® Operating System 764 C:\WINDOWS\ehome\ehtray.exe

Microsoft® Windows® Operating System 3292 C:\WINDOWS\ehome\mcrdsvc.exe

Microsoft® Windows® Operating System 4316 C:\WINDOWS\system32\notepad.exe

Microsoft® Windows® Operating System 1972 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 2924 C:\WINDOWS\system32\wscntfy.exe

MobileDeviceService 316 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

NVIDIA Driver Helper Service, Version 8 1484 C:\WINDOWS\system32\nvsvc32.exe

PadTouch 2580 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe

Printer Communication System 2220 C:\WINDOWS\system32\lxcrcoms.exe

psqltray.exe 3744 C:\Program Files\Protector Suite QL\psqltray.exe

SafeCast Windows NT 540 C:\WINDOWS\system32\drivers\CDAC11BA.EXE

swupdtmr.exe 2776 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe

Synaptics Pointing Device Driver 2064 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Synaptics Pointing Device Driver 2572 C:\Program Files\Synaptics\SynTP\Toshiba.exe

TOSHIBA Hotkey Utility for Display Devi 2432 C:\WINDOWS\system32\TFNF5.exe

TOSHIBA Power Saver 2104 C:\WINDOWS\system32\TPSBattM.exe

TOSHIBA Power Saver 2248 C:\WINDOWS\system32\TPSMain.exe

TOSHIBA RAID CONSOLE 2460 C:\Program Files\Toshiba\TOSHIBA RAID\Console\KRaidMan.exe

TOSHIBA RAID Service 1448 C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe

TOSHIBA THotkey 1796 C:\WINDOWS\system32\00THotkey.exe

TOSHIBA Zooming Utility 2680 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

TouchPad On/Off Utility 2236 C:\Program Files\Toshiba\TouchED\TouchED.exe

Viewpoint Manager 2836 C:\Program Files\Viewpoint\Common\ViewpointService.exe

Viewpoint Manager 2568 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Wireless Hotkey 3396 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe

ZeroCfgSvc Application 2400 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

(verified) GoogleToolbarNotifier 1304 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System 3404 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 2284 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 4520 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 4060 C:\WINDOWS\system32\dllhost.exe

(verified) Microsoft® Windows® Operating System 920 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 908 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 784 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1560 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1384 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2748 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1280 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1252 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1176 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1108 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 184 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 588 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 1580 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 4896 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 6056 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 74.125.224.174

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 69.171.224.39

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 66.235.143.118

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 174.76.226.18

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 66.235.143.118

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 72.246.94.57

Process iexplore.exe (6056) connected on port 80 (HTTP) --> 174.76.226.18

Process svchost.exe (1108) listens on ports: 3389 (Terminal Server)

Process svchost.exe (1176) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

000StTHK.exe C:\WINDOWS\system32\000StTHK.exe

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AOL Service Libraries C:\Program Files\AIM6\aim6.exe

Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe

CD/DVD Drive Acoustic Silencer C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

Device Monitor C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

Drive Letter Access Component C:\WINDOWS\system32\DLA\DLACTRLW.EXE

hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

hp digital imaging - hp all-in-one seri C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

Intel® PROSet/Wireless C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

launcher.exe C:\Program Files\Protector Suite QL\launcher.exe

Lexmark Fast Pics Application C:\Program Files\Lexmark 2400 Series\ezprint.exe

Lexmark Fax Solutions Software C:\Program Files\Lexmark Fax Solutions\fm3032.exe

Metamail Trust Manager C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe

Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\scrnsave.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll

PadTouch C:\Program Files\Toshiba\Touch and Launch\PadExe.exe

psqlpwd.dll C:\WINDOWS\system32\psqlpwd.dll

QuickTime C:\Program Files\QuickTime\qttask.exe

Software Upgrades c:\toshiba\ivp\ism\pinger.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

TOSHIBA Hotkey Utility for Display Devi C:\WINDOWS\system32\TFNF5.exe

TOSHIBA Power Saver C:\WINDOWS\system32\TPSMain.exe

TOSHIBA Power Saver C:\WINDOWS\system32\TPSODDCtl.exe

TOSHIBA RAID CONSOLE C:\Program Files\Toshiba\TOSHIBA RAID\Console\KRaidMan.exe

TOSHIBA THotkey C:\WINDOWS\system32\00THotkey.exe

TOSHIBA Zooming Utility C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

TouchPad On/Off Utility C:\Program Files\Toshiba\TouchED\TouchED.exe

Wireless Hotkey C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe

ZeroCfgSvc Application C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AOL Instant Messenger C:\Program Files\AIM\aim.exe

AOL Media Playback Control C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Drive Letter Access Component c:\windows\system32\dla\dlashx_w.dll

Facebook Photo Uploader C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx

Facebook Photo Uploader 4 C:\WINDOWS\Downloaded Program Files\ImageUploader4.1.ocx

Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

HP Smart Web Printing c:\program files\hp\smart web printing\hpswp_framework.dll

HP Smart Web Printing C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-us.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

toolband.dll C:\Program Files\Lexmark Toolbar\toolband.dll

unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe

Windows Live Photo Upload Control C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll

Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

(verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: CFSServ.exe -NoClient

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"CFSServ.exe"

File not found: NDSTray.exe

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NDSTray.exe"

File not found: TFncKy.exe

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"TFncKy"

Scan

----

MD5: a5745c2c7cf871a4248953c437c26eb0 C:\Program Files\AIM6\acccore.dll

MD5: 5b4af27e83da8385a9b08e76da730c91 C:\Program Files\AIM6\aim6.exe

MD5: 1a4055c426ff81550233a32c5cfea38e C:\Program Files\AIM6\aolsoftware.exe

MD5: 54def38d41092658064c83783c55a90e C:\Program Files\AIM6\AOLSvcMgr.dll

MD5: 093152f88d6c651e8f1d31b85d6724fe C:\Program Files\AIM6\coolcore57.dll

MD5: de8cc8542e0a82c719a3b6ad77449dfc C:\Program Files\AIM6\image.dll

MD5: 9441886b514b5d7d14886f85f2040e6b c:\program files\aim6\services\imApp\ver6_9_15_1\imAppService.dll

MD5: c4f6b2e61aba9a13819ea2e217e0bfc0 c:\program files\aim6\services\localStorage\ver8_1_1_1\clsSvc.dll

MD5: 79a3c68fc62384faa93c170a45382547 c:\program files\aim6\services\notification\ver7_1_1_1\Notify.dll

MD5: 1337ef044854f38b9dfd085e56ebc3a2 c:\program files\aim6\services\os\ver5_2_1_1\AOLIdleMon.dll

MD5: 483302397a9a1334fb9d44dd16638898 c:\program files\aim6\services\os\ver5_2_1_1\OS.dll

MD5: 27f098e436fb3c2c69a488f18fda0582 c:\program files\aim6\services\osInfo\ver2_1_1_1\AOLIdleMon.dll

MD5: 7f1949ebfb85165952be3239cdeac2b2 c:\program files\aim6\services\osInfo\ver2_1_1_1\OSInfo.dll

MD5: e7e21e5bce1ea6e034298cce69e0226a c:\program files\aim6\services\preferences\ver6_1_1_1\preferences.dll

MD5: bf9d64e0ecd591bc1b38bd335156b66f C:\Program Files\AIM6\xprt5.dll

MD5: 8e7a8caa7d016e1dca57a7d03cd54bb2 C:\Program Files\AIM6\xprt6.dll

MD5: 92be69a36a9504edba2cab34a32b97b3 C:\Program Files\AIM\aim.exe

MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe

MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll

MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe

MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 685d2f3140493185d7298bf50696c4dc C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: 56ff2d47d9f0e776431b40e4f76a4a68 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL

MD5: 7caac9543318a1ee9056859f073a00da C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 6c74d73032bd60694ccf485a6dfcdbd3 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll

MD5: 3808dd8f3b80549c140d22147441b1fb C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll

MD5: 12562870da441564f4cf80ccbea646fe C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll

MD5: f64a630c746dcefb640fe724f911d317 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 87305fef54f6787331812deec2620b70 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 018857ead9a077a56aedfc0e5ef7a24a C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: bc485253d079f28ba398294465d13a21 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: c5e65449110e63b051b36529b5e3eb77 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 8affa5814b135417494e48eb9c0b6c5e C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

MD5: 6ed5c6a25174118036e978b42f0974d1 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

MD5: 26687d8e9feed2ebab77670c72007b48 C:\Program Files\Common Files\System\ado\msado15.dll

MD5: 142cedecae89e372ee347681c3fbb257 C:\Program Files\Common Files\System\msadc\msadce.dll

MD5: 81e9041dac0983aace5c8920af73d64e C:\Program Files\Common Files\System\msadc\msadcer.dll

MD5: 1ed4c96ec76c3ddfcabd7644da23f4b6 C:\Program Files\Common Files\System\Ole DB\msdasql.dll

MD5: 8985fcece06a74017e23ddd093e34d4e C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL

MD5: 73baffa0b02320690cdc606241078ce4 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll

MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: d40f9573c878b81364b79b1e88d2e15e C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\gtn.dll

MD5: 085940dbb5db03b0c60774d193a3b48d C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: ecc3c54b178896d32c776b5cefd72e29 C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll

MD5: 466df5986439ed1b3f3a8b0acc54834c C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll

MD5: 71a8226f1e43e5cb72aeca261b4ff722 C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll

MD5: 701c0912391fe7a38d8be0c71912c92e C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc

MD5: 0f539a1fc4cb5c056009081d78da44a3 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll

MD5: 9b42f33a0ca3fbc7522372fbb14c8f36 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

MD5: 58d4765ab87347db835d5693adf652c1 c:\program files\hp\digital imaging\bin\hpqcxs08.dll

MD5: 9af5ea601c06e5c64f9f006e050b931e C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll

MD5: 99ed733f614660eb32199bf889dfb7e2 c:\program files\hp\digital imaging\bin\hpqddsvc.dll

MD5: fb71b03bfef36cc57109e526562254c7 C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll

MD5: d0716bd0c0822a642d36e82f49f2b5b8 C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll

MD5: a6e02f65be0c48de7101923ae70268bd C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll

MD5: bfb91fe0b2631f23fdc8cfdd4618acec C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc

MD5: feddd3579fee51a9873d856df3933c68 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

MD5: 0a0a339d07ff5e9989eef1e1d476cd29 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll

MD5: 5dd4cf50371fdf03b97f3345bd2c4e5c C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll

MD5: 67fc4efaa2e776b376ca42e74eecf943 C:\Program Files\HP\Digital Imaging\bin\hpqstv08.rsc

MD5: 021cfc69a1874431dc88befc37a2a2fd C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll

MD5: f14219fc767f1383526ab423f278a8e3 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

MD5: 9d9f73ba0493671c59bd173419a28010 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc

MD5: 9507a8e70a620a36cf2cf60740b8f022 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll

MD5: 5b6748dfa56a0be54c45b989378293e1 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll

MD5: 1d0a76276ad7a836f29f447968c61ce6 C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll

MD5: 7af5a466cf4aeca28e3dcbcf5b6fd220 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

MD5: a40456de4ef7e318104955361c72ac9d c:\program files\hp\smart web printing\hpswp_framework.dll

MD5: 1062e80907867bfc14eb844241391331 C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

MD5: 7aa09d937f0b77241d42310facff762e C:\Program Files\Intel\Wireless\Bin\acAuth.dll

MD5: 489a05416a58822995f5c03f235d3786 C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll

MD5: 332f6ef90e6e257a5f84272964c59746 C:\Program Files\Intel\Wireless\Bin\DbEngine.dll

MD5: 0335fd5493864eac41785fa92c3d5e1d C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

MD5: 56ded3ade453272e6a0ad582d945d1a4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

MD5: 271d5498df24d11f01b2cc639ed6a4b1 C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll

MD5: d4830448b45cdd45f4285dc6e152764f C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

MD5: 18697c1fdbe751ae52dd4edb3e9025f9 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll

MD5: f5fcf2b4068dde641d16bf4b2e877c95 C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL

MD5: 2ca3bda4edb557f8426ee46650d2c441 C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll

MD5: 6daf61e973ffcc4f62de2aa8b5c044a2 C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.DLL

MD5: d83c6b696759a652bc746d0158b3d216 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll

MD5: 0ed8f17f620942be311d8c2eb4a688a1 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll

MD5: 1175911e055430e3119f06812e1fa8b8 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll

MD5: 1b2857ef12d79a9f9adba14b0637cbf8 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

MD5: 6c5155cc0e805c7be6028bff7ac14524 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

MD5: bc16f9aed00313e3b10db3ce9e713711 C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll

MD5: f9f696ab4f62d0281ed6380b50c0bdb0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL

MD5: 5a6acff04d39d4c16f1ff52682c3b1b0 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\internet explorer\xpshims.dll

MD5: 45a6f5fb0adc78fa8e64ec8ada0dd6e5 C:\Program Files\InterVideo\Common\Bin\iviaudio.ax

MD5: a480960c23366d8cf223e2fa6a87c10a C:\Program Files\InterVideo\Common\Bin\spdifcp.dll

MD5: 6e27978a4755f4789f912f5f49392f7c C:\Program Files\iPod\bin\iPodService.exe

MD5: 34f8523bfd9e89a31bb3d706439ffd07 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 977175a4ccc51185948def807fdf1974 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: 311f091bea2edf280be3ccc1352d45d3 C:\Program Files\iTunes\iTunesHelper.dll

MD5: e5b82ea4b98828d50c61137bfa8793f1 C:\Program Files\iTunes\iTunesHelper.exe

MD5: 319cdb50d8fe0204779264e35e0743a0 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: a9959df6551ef50b41073e1926c02796 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 2658ce01d183bc62e7c46a1c9969632e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: f628f5162a8304cdf166a643233e6d16 C:\Program Files\Lexmark 2400 Series\customui.dll

MD5: eb702a4a50c6bd10b8e8886e451cf6c8 C:\Program Files\Lexmark 2400 Series\Epfunct.DLL

MD5: fc247b23aab8e2518301456d67fbfaf1 C:\Program Files\Lexmark 2400 Series\EPOEMDll.dll

MD5: 17fe04e5142d12b42eea24f6849f171d C:\Program Files\Lexmark 2400 Series\epstring.dll

MD5: d51034a2780def32eacca241a3d976ad C:\Program Files\Lexmark 2400 Series\Eputil.DLL

MD5: 7001d5121d79bd482781e1cd99a67133 C:\Program Files\Lexmark 2400 Series\Epwizard.DLL

MD5: 33ed8d73d13be0f7212ce149b171b199 C:\Program Files\Lexmark 2400 Series\EPWizRes.dll

MD5: e9e3f46f206051aba1b62d2411b11074 C:\Program Files\Lexmark 2400 Series\ezprint.exe

MD5: 8f6f289e5c9ed15156fa74a58eba55a4 C:\Program Files\Lexmark 2400 Series\Imagutil.DLL

MD5: b3bc9f31327e880405e8b711cdb8e213 C:\Program Files\Lexmark 2400 Series\iptk.dll

MD5: 71036317066b096e54c7e35d752ed257 C:\Program Files\Lexmark 2400 Series\LTDIS13N.dll

MD5: 01f364a36f228ee8387e073a2f2f9ebe C:\Program Files\Lexmark 2400 Series\LTEFX13N.dll

MD5: 69945a86c2eb4793c77fd6a4e22f99a5 C:\Program Files\Lexmark 2400 Series\ltfil13n.DLL

MD5: 58f24fc7b0b8acc470b18be400ee8e40 C:\Program Files\Lexmark 2400 Series\LTIMG13N.dll

MD5: 4f38da02009d830ca4770b28390c5f0b C:\Program Files\Lexmark 2400 Series\LTKRN13N.dll

MD5: ecb8f2840cc6f7087a72a8444a15b3ed C:\Program Files\Lexmark 2400 Series\LTWVC13n.dll

MD5: 6bf3ec5a808d7ec22f831eef025cc8d7 C:\Program Files\Lexmark 2400 Series\lxcrcfg.dll

MD5: 1ba0de5901213e5f47af75b8d8e79795 C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll

MD5: f0e15f5eb34f92bba06f851c473475c4 C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

MD5: e97b10dd0f222224b739ad5d5b2e479b C:\Program Files\Lexmark 2400 Series\lxcrmonr.dll

MD5: 88e02a69b6913a93be8eb56bd6a8b968 C:\Program Files\Lexmark 2400 Series\lxcrscw.dll

MD5: 45c007a925ef53a7f564b0584fbeffef C:\Program Files\Lexmark 2400 Series\lxcrtsfw.dll

MD5: c10d6a7784e12bf0be4799f675f614c2 C:\Program Files\Lexmark 2400 Series\PdfLib.dll

MD5: fdb5e5f9a11bc40816cab7c3ed184bbe C:\Program Files\Lexmark Fax Solutions\fm3032.exe

MD5: d0085928913edb25fa306523a14f9a16 C:\Program Files\Lexmark Fax Solutions\FxCtrStr.dll

MD5: 547817bb4455fb4fb293369728b500f4 C:\Program Files\Lexmark Fax Solutions\ipcmt.dll

MD5: 6a603d150235fd65bd8cf7b98e6505fa C:\Program Files\Lexmark Toolbar\resource.dll

MD5: cfb3bbac39e863f5f4fd98fe6b1117fb C:\Program Files\Lexmark Toolbar\toolband.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: c84dc806162e4864d2ef3dd65df45de7 C:\Program Files\Metamail Inc\Metamail Reader\CoreSrvs.dll

MD5: 330c6572b5b73e1ed3aff0d040b7a93d C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe

MD5: d75fd88aa5d9bdbc88f75ef7057dddb3 C:\Program Files\Metamail Inc\Metamail Reader\UTCResEn.dll

MD5: 3551ddaf23e46e74ed4514b294cf5434 C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe

MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

MD5: 7ec7681ac1584b6553349e979e19e415 C:\Program Files\Protector Suite QL\bio.dll

MD5: 65d08407d5bd86f32dec3b68269932dd C:\Program Files\Protector Suite QL\crypto.dll

MD5: 933268a9ec599f2577db3fb15a617ea9 C:\Program Files\Protector Suite QL\FDHome.dll

MD5: e2376ca1d243b09f3524e7292acba5d9 C:\Program Files\Protector Suite QL\homefus2.dll

MD5: 2f830eaff5c207701aa68b6ea2b08920 C:\Program Files\Protector Suite QL\homepass.dll

MD5: 8b3ac9147bf08b3d5d6be98b8e2a77d5 C:\Program Files\Protector Suite QL\infcore.dll

MD5: 6097c1f5439ebd56cf66b34478417e92 C:\Program Files\Protector Suite QL\infra.dll

MD5: c443f48f2c16fb89f68891b342e9f20f C:\Program Files\Protector Suite QL\launcher.exe

MD5: 951c2d88ae9d5dd4993754d98093a3df C:\Program Files\Protector Suite QL\mysafe.dll

MD5: f45c3511e2afcefdc0a2cfa0cbb616c2 C:\Program Files\Protector Suite QL\psqltray.dll

MD5: 3bf9d370fd348a104d0a1b093bce0210 C:\Program Files\Protector Suite QL\psqltray.exe

MD5: 8b7e63897319ab13e851fc87e21f5fe4 C:\Program Files\Protector Suite QL\pwdbank.dll

MD5: 31f2ebbe50afbf5464bdce8cf34e2c97 C:\Program Files\Protector Suite QL\remote.dll

MD5: aef89571c4e567575db8bdf120765b6c C:\Program Files\Protector Suite QL\smihlp.sys

MD5: 2bfd5e2f71f92dc92c3b2039b3458e83 C:\Program Files\Protector Suite QL\toshskin.dll

MD5: dad63e066dbb2919515d5872c85040ae C:\Program Files\Protector Suite QL\tpmkey.dll

MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe

MD5: 91f74f80213b084d592284913ce13e8b C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

MD5: c1ed37a2474eada277915dac9a21f082 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: c718f8fd6ec71ea75f02b340826e0083 C:\Program Files\Synaptics\SynTP\Toshiba.exe

MD5: 7ae60136c1c8bfd4349c2738280e3ebb C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

MD5: c75ef15f9ba41afed00988254ff2b7f8 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

MD5: bf37fbaa17202384f2bc224b9f37790a C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll

MD5: fb7fbd15e0329b3e24e7564559ad9200 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

MD5: 63d818bb652fe91cabb08efc9c6d187f C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll

MD5: bc46bb6caa84ce174d5274c310442b5a C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll

MD5: 3cb0cc8879956c187e87e18634ee5164 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

MD5: 05e97e1b4a2793b3451daa903a031877 C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll

MD5: 3b6c054ab0cb4ea03b184dc39e0ec28c C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll

MD5: 0d1ecddc36918c05fd964dab0c09844a C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys

MD5: d8cf04e65081018cf3379b0fc02ffcbb C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

MD5: 125629d08336e99e76ec63464393aa7c C:\Program Files\Toshiba\TOSHIBA RAID\Console\KRaidMan.exe

MD5: 5edbb26d4a569e6cea7842b432fcef7c C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidapi.dll

MD5: 6c5eb5471da01084d30ca8792fe842a9 C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe

MD5: 1fe0ec331654955b92adb63e005ad42d C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krsvctrp.dll

MD5: 021e0887ae43636f583e649afeb3c767 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

MD5: c211e45a28a2ad9dd57d856041ef717c C:\Program Files\Toshiba\Touch and Launch\PadExe.exe

MD5: 952511bffa889e2a67087f72cc6c0f56 C:\Program Files\TOSHIBA\Touch and Launch\PadHook.dll

MD5: 4fb316a0f2b0d2b6f6636cd1b3d9af0c C:\Program Files\Toshiba\TouchED\TouchED.exe

MD5: f62c7789851458e4ccf90f4bb82ae8c9 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe

MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe

MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

MD5: 1ff94b386646925d2b153c8a083115c7 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

MD5: 9db5f5e7dfbaa7cd9ae818ee2720e393 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll

MD5: 0335fd5493864eac41785fa92c3d5e1d C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

MD5: 330c6572b5b73e1ed3aff0d040b7a93d C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE

MD5: fa8d59cd0b55a489a3cf237acf6f3d46 c:\toshiba\ivp\ism\pinger.exe

MD5: 486a64aabd88e4e174681e89e9736bc9 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 6b9b7b8a58ece647d6077125dfc7421e C:\WINDOWS\CdaC13BA.EXE

MD5: cc288eebd43664fd9f7b0c4fe09d5228 C:\WINDOWS\CdaC14BA.DLL

MD5: 006c83751b9f17934b58085d0b7bda2c C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll

MD5: 5a39f109cb87893fd683f49699bce2b4 C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx

MD5: da18fd0966274164f4ac1797282ba479 C:\WINDOWS\Downloaded Program Files\ImageUploader4.1.ocx

MD5: 1af873d82d3d6e4ea80026c82ab8e5c6 C:\WINDOWS\Downloaded Program Files\Photochannel.dll

MD5: 03f57e8a00774d831926dac89b21bb2d C:\WINDOWS\Downloaded Program Files\PURen-us.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe

MD5: a67dbf71f037e5b3091acfb50bfb7ed9 C:\WINDOWS\eHome\ehGLID.dll

MD5: 03a905fba1d62317087db5c21c0f8f62 C:\WINDOWS\ehome\ehmsas.exe

MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll

MD5: 8301243bde5b6cd316d79c0191d50d9a C:\WINDOWS\ehome\ehrecvr.exe

MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe

MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll

MD5: 7a21e06385e748e9cb0252f1bbc493f1 C:\WINDOWS\ehome\ehtray.exe

MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe

MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: ccb1a96002f0888da70964781c742a82 C:\WINDOWS\system32\000StTHK.exe

MD5: bbfaf8c374cb565b491776a5b37715ff C:\WINDOWS\system32\00THotkey.exe

MD5: 8079c366f987682e705d81fad42b6e65 C:\WINDOWS\system32\biologon.dll

MD5: 0ac15195a92bf3d4d70afae6a881b7ea C:\WINDOWS\system32\BlackBox.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: ae0be8792abd830a54642ce8e577e0dd C:\WINDOWS\system32\cpnotify.ax

MD5: b3965b4eea6df488b09438eccb0e33d6 C:\WINDOWS\system32\CpuPerf.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 553fd85d9533b226aa58180740ab8c26 C:\WINDOWS\system32\cxtvrate.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: ee4325becef51b8c32b4329097e4f301 C:\WINDOWS\System32\DLA\DLABOIOM.SYS

MD5: aa193bbd6472e43de2c4e13e91b98c9f C:\WINDOWS\System32\DLA\DLACResW.dll

MD5: e3a9c76ad9192c82f80326ecdda21c34 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

MD5: 1e6c6597833a04c2157be7b39ea92ce1 C:\WINDOWS\System32\DLA\DLADResN.SYS

MD5: 752376e109a090970bfa9722f0f40b03 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

MD5: 62ee7902e74b90bf1ccc4643fc6c07a7 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS

MD5: 5c220124c5afeaee84a9bb89d685c17b C:\WINDOWS\System32\DLA\DLAPoolM.SYS

MD5: 94d61fa6df58a22f139121b945d22083 c:\windows\system32\dla\dlashx_w.dll

MD5: 333b770e52d2cea7bd86391120466e43 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS

MD5: 4ebb78d9bbf072119363b35b9b3e518f C:\WINDOWS\System32\DLA\DLAUDFAM.SYS

MD5: 4c45075e9c876b290449172b6fa3e0cd C:\WINDOWS\system32\DLAAPI_W.DLL

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 12dafd934641dcf61e446313bc261ec2 C:\WINDOWS\system32\DRIVERS\AegisP.sys

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: b3192376c7a3814b5341efc2202022f8 C:\WINDOWS\system32\DRIVERS\AGRSM.sys

MD5: 3de014dfc14e8530f3a85572e2763446 C:\WINDOWS\system32\drivers\CDAC11BA.EXE

MD5: 82c4c6a2343b592c4fd590f625a724a9 C:\WINDOWS\system32\drivers\CDAC15BA.SYS

MD5: d979bebcf7edcc9c9ee1857d1a68c67b C:\WINDOWS\System32\Drivers\DLACDBHM.SYS

MD5: 7ee0852ae8907689df25049dcd2342e8 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS

MD5: fd0f95981fef9073659d8ec58e40aa3c C:\WINDOWS\System32\Drivers\DRVMCDB.SYS

MD5: b4869d320428cdc5ec4d7f5e808e99b5 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS

MD5: 2646883e6dd867cd872d5b51b6036710 C:\WINDOWS\system32\DRIVERS\e100b325.sys

MD5: 8942419786970adb32b05bb7950aee72 C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: bb1a6fb7d35a91e599973fa74a619056 C:\WINDOWS\system32\DRIVERS\hidir.sys

MD5: b43b36b382aea10861f7c7a37f9d4ae2 C:\WINDOWS\system32\DRIVERS\IrBus.sys

MD5: f59c3569a2f2c464bb78cb1bdcdca55e C:\WINDOWS\system32\drivers\iviaspi.sys

MD5: a1963360e74931222a67356c8ad48378 C:\WINDOWS\system32\drivers\KR10N.sys

MD5: eba03724cd19fb8de735a9752887aedc C:\WINDOWS\system32\drivers\KR10N2K.sys

MD5: 7efac183a25b30fb5d64cc9d484b1eb6 C:\WINDOWS\System32\Drivers\meiudf.sys

MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 1265eb253ed4ebe4acb3bd5f548ff796 C:\WINDOWS\system32\DRIVERS\netdevio.sys

MD5: 874a0ee8abd39d054cd9272e076d065e C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

MD5: 6c1618a07b49e3873582b6449e744088 C:\WINDOWS\system32\drivers\pfc.sys

MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys

MD5: 1cc074e0d48383d4e9bffc6a26c2a58a C:\WINDOWS\system32\DRIVERS\s24trans.sys

MD5: 0fa803c64df0914b41f807ea276bf2a6 C:\WINDOWS\system32\DRIVERS\sffdisk.sys

MD5: c17c331e435ed8737525c86a7557b3ac C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 43f6a0513268c56a1f0adb491f27417b C:\WINDOWS\system32\drivers\sthda.sys

MD5: 127214c3fc1167c81d20e42ffde5ec6d C:\WINDOWS\system32\DRIVERS\SynTP.sys

MD5: 7147b0575bcc93a6ab7d5c90f47c0b9f C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

MD5: fc6fe02f400308606a911640e72326b5 C:\WINDOWS\System32\Drivers\tcusb.sys

MD5: 140a81813099b1179fdb060d8a4be8f5 C:\WINDOWS\system32\DRIVERS\thdudf.sys

MD5: 0edc3cf7b38f4260eb006c38e4a44de4 C:\WINDOWS\system32\drivers\tifm21.sys

MD5: e362d54fd394999c4178936396664e57 C:\WINDOWS\system32\drivers\Toshidpt.sys

MD5: d626e0af9232d8799d3a449530f3c220 C:\WINDOWS\system32\DRIVERS\tosporte.sys

MD5: 294675c8e4316302efe14b1a1219d942 C:\WINDOWS\System32\Drivers\tosrfbd.sys

MD5: 613e09572f4c5b92ca6be8bdc4cc5b7d C:\WINDOWS\System32\Drivers\tosrfbnp.sys

MD5: 5ba1ca3b3cddb1ddc67df473f05d1ec2 C:\WINDOWS\System32\Drivers\tosrfcom.sys

MD5: cc069342ee0eae55b32a0ae99cf6185c C:\WINDOWS\system32\DRIVERS\tosrfec.sys

MD5: 31b0145c289d2b3e3e9948345caa7b6f C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

MD5: c52fd27b9adf3a1f22cb90e6bcf9b0cb C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

MD5: 0d86d15caff2b3203c785d604ec7c942 C:\WINDOWS\system32\drivers\TosRfSnd.sys

MD5: 7414a6461bc83a22b0ae009ace3e375b C:\WINDOWS\System32\Drivers\tosrfusb.sys

MD5: 14bcc2ae53ba45ff23bbe352eaf28478 C:\WINDOWS\system32\drivers\ttv300x.sys

MD5: 99606af3c5479e2ede6388d4cb3b6ba0 C:\WINDOWS\system32\DRIVERS\TVALZ.SYS

MD5: 5c2bdc152bbab34f36473deaf7713f22 C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: b1f126e7e28877106d60e6ff3998d033 C:\WINDOWS\system32\DRIVERS\w39n51.sys

MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\system32\DRIVERS\wanatw4.sys

MD5: 0b4cbf6b10da70920605adc03c3e987a C:\WINDOWS\system32\drmv2clt.dll

MD5: c9ffbd6b8edc46cd3d13e3c6db914fb7 C:\WINDOWS\system32\DVDRAMSV.exe

MD5: 09515d23c06928f749546e57c2400b0e C:\WINDOWS\system32\encapi.dll

MD5: f556e3bf573bcd4d2ceb3f027b7e0a9b C:\WINDOWS\system32\encdec.dll

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: 3183bfa7bdf50662f9094bc720eb7af9 C:\WINDOWS\system32\hpzll5ha.dll

MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\IEFRAME.dll

MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll

MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll

MD5: 9f22e3ce1639917eb07dcc730cd0d410 C:\WINDOWS\system32\IM31IMG.DIL

MD5: 86c5aac31ea7909121327701045f74bd C:\WINDOWS\system32\IMGMAN32.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.ax

MD5: 264c642770cb6269a67ac8e0ed74419f C:\WINDOWS\system32\kstvtune.ax

MD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.ax

MD5: d5c3d43d0616ff699db771928ac0e2cd C:\WINDOWS\system32\ksxbar.ax

MD5: eddb832ef942cbf91c44172736fb1723 C:\WINDOWS\system32\LCWizard.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 5711668b54004f431360286660a5cd4b C:\WINDOWS\system32\lxcrcoms.exe

MD5: 3ceb2566eb4762c1091e4b1a2895770b C:\WINDOWS\system32\lxcriesc.dll

MD5: e8e7ca9566e225a23c86257a273d3ce2 C:\WINDOWS\system32\lxcrinpa.dll

MD5: 2f0287a66a6f7ef43e997c924bde5633 C:\WINDOWS\system32\lxcrlmpm.DLL

MD5: ef83535358ece2f59d4e283126944dc0 C:\WINDOWS\system32\lxcrprox.dll

MD5: bbce9eb7fee0a0f375d7957d9a1e3bca C:\WINDOWS\system32\lxcrserv.dll

MD5: b578772a085552d48c20fb6780855b89 C:\WINDOWS\system32\lxcrusb1.dll

MD5: 9754eab39a192fb431405a0d474e9ff1 C:\WINDOWS\system32\LXPMONRC.DLL

MD5: ff93f3730eef696a7f87b09dcf0e7c27 C:\WINDOWS\system32\LXPRMON.DLL

MD5: 9c54f2cc2301599d698399d7e49c7321 C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx

MD5: d64de465ffd4a59c4b2c07a75d1a0696 C:\WINDOWS\system32\MCCoreUtil.dll

MD5: 224c9226ecd03a563f819dad14475d70 C:\WINDOWS\system32\MCSysUtil.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: a58442135dc315a666e6246ac3984ffe C:\WINDOWS\system32\MFPlat.DLL

MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll

MD5: 84bba0be8b158949affb18047386c461 C:\WINDOWS\system32\mpg2splt.ax

MD5: 3aed76082731f7da2e6e0f58e525f186 C:\WINDOWS\system32\msadds32.ax

MD5: 14da23d2b9310c694aba9dcae14dc059 C:\WINDOWS\system32\msfeeds.dll

MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\msftedit.dll

MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll

MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL

MD5: b9715b9c18bc6c8f4b66733d208cc9f7 C:\WINDOWS\system32\MsPMSNSv.dll

MD5: 91dcd979ffed13ab6f6e6b085a43525e C:\WINDOWS\system32\msvidctl.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll

MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 5199604af059a46aaf30ddfedf20b5aa C:\WINDOWS\system32\NvCpl.dll

MD5: 5a0566f007270db1ce6511838cd44d82 C:\WINDOWS\system32\nvsvc32.exe

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 2c288aa87e4723ac9ff4d76a192ec3f8 C:\WINDOWS\system32\odbccp32.dll

MD5: 5ce275cdc5ffb77b1ec29dbdfe4b6689 C:\WINDOWS\system32\odbcji32.dll

MD5: 1b05dcc75fbb903a17e3e0ddaea8d508 C:\WINDOWS\system32\odbcjt32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 8c337670740f7aee1334aab7b49f442b C:\WINDOWS\system32\psqlpwd.dll

MD5: 54dbedf491ef5d6592c9e21677ac57ef C:\WINDOWS\system32\qasf.dll

MD5: c7c84df7233f4834cd190f3dccaf50ca C:\WINDOWS\system32\rdpwsx.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 926afc4848ff3297bb264333bf51e21f C:\WINDOWS\system32\sbe.dll

MD5: ff3bf3dcbb9603ecfe22dea8d6a02d78 C:\WINDOWS\system32\sbeio.dll

MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll

MD5: 7ba27a296ee84861bfe97b96874ccaa6 C:\WINDOWS\system32\scrnsave.scr

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: d0e39177c896d2f8191a9c96636276df C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5ha.dll

MD5: 031277806fe2253f5ef1fa4011044e9f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxcrpp5c.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: e4825c4a2cffd797799b5c600f0ff664 C:\WINDOWS\system32\stacapi.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: ebf6e775ed1255d67fc1fcf8354ed862 C:\WINDOWS\system32\SynCOM.dll

MD5: fce3d11b56f4fa3ab6948167688d9392 C:\WINDOWS\system32\SynTPAPI.dll

MD5: 4872275a99bd55a92c43bae8c51fb3c8 C:\WINDOWS\system32\tbtmon.dll

MD5: a27378d30d5208f1f0b6706b9fed22c2 C:\WINDOWS\system32\tbtmon98Language.dll

MD5: 3ab6d6bed5083ca57817f89ef6eaa338 C:\WINDOWS\system32\TFNF5.exe

MD5: 2bab54632eaf98ed75d55e19c46955e4 C:\WINDOWS\system32\THCI.DLL

MD5: 8be770b9a06af02fa6544b183febd53f C:\WINDOWS\system32\TosAcpiAPI.dll

MD5: 28fb92e74e95314a07bac822ba9e691a C:\WINDOWS\system32\TosAvAPI.dll

MD5: 0f7bbcfbf9c313a27313f087b21e985b C:\WINDOWS\system32\TosAvdtAPI.dll

MD5: f0ab1904969b2f88e8061c4df43fa43c C:\WINDOWS\system32\TosBdAPI.dll

MD5: 3a7daab953164e0dfc07eaaf01499d79 C:\WINDOWS\system32\TosBtAPI.dll

MD5: 6860098ebdf05da68f71f5a9c0af0099 C:\WINDOWS\system32\TosBtECCAPI.dll

MD5: 353de1defd41b1e4a1b668320135200b C:\WINDOWS\system32\TosBtHcrpAPI.dll

MD5: 9dd7059d023ac3f4913b773b98e64c38 C:\WINDOWS\system32\TosBtSDDB.dll

MD5: c427d04a9741b9e479e084aa1855f9f6 C:\WINDOWS\system32\TosCommAPI.dll

MD5: 2c455a14209370b065140eb2a319adb5 C:\WINDOWS\system32\TosGnsAPI.dll

MD5: a31d75246ba79a89141316f31eb17b23 C:\WINDOWS\system32\TosHidAPI.dll

MD5: 9e165d07bf6c08cceee41cbc2d22427d C:\WINDOWS\system32\TosLaneAPI.dll

MD5: 8a0b72c2d5a36acd3da19d367a5d4165 C:\WINDOWS\system32\TosSndAPI.dll

MD5: 9adc13d7161e18d96423e1d790b59496 C:\WINDOWS\system32\TosSndPlug.dll

MD5: 9d31cf4b885d001fb0f79b8f3cf6b984 C:\WINDOWS\system32\TPeculiarity.dll

MD5: 15b4ed4c80074fb1f2144bc211cae627 C:\WINDOWS\system32\TPSBattM.exe

MD5: 97b5a29d248b7d2b58692f12bc9c1561 C:\WINDOWS\system32\TPSMain.exe

MD5: 716be88a8f9ece4d5d576704ba7b6018 C:\WINDOWS\system32\TPSMainCtl.dll

MD5: 2caa15c015ae5be5444ce4cbcf1656f1 C:\WINDOWS\system32\TPSODDCtl.exe

MD5: 8f8e04dff6b0f1975bef8232eaf9b641 C:\WINDOWS\system32\TPSTrace.DLL

MD5: 94607e30b7cc6d9febb0307e7b565cd9 C:\WINDOWS\system32\TPwrCfg.DLL

MD5: 45ddaf4503137d97a796ed251533ac8e C:\WINDOWS\system32\TPwrReg.dll

MD5: 2611f58aec4bb39387162f749fe8a558 C:\WINDOWS\system32\TSCI.DLL

MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll

MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 708acd96e3ff9d2517c90fba27489a4e C:\WINDOWS\system32\VBICodec.ax

MD5: 94ba90c6af5c50ff5f7a6392514c4642 C:\WINDOWS\system32\vidcap.ax

MD5: 9651e5d850b6f6bd7c77c70aa06f02bf C:\WINDOWS\system32\wdfmgr.exe

MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 36c0824ae6300d5ce4515f31b3c3251c C:\WINDOWS\system32\wmadmod.dll

MD5: 30aba6fa7ccdded96cf3e376affe2dc0 C:\WINDOWS\system32\wmadmoe.dll

MD5: fc695db7fc72ffe0b628227434fa53c2 C:\WINDOWS\system32\WMASF.DLL

MD5: ac457413b1a5de698a8d8e001ed088f8 C:\WINDOWS\system32\WMDRMSDK.DLL

MD5: e979ad4f1f40cebbac452f028a5e6480 C:\WINDOWS\system32\wmspdmoe.dll

MD5: 43f2ad8a93288559b4f72b1a0f6a7f28 C:\WINDOWS\system32\WMVADVE.DLL

MD5: 1eed0db049ae78039e0a4a62a5bdd6ec C:\WINDOWS\system32\WMVCore.DLL

MD5: 029431271a5b0ae0df8e8aec537829d3 C:\WINDOWS\system32\wmvdmoe2.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: abf16589c099457d530588767d5d9f57 C:\WINDOWS\system32\WSTPager.ax

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: f44310ef560c075f03b25d64490cd5a3 C:\WINDOWS\system32\XML30Lib.dll

MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 1b3b381e1aab46f7b321a46150d890cb C:\WINDOWS\system32\xpsp3res.dll

MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.02 MB sent, 1.63 KB recvd

Scanned 847 files and modules - 49 seconds

==============================================================================

Link to post
Share on other sites

Your logs appear to be clean! :)

Since all of your programs appear to be up-to-date, I will just jump to some recommendations for security software ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall McAfee AntiVirus if you haven't already.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.