Jump to content

fionamac

Members
  • Posts

    20
  • Joined

  • Last visited

Everything posted by fionamac

  1. All done! Everything seems okay. Volume adjustor is back/working. Thank you again.
  2. Also I have discovered something that has gone wrong since the fixes/scans - the volume adjustor on my laptop no longer works. (It's a sort of wheel that I spin one direction or the other to make the volume go up and down. This has stopped responding to me - before it would pop up a volume control on the screen whenever I would spin it, showing the volume going up or down. Now there is nothing... I can still adjust volume via the speaker icon at the bottom right of the screen, but it would be nice to be able to do this manually, as I used to do. Is there any way to get this function back? Thank you.
  3. D-FRED-BROWN, thanks so much for your assistance. I'm glad my computer is clean. I have uninstalled ComboFix. I had to disable my anti-virus partway through when prompted, but it confirmed the uninstall was successful. Just a few final questions: 1) Defogger. As mentioned in my first post in this thread, I'm not sure it disabled anything correctly. Should I be running this again now and trying to "enable"? And do I just delete that program file from my desktop to remove it? 2) I have DDS, GMER, TDSSKiller, and Security Check program files on my desktop from doing the scans. Do I just highlight these and press delete, or is there some other way I should be removing them? Thank you!!
  4. It started to go okay, but now I don't think I've updated it correctly. Flash uninstalled fine. I went into IE to reinstall it, and that installed no problem. But you said that Flash plugins have to be installed separately for IE and Firefox, so I thought I needed to also go into Firefox and install it there from the same link. I don't know if this was correct or not. I went into Firefox to install there, and it gave me the option of saving the file or closing the dialog box. I chose save, and it put the file on my desktop. I closed Firefox and double clicked that, it installed. Does this mean I have installed it twice, or was I supposed to do it that way?
  5. Computer seems to be running okay. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=19d19e46519b014cb5bf9030486ca3fd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-01 12:07:53 # local_time=2011-07-01 01:07:53 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 1866 21520560 0 0 # compatibility_mode=8192 67108863 100 0 86 86 0 0 # scanned=81810 # found=0 # cleaned=0 # scan_time=2775 BitDefender didn't give me a log file, but at the end it said my computer is not infected. Seems like everything is clean?
  6. Here we go. ComboFix 11-06-30.03 - Carey 30/06/2011 23:33:26.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1913.1269 [GMT 1:00] Running from: c:\documents and settings\Carey\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Carey\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\1E.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . ----- BITS: Possible infected sites ----- . hxxp://sync.mobilebroadband.o2.co.uk:8080 . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))))) . . 2011-06-30 20:15 . 2011-06-30 20:15 -------- d-----w- c:\documents and settings\Carey\Application Data\QuickScan 2011-06-30 18:43 . 2011-06-30 18:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCEC82E9-F4D8-400F-B2EA-D533923B0B3C}\MpKsl96c208b0.sys 2011-06-30 18:43 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCEC82E9-F4D8-400F-B2EA-D533923B0B3C}\mpengine.dll 2011-06-28 21:51 . 2011-06-28 21:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-28 21:51 . 2011-06-28 21:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-18 20:36 . 2011-06-18 20:36 -------- d-----w- c:\program files\Common Files\Java 2011-06-16 19:54 . 2011-06-16 19:54 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 19:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-11 13:28 . 2011-06-11 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2011-06-11 13:27 . 2011-06-11 13:27 -------- d-----w- c:\program files\O2 Assistant 2011-06-11 13:26 . 2011-06-11 13:26 -------- d-----w- c:\program files\O2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 07:08 . 2011-05-19 07:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 15:55 . 2010-10-11 16:26 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-29 08:11 . 2010-02-20 23:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 08:11 . 2010-02-20 23:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 03:52 . 2010-10-03 12:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 01:25 . 2010-10-03 12:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2008-05-30 23:06 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2008-05-30 22:58 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2008-05-30 22:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2008-05-30 22:58 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2008-05-30 22:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2008-05-30 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2008-05-30 22:58 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2008-05-30 22:58 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2010-07-04 19:22 . 2010-07-04 19:22 3396176 ----a-w- c:\program files\ccsetup233.exe 2010-07-03 21:37 . 2010-07-03 21:37 10239072 ----a-w- c:\program files\rminstall.exe 2010-03-06 10:14 . 2010-03-06 10:14 13143816 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-02-21 13:49 . 2010-02-21 13:49 1339288 ----a-w- c:\program files\sar_15_sfx.exe 2010-02-13 20:13 . 2010-02-13 20:13 6521516 ----a-w- c:\program files\realalt201.exe 2010-02-13 20:07 . 2010-02-13 20:07 6147544 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE 2009-04-07 20:11 . 2009-04-07 20:10 939956 ----a-w- c:\program files\7z465.exe 2009-04-05 22:06 . 2009-04-05 22:06 13440584 ----a-w- c:\program files\Install_AIM.exe 2009-03-09 13:25 . 2009-03-10 12:30 7751011 ----a-w- c:\program files\XP-Codec-Pack-2.4.6.exe 2009-03-09 13:23 . 2009-03-10 12:31 14929905 ----a-w- c:\program files\klcodec470f.exe 2009-03-09 12:28 . 2009-03-09 12:28 23516968 ----a-w- c:\program files\SkypeSetupFull.exe 2009-03-09 12:18 . 2009-03-09 12:18 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe 2011-06-28 21:51 . 2011-05-08 21:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-30_18.35.15 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-30 22:43 . 2011-06-30 22:43 16384 c:\windows\temp\Perflib_Perfdata_108.dat + 2008-05-30 22:58 . 2011-06-30 22:47 71910 c:\windows\system32\perfc009.dat - 2008-05-30 22:58 . 2011-06-30 18:38 71910 c:\windows\system32\perfc009.dat + 2008-05-30 22:58 . 2011-06-30 22:47 442140 c:\windows\system32\perfh009.dat - 2008-05-30 22:58 . 2011-06-30 18:38 442140 c:\windows\system32\perfh009.dat + 2011-05-27 15:22 . 2011-05-27 15:22 1220672 c:\windows\Downloaded Program Files\qsax.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-29 155648] "TFncKy"="TFncKy.exe" [bU] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2008-04-17 90112] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TPSODDCtl"="TPSODDCtl.exe" [2007-11-01 126976] "TPSMain"="TPSMain.exe" [2007-10-16 315392] "TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-06-21 451944] "RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672] "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-07-05 258048] "000StTHK"="000StTHK.exe" [2001-06-23 24576] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-10-05 172032] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "TFNF5"="TFNF5.exe" [2006-04-11 622592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ clr.lnk - c:\windows\system32\clr.BAT [2009-3-6 311] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Microsoft Forefront UAG\\Endpoint Components\\3.1.0\\WhlClnt3.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/01/2008 07:58 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 19:14 6528] R1 MpKsl96c208b0;MpKsl96c208b0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCEC82E9-F4D8-400F-B2EA-D533923B0B3C}\MpKsl96c208b0.sys [30/06/2011 19:43 28752] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2009 12:43 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [06/03/2009 19:30 5888] R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [23/04/2010 15:04 206120] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 20:22 105856] R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [23/04/2010 15:04 185640] R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [06/03/2009 19:30 126976] R2 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [24/06/2008 04:01 628072] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 20:15 134016] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [01/05/2008 06:09 4992] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [15/02/2010 20:46 149904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [05/04/2009 23:08 24652] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [06/03/2009 19:26 244368] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2008 00:48 41216] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [31/05/2008 00:21 435072] R3 whlva;SSL Network Tunneling;c:\windows\system32\drivers\whlva.sys [15/02/2010 20:46 21384] S1 MpKsl019691c4;MpKsl019691c4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F443C89-0110-487B-BAA8-14CCC4A76862}\MpKsl019691c4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F443C89-0110-487B-BAA8-14CCC4A76862}\MpKsl019691c4.sys [?] S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [30/05/2008 17:04 46108] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1E.tmp --> c:\windows\system32\1E.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408] S3 whliocsv;Microsoft Forefront UAG SSL Network Tunneling Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\whliocsv.exe [15/02/2010 20:46 156048] . Contents of the 'Scheduled Tasks' folder . 2009-03-06 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2008-05-30 12:00] . 2009-03-06 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2008-05-30 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: c:\progra~1\MIC3C8~1\ENDPOI~1\31265D~1.0\WhlLSP.dll TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Carey\Application Data\Mozilla\Firefox\Profiles\89gmhn05.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-30 23:44 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\1E.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1200) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1072) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\TOSHIBA\TME3\TMEEJMD.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\ThpSrv.exe c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\windows\system32\TPSMain.exe c:\program files\TOSHIBA\TME3\TMEEJME.EXE c:\windows\system32\thpsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\TFNF5.exe c:\program files\Apoint2K\Apntex.exe c:\windows\system32\igfxext.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe . ************************************************************************** . Completion time: 2011-06-30 23:49:46 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-30 22:49 ComboFix2.txt 2011-06-30 18:40 . Pre-Run: 170,754,740,224 bytes free Post-Run: 171,047,596,032 bytes free . - - End Of File - - F4C371DCA23BF4946FB8D43CD1A6DCC6
  7. I have sent the 2 files to Zip folders and attached them here. The zip folders are located in the system32 folder now - should I delete or remove them from there before proceeding with the ComboFix? Are the zipped folders safe to leave in C:\WINDOWS\system32 folder? Thanks. clr.zip IEHOME.zip
  8. Thanks, D-FRED-BROWN. "Shareaza" was uninstalled from this computer about 2 years ago. You must be seeing traces of it left on my computer - I would be happy to remove these traces if you could tell me how this is done? The program does not appear in the Add/Remove Programs list, as it was uninstalled. I thought it was completely removed, but apparently not? Here are the logs requested: The contents of c:\windows\system32\clr.BAT are: @echo off regedit /s "C:\WINDOWS\system32\clr.reg" regedit /s "C:\WINDOWS\system32\IEHOME.reg" move "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\clr.lnk" "C:\Documents and Settings\Default User\Start Menu\Programs\Startup" del "%USERPROFILE%\Start Menu\Programs\Startup\clr.lnk" /f ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=19d19e46519b014cb5bf9030486ca3fd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-30 08:11:58 # local_time=2011-06-30 09:11:58 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 2572 21506446 0 0 # compatibility_mode=8192 67108863 100 0 87 87 0 0 # scanned=80779 # found=0 # cleaned=0 # scan_time=2733 QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Thu Jun 30 21:15:34 2011 Machine ID: B8D291A9 No infection found. ------------------- Processes --------- Agere Soft Modem Call Progress Service 1764 C:\WINDOWS\system32\agrsmsvc.exe Alps Pointing-device Driver 3420 C:\Program Files\Apoint2K\Apoint.exe Alps Pointing-device Driver for Windows 680 C:\Program Files\Apoint2K\ApntEx.exe Canon Camera Access Library 8 2832 C:\Program Files\Canon\CAL\CALMAIN.exe CD/DVD Drive Acoustic Silencer 2872 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe CEC_MAIN.exe 976 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe Chicony traybar 3328 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe ConfigFree 1920 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe Intel® Common User Interface 3572 C:\WINDOWS\system32\hkcmd.exe Intel® Common User Interface 1136 C:\WINDOWS\system32\igfxext.exe Intel® Common User Interface 3968 C:\WINDOWS\system32\igfxpers.exe Intel® Common User Interface 4012 C:\WINDOWS\system32\igfxsrvc.exe Intel® Common User Interface 3688 C:\WINDOWS\system32\igfxtray.exe Java Platform SE 6 U26 2036 C:\Program Files\Java\jre6\bin\jqs.exe Java Platform SE Auto Updater 2 0 2588 C:\Program Files\Common Files\Java\Java Update\jusched.exe LtMoh Application 800 C:\Program Files\ltmoh\ltmoh.exe Microsoft Forefront Unified Access Gate 2536 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe Microsoft Malware Protection 1560 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe Microsoft Security Client 660 C:\Program Files\Microsoft Security Client\msseces.exe Microsoft® Windows® Operating System 420 C:\WINDOWS\system32\spoolsv.exe Realtek HD Audio Sound Effect Manager 2324 C:\WINDOWS\RTHDCPL.exe SupportSoft Repair Service 780 C:\Program Files\O2 Assistant\bin\tgsrvc.exe SupportSoft sprtcmd 1156 C:\Program Files\O2 Assistant\bin\sprtcmd.exe SupportSoft sprtsvc 336 C:\Program Files\O2 Assistant\bin\sprtsvc.exe TDCSrv Application 2348 C:\WINDOWS\system32\TODDSrv.exe TMERzCtl.exe 912 C:\Program Files\Toshiba\TME3\TMERzCtl.exe TOSHIBA Direct Disc Writer 3204 C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe TOSHIBA DualPoint Utility 3900 C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe TOSHIBA DVD Player 2272 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe TOSHIBA HDD Protection 1676 C:\WINDOWS\system32\ThpSrv.exe TOSHIBA HDD Protection 2228 C:\WINDOWS\system32\ThpSrv.exe TOSHIBA Hotkey Utility for Display Devi 3868 C:\WINDOWS\system32\TFNF5.exe TOSHIBA Mic Effect 2768 C:\Program Files\Toshiba\TAudEffect\TAudEff.exe TOSHIBA MobileExtension Service 1688 C:\Program Files\Toshiba\TME3\TMEEJME.exe TOSHIBA MobileExtension Service 2244 C:\Program Files\Toshiba\TME3\TMESRV31.exe TOSHIBA PC Health Monitor 2468 C:\Program Files\Toshiba\TPHM\TPCHSrv.exe TOSHIBA PC Health Monitor 2092 C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe TOSHIBA Power Saver 2772 C:\WINDOWS\system32\TPSBattM.exe TOSHIBA Power Saver 2056 C:\WINDOWS\system32\TPSMain.exe TOSHIBA THotkey 2432 C:\WINDOWS\system32\00THotkey.exe TOSHIBA Zooming Utility 2996 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe Viewpoint Manager 2700 C:\Program Files\Viewpoint\Common\ViewpointService.exe Wireless Hotkey 3152 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (verified) Microsoft® Windows® Operating System 1384 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 884 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 1164 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 2976 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 1248 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1484 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1408 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 3308 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1904 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1844 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1808 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1612 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1192 C:\WINDOWS\system32\winlogon.exe (verified) Windows® Internet Explorer 2460 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 2696 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 3192 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.41 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.41 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.10 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 209.85.143.96 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.10 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.41 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.10 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 66.235.142.14 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 209.85.147.100 Process iexplore.exe (2460) connected on port 443 (HTTP over SSL) --> 209.85.143.96 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 69.63.190.22 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.10 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 74.125.230.122 Process iexplore.exe (2460) connected on port 443 (HTTP over SSL) --> 209.85.229.95 Process iexplore.exe (2460) connected on port 80 (HTTP) --> 92.123.153.10 Process svchost.exe (1484) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- 000StTHK.exe C:\WINDOWS\system32\000StTHK.exe Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe Canon My Printer C:\Program Files\Canon\MyPrinter\BJMyPrt.exe CD/DVD Drive Acoustic Silencer C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe Chicony traybar C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe CNSLMAIN.EXE C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe LtMoh Application C:\Program Files\ltmoh\ltmoh.exe Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\OOBE\oobebaln.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.exe SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll SupportSoft sprtcmd C:\Program Files\O2 Assistant\bin\sprtcmd.exe TMERzCtl.exe C:\Program Files\Toshiba\TME3\TMERzCtl.exe TOSHIBA Direct Disc Writer C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe TOSHIBA DualPoint Utility C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe TOSHIBA HDD Protection C:\WINDOWS\system32\ThpSrv.exe TOSHIBA Hotkey Utility for Display Devi C:\WINDOWS\system32\TFNF5.exe TOSHIBA Mic Effect C:\Program Files\Toshiba\TAudEffect\TAudEff.exe TOSHIBA MobileExtension Service C:\Program Files\Toshiba\TME3\TMESRV31.exe TOSHIBA PC Health Monitor C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe TOSHIBA Power Saver C:\WINDOWS\system32\TPSMain.exe TOSHIBA Power Saver C:\WINDOWS\system32\TPSODDCtl.exe TOSHIBA THotkey C:\WINDOWS\system32\00THotkey.exe TOSHIBA Zooming Utility C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe Wireless Hotkey C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (verified) Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe (verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll Java Platform SE 6 U26 c:\program files\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Java Platform SE 6 U26 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe MetaStream 3 Plugin C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll Microsoft Forefront Unified Access Gate C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll Microsoft Forefront Unified Access Gate C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlNSP.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe (verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (verified) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (verified) RealPlayer Version Plugin C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll Missing files ------------- File not found: TFncKy.exe --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"TFncKy" Scan ---- MD5: 401f82ce78ae5995684333b556948fa4 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCEC82E9-F4D8-400F-B2EA-D533923B0B3C}\mpengine.dll MD5: 5f53edfead46fa7adb78eee9ecce8fdf c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCEC82E9-F4D8-400F-B2EA-D533923B0B3C}\MpKsl96c208b0.sys MD5: d8152dd555441e438b1511994ad3415f C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe MD5: a26d471230dd6bd321cc04815bd4c094 C:\Program Files\Apoint2K\ApCommon.dll MD5: 727a2afe355ee3815c5dd6ba46154698 C:\Program Files\Apoint2K\ApDual.dll MD5: 283d5f414ead07310c01c84458c20546 C:\Program Files\Apoint2K\ApMain.DLL MD5: c7118203e4ad83f96246acba538f5a8e C:\Program Files\Apoint2K\ApMouse.dll MD5: cca1b81492b40890e44b2b20a780ee1f C:\Program Files\Apoint2K\ApntEx.exe MD5: 8ebbf7e508ec363bd6933809d17a43a7 C:\Program Files\Apoint2K\Apoint.exe MD5: fd42b48b32e2bdc046bdf08ee9a1f78a C:\Program Files\Apoint2K\ApOthers.dll MD5: d51daf9bf10be465adfbd434554be21f C:\Program Files\Apoint2K\ApPad.dll MD5: cc7a6e203b1b14717ac241e7dc3da35d C:\Program Files\Apoint2K\ApStick.dll MD5: b3cdfb192d1eb7f42dc9a7e179a424dd C:\Program Files\Apoint2K\ApString.dll MD5: 14bb715bb0752cf6d7e0404d0c9e56cf C:\Program Files\Apoint2K\EzAuto.dll MD5: d56a57149ac7297da0af3ddd17b5aeb7 C:\Program Files\Apoint2K\EzCapt.dll MD5: d616c423397c55e26699ab8171c99036 C:\Program Files\Apoint2K\EzLaunch.dll MD5: a98c8ba7036258dc73a41fdf326320c8 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe MD5: b42228befb6ebf62c1cbbc8f2284ac9a C:\Program Files\Camera Assistant Software for Toshiba\CECCMDLL.DLL MD5: e7e49ed14a52d839dad6a7ef0251c16f C:\Program Files\Camera Assistant Software for Toshiba\hookdll.dll MD5: b1db5edb658f3ff4f13ac069ce622893 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe MD5: 8ef654045e518ac00e52e7a1e2d3ad70 C:\Program Files\Canon\CAL\CALMAIN.exe MD5: ce252b04fb9f4f773a7db5338bfeea5b C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL MD5: 511d37d2b50d22335bfe6ca9a5b14add C:\Program Files\Canon\MyPrinter\BJMyPrt.exe MD5: 605bb2b2a2171d3f5748f4919e80e6c7 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe MD5: 48345bd51975e9883dd2da45d7d1b294 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe MD5: 518eeb2043b66e733489a715852bf839 C:\Program Files\Common Files\supportsoft\bin\ssrc.exe MD5: 94071669836528505b1edccf8d74ed7c C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\internet explorer\xpshims.dll MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files\java\jre6\bin\jp2ssv.dll MD5: 9dba73c2f1e76ec4cb837e67c5743596 C:\Program Files\Java\jre6\bin\jqs.exe MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: 2c003d049cd5e45bb88b6f8583561035 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: e6d8aca191a9d4f72b122be1b345cad4 C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax MD5: 64ba2e5b9678bc574ef17af88be5df9c C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll MD5: abbabb9718848fd74c2d156bdfedbcd5 C:\Program Files\ltmoh\ltmoh.exe MD5: f18dd279a5a209b82ec944cf59a6436e C:\Program Files\ltmoh\MOHAPI.dll MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: 9474ece6561990f7eb443e80cdfd2951 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe MD5: f66f1ab27f1297251cc70c78034cb3be C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\whliocsv.exe MD5: 292ddd7e3579144edeab0fd98fc0c466 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlLSP.dll MD5: 49af3142254b444b4a017ff3d68afed3 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlNSP.dll MD5: 5bc65464354a9fd3beaa28e18839734a C:\Program Files\Microsoft Office\Office10\OSA.EXE MD5: f5e0a1a931c125713d504bc5d1d35e2f C:\Program Files\Microsoft Security Client\Antimalware\MpClient.Dll MD5: 4397a7614d29030465d746176f46b2c3 c:\Program Files\Microsoft Security Client\Antimalware\MpOAv.dll MD5: c24525d1877e90ea0f7fc52748ec615e c:\Program Files\Microsoft Security Client\Antimalware\mprtp.dll MD5: 21c4973715116b7af5ab00c19cf5af2d c:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll MD5: 90dc23d940551db35367fb1e40575b25 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe MD5: b4436f7ad121c2e1132b06c8bdb8bf7d C:\Program Files\Microsoft Security Client\EppManifest.dll MD5: 1d6174de4ded26e5d91b9b66e0fe4dac C:\Program Files\Microsoft Security Client\msseces.exe MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll MD5: d9a96133136ca57f82ac3ac99bd92c28 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll MD5: 5786b619d8d9a4b544feb63648a3b633 C:\Program Files\O2 Assistant\bin\dmmonitor.dll MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\O2 Assistant\bin\LIBEAY32.dll MD5: f55384d2baee0c00995619288d54c669 C:\Program Files\O2 Assistant\bin\sprtcmd.exe MD5: eb48c000d2a5c614bee4d87365bd3ad8 C:\Program Files\O2 Assistant\bin\sprtevent.dll MD5: 251e22a5d9baac9e1153707eef2ef62e C:\Program Files\O2 Assistant\bin\sprtfod.dll MD5: 4885915502d36cc0829db4c8f22052b1 C:\Program Files\O2 Assistant\bin\sprthook.dll MD5: 3871c2f5db86099af4543213f26e3c1c C:\Program Files\O2 Assistant\bin\sprtmessage.dll MD5: 92982bc49fa1e45ebd64a4605ae57790 C:\Program Files\O2 Assistant\bin\sprtsched.dll MD5: 9be42e99bbd5461f1f94fe39fee2e6f5 C:\Program Files\O2 Assistant\bin\sprtsvc.exe MD5: a95fd607292f05218feb8d580fb4cc8e C:\Program Files\O2 Assistant\bin\sprtsync.dll MD5: 18e84c774815d9f6f6931f46ca00b1bf C:\Program Files\O2 Assistant\bin\sprttrigger.dll MD5: dd8be1269dca19ebdbef65b63bfc705c C:\Program Files\O2 Assistant\bin\sprtui.dll MD5: 2f7959c5faa11e0f53fa3d321c9074d0 C:\Program Files\O2 Assistant\bin\sprtupdate.dll MD5: 5600fe96b96f06e4f7a7f74e9f0cfe5a C:\Program Files\O2 Assistant\bin\SupportSoft.Agent.Sprocket.dll MD5: e4ce89d2d077d712ee284e77927af82f C:\Program Files\O2 Assistant\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll MD5: c4e3bbcba4e10a34e31c26a0cf933e32 C:\Program Files\O2 Assistant\bin\tgsrvc.exe MD5: ce16731d20bc8afd532ac7a526d809a9 c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll MD5: c030c9a39e85b6f04a8dd25d1a50258a C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS MD5: e9c2d75c748c3f0a4c34d6cf2ae1d754 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS MD5: 64c100dbf57c6cb6e7d5d24153f5e444 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL MD5: 972edede23ac8d59aac0c09799c6f18a C:\Program Files\SUPERAntiSpyware\SASWINLO.dll MD5: 3cb0cc8879956c187e87e18634ee5164 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe MD5: a2d80dc9f7ed1a244500b153cbfca9e6 C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll MD5: 3b6c054ab0cb4ea03b184dc39e0ec28c C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll MD5: 324eadaa1f7ab2059f93dd246f59412f C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe MD5: 742ea01063f6cae87d0ef0457076eb5b C:\Program Files\TOSHIBA\TAudEffect\TAERes.dll MD5: 4372a356d7c03b0c44fed754bbf55510 C:\Program Files\Toshiba\TAudEffect\TAudEff.exe MD5: afffc7947b38dc24f70e3c49334106f8 C:\Program Files\TOSHIBA\TME3\TMEEJMD.DLL MD5: a63a8a270734d7c9d278d9afacf7a912 C:\Program Files\Toshiba\TME3\TMEEJME.exe MD5: 178d531283eeb53df93d6e984e75a83a C:\Program Files\TOSHIBA\TME3\TMEI3E.dll MD5: 1bfbfcf3ce792f5142dc79f73b3358fc C:\Program Files\Toshiba\TME3\TMERzCtl.exe MD5: 1251afe77ce784d447e0d09dead08f1b C:\Program Files\Toshiba\TME3\TMESRV31.exe MD5: d8cf04e65081018cf3379b0fc02ffcbb C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe MD5: a3f6908aca6d4fdcbd224e8a9a43277b C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe MD5: a3f6908aca6d4fdcbd224e8a9a43277b C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe MD5: 06aa87df4849c507a6c3ba741f9165b4 C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\usrpacket.dll MD5: 560a62963c372db04d77606404e86545 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe MD5: 9b9663992b7af05b8f0e9b8c5e4d73ad C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe MD5: 4dd1147a0482ece095539aa399003d0e C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll MD5: 53a296d5d9191c879d6e25b6020848b0 C:\Program Files\Toshiba\TPHM\TPCHSrv.exe MD5: 60c0db6a59b03d85b7f7e97a054047b7 C:\Program Files\TOSHIBA\TPHM\TPCHUSB.dll MD5: 486801fdf1f790bca89fead725f83c69 C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe MD5: 2011bfd5a4abaf79d969d3ed50ca1152 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MD5: f32d44a584a0b78ef3c8c1bc156ff99a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll MD5: 0c78701c6f42345dff2b2b6c3c3d01ef C:\WINDOWS\Downloaded Program Files\isusweb.dll MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: f282d4edd85d53e20d902cc92190c5f5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll MD5: 429e3efafcae6c89a57cd5d8e3442cae c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: c5806caaa4c96f30a3f7b9f0db8856ca C:\WINDOWS\RTHDCPL.exe MD5: ccb1a96002f0888da70964781c742a82 C:\WINDOWS\system32\000StTHK.exe MD5: 0c0e8e9e0c57ff5d1b092a19081b7b44 C:\WINDOWS\system32\00THotkey.exe MD5: d95393b383fb3db265836c84b53892a3 C:\WINDOWS\system32\ac3acm.acm MD5: 39e435c90c9c4f780fa0ed05ca3c3a1b C:\WINDOWS\system32\agrsmsvc.exe MD5: 9b2e14f4d66a59306584566a705f8cdd C:\WINDOWS\system32\bitsprx2.dll MD5: 97ae3a4180cab360f44f7f03e5e0f409 C:\WINDOWS\system32\bitsprx4.dll MD5: 1d2da7aec4a31e8e2f142004e5b8461a C:\WINDOWS\system32\CNMLMA4.DLL MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: 608bc1878efbde63866e41efc71f7022 C:\WINDOWS\system32\CpuPerf.dll MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: 11a9e0581f6441876ffbf331d294c10a C:\WINDOWS\System32\dhcpqec.dll MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: bc87db4759083525f96a159861670c5e C:\WINDOWS\system32\DINPUT.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys MD5: ce91b158fa490cf4c4d487a4130f4660 C:\WINDOWS\system32\DRIVERS\AGRSM.sys MD5: 3ed81e8b4709d13e5a38db2d8e792b28 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys MD5: 9060fa1f3ee5c1100ab1d358c3b0996b C:\WINDOWS\system32\DRIVERS\cben5.sys MD5: 96967facc0307093b9098f817a4409e6 C:\WINDOWS\system32\DRIVERS\e1y5132.sys MD5: 53f1160666435151b6fcf89d015fe620 C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\WINDOWS\system32\drivers\iaStor.sys MD5: 667cfdb801df771f47b7c39373c2d850 C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS MD5: f592a1b020723cfbd3d2722514066449 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys MD5: 7e34bfa1a7b60bba1da03d677f16cd63 C:\WINDOWS\system32\DRIVERS\MpFilter.sys MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 1265eb253ed4ebe4acb3bd5f548ff796 C:\WINDOWS\system32\DRIVERS\netdevio.sys MD5: 05743fffc2bc88cc8e426321bc6a762e C:\WINDOWS\system32\DRIVERS\NETw5x32.sys MD5: c2ef513bbe069f0d4ee0938a76f975d3 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys MD5: c398bca91216755b098679a8da8a2300 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys MD5: 2a2554cb24506e0a0508fc395c4a1b42 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys MD5: febb470bf0de4dbebbf72b79df993c5f C:\WINDOWS\system32\drivers\RtkHDAud.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: eeca2b57545e7b7be949b5e70e31444f C:\WINDOWS\system32\drivers\TBiosDrv.sys MD5: 2f8bfbdb5824c71f672779b4b8cf8b01 C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys MD5: f56a9327c58ff985616c5e197472932c C:\WINDOWS\system32\DRIVERS\tdudf.sys MD5: 65855534483d0c1330703100b31cac00 C:\WINDOWS\system32\DRIVERS\TEchoCan.sys MD5: f4846d3a19da42efd57efc816f1b2a62 C:\WINDOWS\system32\DRIVERS\thpdrv.sys MD5: beeca51c9ef368a1038e455278e4715e C:\WINDOWS\system32\DRIVERS\Thpevm.SYS MD5: 684bfb1e9abb05d3f48c53f3cd16a3e6 C:\WINDOWS\System32\Drivers\TMEI3E.SYS MD5: 4399a9bf7d8f49991a07fd86590a1619 C:\WINDOWS\system32\DRIVERS\tos_sps32.sys MD5: 3f9ba8878aa26d0831116733f9bc53ff C:\WINDOWS\system32\DRIVERS\trudf.sys MD5: 73d3312955f805054e32fabdca5230b1 C:\WINDOWS\system32\DRIVERS\TVALZ.SYS MD5: e03f5ca8d4edb4ce8141a3242e1261f8 C:\WINDOWS\system32\DRIVERS\TVALZFL.sys MD5: 1868bf76e2745f733b0fe5cdd2c6a81c C:\WINDOWS\system32\DRIVERS\whlva.sys MD5: 6d59ec87391a45019d95841af590d890 C:\WINDOWS\system32\E_FLBEAE.DLL MD5: 3b06cdd1a41618944a906589c052f2b3 C:\WINDOWS\System32\eapqec.dll MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: 9c10ea08509978758c11f97bc026dc3a C:\WINDOWS\system32\hccutils.DLL MD5: 7b14f8d19c2b4d1bebc19d973b563880 C:\WINDOWS\system32\hkcmd.exe MD5: 877c90686858d899b042bba45e9b7f2c C:\WINDOWS\system32\iac25_32.ax MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\ieframe.dll MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll MD5: e5fa4a4ca860fd1ae5c900305f7e94ea C:\WINDOWS\system32\igfxdev.dll MD5: a51ee9ac32c905ceb56ee9ed39518093 C:\WINDOWS\system32\IGFXEXPS.DLL MD5: 5dd5924b639bf2d95630b6097e40643f C:\WINDOWS\system32\igfxext.exe MD5: 49f438824ce5cb568ad481bee8323f1e C:\WINDOWS\system32\igfxpers.exe MD5: 8f50454e2cc4c8dc3745c4a6b8b3ac67 C:\WINDOWS\system32\igfxrENU.lrc MD5: 72fb0e375b63ac6573e6d01083f3006a C:\WINDOWS\system32\igfxress.dll MD5: 9ba68cc5e41f585dfeedc1b840b8cdd3 C:\WINDOWS\system32\igfxsrvc.dll MD5: e16e3a094264f40fd98dea0ac1dc5edc C:\WINDOWS\system32\igfxsrvc.exe MD5: 9a01a098238f117d00f050d9136dce1d C:\WINDOWS\system32\igfxtray.exe MD5: 577e496f0d41411bf149394d80959d53 C:\WINDOWS\system32\imaadp32.acm MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: f1941197a42f9f373cc70042fc82c950 C:\WINDOWS\system32\ksproxy.ax MD5: c9ef69b25dfa1c0e7932cb02fb8a7e91 C:\WINDOWS\system32\kswdmcap.ax MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL MD5: c5648be5409e0aabda8c9047bac8f603 C:\WINDOWS\system32\msadp32.acm MD5: 55aeea66c5e84e3fd6cd3e933397d478 C:\WINDOWS\system32\msaud32.acm MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL MD5: 33271a2667334b9a8842c65a079ef375 C:\WINDOWS\system32\msg711.acm MD5: b87f759738c52e8d6fbcdaaa84c6486f C:\WINDOWS\system32\msg723.acm MD5: 3a9846e207dafc13009c048a2f6f8c2a C:\WINDOWS\system32\msgsm32.acm MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll MD5: f7bbaa9485f04e46a053e147cdfad079 C:\WINDOWS\System32\mssha.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll MD5: 87906187b3af89582380d156da601f68 C:\WINDOWS\System32\napipsec.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: 108793450496f028bb9d0c6d6de0ade9 C:\WINDOWS\system32\OOBE\oobebaln.exe MD5: fb8e05cedb3ef65c80febd2698c80998 C:\WINDOWS\System32\qagent.dll MD5: 54b0324241bbf3642159918f9a4f16fb C:\WINDOWS\system32\qcap.dll MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\system32\qmgrprxy.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\ScrRun.dll MD5: c896f6270ec20a60799298b423d5f58b C:\WINDOWS\system32\SHDOCVW.dll MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: 0dbb250a89e2e1c9281009ac269f0805 C:\WINDOWS\system32\sl_anet.acm MD5: ffb624e61874f00f5d75838d7ab29c99 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPDA4.DLL MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll MD5: d4546bd02666a41541ff77c9be71a8c0 C:\WINDOWS\system32\TFnF5.dll MD5: 5542b73177470b626f368ea6997290e2 C:\WINDOWS\system32\TFNF5.exe MD5: 2bab54632eaf98ed75d55e19c46955e4 C:\WINDOWS\system32\THCI.DLL MD5: b11e778ab03ea6adc08cdfd2eda40d29 C:\WINDOWS\system32\ThpSrv.exe MD5: c5ac715b65b01788abc22d10749dddd8 C:\WINDOWS\system32\TODDSrv.exe MD5: ddfc50377524e6d5475da18905577d0a C:\WINDOWS\system32\TPeculiarity.dll MD5: ed645d62bd22c651b57c463400a1a9d6 C:\WINDOWS\system32\TPSBattM.exe MD5: 4f5d25b9056a226f4fef37045d99c8dd C:\WINDOWS\system32\TPSMain.exe MD5: 5f0a1c9f3cbf8bfd4cffd56588deb104 C:\WINDOWS\system32\TPSMainCtl.dll MD5: 49229c4fdf7eabcac306cb9833dddacc C:\WINDOWS\system32\TPSODDCtl.exe MD5: f51cf689dbbc15937ec327d4060a8e7b C:\WINDOWS\system32\TPSTrace.DLL MD5: f0d44b006c202dba329c3fae2e68aeab C:\WINDOWS\system32\TPwrCfg.DLL MD5: aff1414c917df8b84d495cf772a304cb C:\WINDOWS\system32\TPwrReg.dll MD5: 2611f58aec4bb39387162f749fe8a558 C:\WINDOWS\system32\TSCI.DLL MD5: 735f504deefe4e2ad06360fce2842dd4 C:\WINDOWS\system32\tsd32.dll MD5: 1396f781364754123e5180074fc3cb85 C:\WINDOWS\System32\tsgQec.dll MD5: e8cd0d7e169ecce2d4fd829daab786ed C:\WINDOWS\system32\tssoft32.acm MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll MD5: 94ba90c6af5c50ff5f7a6392514c4642 C:\WINDOWS\system32\vidcap.ax MD5: 41c46804b7d467e7a6d18ab253a902e9 C:\WINDOWS\system32\VXDIF.DLL MD5: 880f7ed2df24db14af96c6d797958796 C:\WINDOWS\system32\wbem\wbemdisp.dll MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.DLL MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\System32\Wlanapi.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: 6472932f2b6084ea1fb3f7f9493ac640 C:\WINDOWS\system32\wshom.ocx MD5: 7facb452456ef5c053af3ee4b228fe0d C:\WINDOWS\System32\XPOB2RES.DLL MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: 56f98c171b263bbadfe01ba21f966833 C:\WINDOWS\TMEVALDD.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll No file uploaded. Scan finished - communication took 1 sec Total traffic - 0.01 MB sent, 1.00 KB recvd Scanned 693 files and modules - 14 seconds ============================================================================== The computer seems to be running okay, except that it's slightly slower than usual and is busy busy busy all the time. I can be sitting with a Word document open, for example, or a simple web page, and nothing else open, yet the computer is making noise and the hourglass is often showing with the pointer. I can't fathom what it is doing - looking at the processes running in task manager doesn't show anything unusual. That's why I've been concerned that something is stealthily running on this computer. However, I haven't had any new viruses detected in the past two days.
  9. Hi D-FRED-BROWN, thank you so much for helping me. Here are the logs you requested: 2011/06/30 19:06:34.0265 3248 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/06/30 19:06:34.0531 3248 ================================================================================ 2011/06/30 19:06:34.0531 3248 SystemInfo: 2011/06/30 19:06:34.0531 3248 2011/06/30 19:06:34.0531 3248 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/30 19:06:34.0531 3248 Product type: Workstation 2011/06/30 19:06:34.0531 3248 ComputerName: HOME 2011/06/30 19:06:34.0531 3248 UserName: Carey 2011/06/30 19:06:34.0531 3248 Windows directory: C:\WINDOWS 2011/06/30 19:06:34.0531 3248 System windows directory: C:\WINDOWS 2011/06/30 19:06:34.0531 3248 Processor architecture: Intel x86 2011/06/30 19:06:34.0531 3248 Number of processors: 2 2011/06/30 19:06:34.0531 3248 Page size: 0x1000 2011/06/30 19:06:34.0531 3248 Boot type: Normal boot 2011/06/30 19:06:34.0531 3248 ================================================================================ 2011/06/30 19:06:35.0171 3248 Initialize success 2011/06/30 19:06:40.0875 3848 ================================================================================ 2011/06/30 19:06:40.0875 3848 Scan started 2011/06/30 19:06:40.0875 3848 Mode: Manual; 2011/06/30 19:06:40.0875 3848 ================================================================================ 2011/06/30 19:06:41.0203 3848 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/30 19:06:41.0312 3848 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/30 19:06:41.0406 3848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/30 19:06:41.0453 3848 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/30 19:06:41.0609 3848 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/06/30 19:06:41.0890 3848 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/06/30 19:06:41.0937 3848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/30 19:06:42.0125 3848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/30 19:06:42.0218 3848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/30 19:06:42.0250 3848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/30 19:06:42.0296 3848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/30 19:06:42.0406 3848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/30 19:06:42.0500 3848 CBEN5 (9060fa1f3ee5c1100ab1d358c3b0996b) C:\WINDOWS\system32\DRIVERS\cben5.sys 2011/06/30 19:06:42.0531 3848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/30 19:06:42.0562 3848 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/06/30 19:06:42.0609 3848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/30 19:06:42.0640 3848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/30 19:06:42.0750 3848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/30 19:06:42.0859 3848 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/30 19:06:42.0906 3848 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/30 19:06:43.0031 3848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/30 19:06:43.0125 3848 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/30 19:06:43.0281 3848 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/30 19:06:43.0312 3848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/30 19:06:43.0359 3848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/30 19:06:43.0406 3848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/30 19:06:43.0468 3848 e1yexpress (96967facc0307093b9098f817a4409e6) C:\WINDOWS\system32\DRIVERS\e1y5132.sys 2011/06/30 19:06:43.0640 3848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/30 19:06:43.0687 3848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/30 19:06:43.0703 3848 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/30 19:06:43.0843 3848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/30 19:06:43.0890 3848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/30 19:06:43.0937 3848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/30 19:06:43.0953 3848 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/30 19:06:43.0984 3848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/30 19:06:44.0171 3848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/30 19:06:44.0250 3848 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/30 19:06:44.0546 3848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/30 19:06:44.0718 3848 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 2011/06/30 19:06:44.0828 3848 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/30 19:06:45.0078 3848 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/06/30 19:06:45.0453 3848 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys 2011/06/30 19:06:45.0500 3848 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2011/06/30 19:06:45.0640 3848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/30 19:06:45.0859 3848 IntcAzAudAddService (febb470bf0de4dbebbf72b79df993c5f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/30 19:06:46.0109 3848 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/30 19:06:46.0140 3848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/30 19:06:46.0171 3848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/30 19:06:46.0281 3848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/30 19:06:46.0343 3848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/30 19:06:46.0359 3848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/30 19:06:46.0484 3848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/30 19:06:46.0531 3848 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/30 19:06:46.0562 3848 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/30 19:06:46.0625 3848 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/30 19:06:46.0718 3848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/30 19:06:46.0796 3848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/30 19:06:46.0953 3848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/30 19:06:47.0015 3848 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/30 19:06:47.0046 3848 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/30 19:06:47.0171 3848 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/30 19:06:47.0218 3848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/30 19:06:47.0265 3848 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/06/30 19:06:47.0421 3848 MpKsl019691c4 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F443C89-0110-487B-BAA8-14CCC4A76862}\MpKsl019691c4.sys 2011/06/30 19:06:47.0593 3848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/30 19:06:47.0656 3848 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/30 19:06:47.0796 3848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/30 19:06:47.0828 3848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/30 19:06:47.0890 3848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/30 19:06:47.0921 3848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/30 19:06:48.0062 3848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/30 19:06:48.0109 3848 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/06/30 19:06:48.0156 3848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/30 19:06:48.0281 3848 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/06/30 19:06:48.0312 3848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/30 19:06:48.0359 3848 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/06/30 19:06:48.0390 3848 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/30 19:06:48.0500 3848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/30 19:06:48.0515 3848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/30 19:06:48.0578 3848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/30 19:06:48.0718 3848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/30 19:06:48.0734 3848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/30 19:06:48.0765 3848 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/06/30 19:06:49.0078 3848 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 2011/06/30 19:06:49.0328 3848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/30 19:06:49.0375 3848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/30 19:06:49.0406 3848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/30 19:06:49.0546 3848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/30 19:06:49.0578 3848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/30 19:06:49.0593 3848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/30 19:06:49.0625 3848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/30 19:06:49.0671 3848 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/06/30 19:06:49.0781 3848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/30 19:06:49.0796 3848 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/30 19:06:49.0843 3848 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/30 19:06:49.0921 3848 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/30 19:06:49.0937 3848 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/06/30 19:06:50.0062 3848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/30 19:06:50.0125 3848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/30 19:06:50.0140 3848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/30 19:06:50.0203 3848 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/30 19:06:50.0343 3848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/30 19:06:50.0421 3848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/30 19:06:50.0437 3848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/30 19:06:50.0453 3848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/30 19:06:50.0468 3848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/30 19:06:50.0609 3848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/30 19:06:50.0640 3848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/30 19:06:50.0671 3848 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/30 19:06:50.0812 3848 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/30 19:06:50.0843 3848 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2011/06/30 19:06:50.0843 3848 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2011/06/30 19:06:50.0859 3848 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2011/06/30 19:06:50.0937 3848 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/06/30 19:06:51.0000 3848 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 2011/06/30 19:06:51.0031 3848 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 2011/06/30 19:06:51.0171 3848 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/06/30 19:06:51.0203 3848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/30 19:06:51.0218 3848 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/30 19:06:51.0234 3848 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/30 19:06:51.0250 3848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/06/30 19:06:51.0281 3848 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/06/30 19:06:51.0328 3848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/30 19:06:51.0468 3848 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/30 19:06:51.0515 3848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/30 19:06:51.0546 3848 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/06/30 19:06:51.0687 3848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/30 19:06:51.0703 3848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/30 19:06:51.0781 3848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/30 19:06:51.0968 3848 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys 2011/06/30 19:06:52.0031 3848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/30 19:06:52.0171 3848 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 2011/06/30 19:06:52.0218 3848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/30 19:06:52.0234 3848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/30 19:06:52.0281 3848 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys 2011/06/30 19:06:52.0421 3848 TEchoCan (65855534483d0c1330703100b31cac00) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys 2011/06/30 19:06:52.0515 3848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/30 19:06:52.0578 3848 Thpdrv (f4846d3a19da42efd57efc816f1b2a62) C:\WINDOWS\system32\DRIVERS\thpdrv.sys 2011/06/30 19:06:52.0593 3848 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS 2011/06/30 19:06:52.0656 3848 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS 2011/06/30 19:06:52.0781 3848 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys 2011/06/30 19:06:52.0859 3848 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys 2011/06/30 19:06:52.0875 3848 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS 2011/06/30 19:06:52.0921 3848 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys 2011/06/30 19:06:52.0984 3848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/30 19:06:53.0031 3848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/30 19:06:53.0140 3848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/30 19:06:53.0156 3848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/30 19:06:53.0203 3848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/30 19:06:53.0234 3848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/30 19:06:53.0328 3848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/30 19:06:53.0359 3848 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/30 19:06:53.0421 3848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/30 19:06:53.0453 3848 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/06/30 19:06:53.0546 3848 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS 2011/06/30 19:06:53.0625 3848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/30 19:06:53.0656 3848 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/30 19:06:53.0687 3848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/30 19:06:53.0781 3848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/30 19:06:53.0859 3848 whlva (1868bf76e2745f733b0fe5cdd2c6a81c) C:\WINDOWS\system32\DRIVERS\whlva.sys 2011/06/30 19:06:53.0906 3848 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/06/30 19:06:54.0000 3848 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/06/30 19:06:54.0078 3848 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/06/30 19:06:54.0125 3848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/30 19:06:54.0187 3848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/30 19:06:54.0218 3848 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0 2011/06/30 19:06:54.0390 3848 Boot (0x1200) (de130241fd11527d1462fb249c748e69) \Device\Harddisk0\DR0\Partition0 2011/06/30 19:06:54.0390 3848 ================================================================================ 2011/06/30 19:06:54.0390 3848 Scan finished 2011/06/30 19:06:54.0390 3848 ================================================================================ 2011/06/30 19:06:54.0406 1484 Detected object count: 0 2011/06/30 19:06:54.0406 1484 Actual detected object count: 0 ComboFix 11-06-30.03 - Carey 30/06/2011 19:29:30.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1913.1306 [GMT 1:00] Running from: c:\documents and settings\Carey\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Carey\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Guest\WINDOWS c:\windows\Downloaded Program Files\DM.0 c:\windows\Downloaded Program Files\DM.0\DMService.exe c:\windows\Downloaded Program Files\DM.0\WhlMgr.dll c:\windows\Downloaded Program Files\DM.1 c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\Thumbs.db . ----- BITS: Possible infected sites ----- . hxxp://sync.mobilebroadband.o2.co.uk:8080 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DMService -------\Legacy_DMService -------\Service_DMService -------\Service_DMService . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))))) . . 2011-06-30 16:59 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F443C89-0110-487B-BAA8-14CCC4A76862}\mpengine.dll 2011-06-28 21:51 . 2011-06-28 21:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-28 21:51 . 2011-06-28 21:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-18 20:36 . 2011-06-18 20:36 -------- d-----w- c:\program files\Common Files\Java 2011-06-16 19:54 . 2011-06-16 19:54 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 19:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-11 13:28 . 2011-06-11 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2011-06-11 13:27 . 2011-06-11 13:27 -------- d-----w- c:\program files\O2 Assistant 2011-06-11 13:26 . 2011-06-11 13:26 -------- d-----w- c:\program files\O2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 07:08 . 2011-05-19 07:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-07 15:55 . 2010-10-11 16:26 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-29 08:11 . 2010-02-20 23:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 08:11 . 2010-02-20 23:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 03:52 . 2010-10-03 12:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 01:25 . 2010-10-03 12:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2008-05-30 23:06 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2008-05-30 22:58 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2008-05-30 22:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2008-05-30 22:58 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2008-05-30 22:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2008-05-30 22:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2008-05-30 22:58 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2008-05-30 22:58 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2010-07-04 19:22 . 2010-07-04 19:22 3396176 ----a-w- c:\program files\ccsetup233.exe 2010-07-03 21:37 . 2010-07-03 21:37 10239072 ----a-w- c:\program files\rminstall.exe 2010-03-06 10:14 . 2010-03-06 10:14 13143816 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-02-21 13:49 . 2010-02-21 13:49 1339288 ----a-w- c:\program files\sar_15_sfx.exe 2010-02-13 20:13 . 2010-02-13 20:13 6521516 ----a-w- c:\program files\realalt201.exe 2010-02-13 20:07 . 2010-02-13 20:07 6147544 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE 2009-04-07 20:11 . 2009-04-07 20:10 939956 ----a-w- c:\program files\7z465.exe 2009-04-05 22:06 . 2009-04-05 22:06 13440584 ----a-w- c:\program files\Install_AIM.exe 2009-03-09 13:25 . 2009-03-10 12:30 7751011 ----a-w- c:\program files\XP-Codec-Pack-2.4.6.exe 2009-03-09 13:23 . 2009-03-10 12:31 14929905 ----a-w- c:\program files\klcodec470f.exe 2009-03-09 12:28 . 2009-03-09 12:28 23516968 ----a-w- c:\program files\SkypeSetupFull.exe 2009-03-09 12:18 . 2009-03-09 12:18 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe 2011-06-28 21:51 . 2011-05-08 21:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-06-29 155648] "TFncKy"="TFncKy.exe" [bU] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2008-04-17 90112] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TPSODDCtl"="TPSODDCtl.exe" [2007-11-01 126976] "TPSMain"="TPSMain.exe" [2007-10-16 315392] "TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-06-21 451944] "RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672] "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-07-05 258048] "000StTHK"="000StTHK.exe" [2001-06-23 24576] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2007-10-05 172032] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "TFNF5"="TFNF5.exe" [2006-04-11 622592] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ clr.lnk - c:\windows\system32\clr.BAT [2009-3-6 311] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Microsoft Forefront UAG\\Endpoint Components\\3.1.0\\WhlClnt3.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6346:TCP"= 6346:TCP:*:Disabled:Shareaza "6346:UDP"= 6346:UDP:*:Disabled:Shareaza . R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/01/2008 07:58 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 19:14 6528] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2009 12:43 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [06/03/2009 19:30 5888] R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [23/04/2010 15:04 206120] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 20:22 105856] R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [23/04/2010 15:04 185640] R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [06/03/2009 19:30 126976] R2 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [24/06/2008 04:01 628072] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 20:15 134016] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [01/05/2008 06:09 4992] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [15/02/2010 20:46 149904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [05/04/2009 23:08 24652] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [06/03/2009 19:26 244368] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2008 00:48 41216] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [31/05/2008 00:21 435072] R3 whlva;SSL Network Tunneling;c:\windows\system32\drivers\whlva.sys [15/02/2010 20:46 21384] S1 MpKsl019691c4;MpKsl019691c4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F443C89-0110-487B-BAA8-14CCC4A76862}\MpKsl019691c4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F443C89-0110-487B-BAA8-14CCC4A76862}\MpKsl019691c4.sys [?] S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [30/05/2008 17:04 46108] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1E.tmp --> c:\windows\system32\1E.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408] S3 whliocsv;Microsoft Forefront UAG SSL Network Tunneling Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\whliocsv.exe [15/02/2010 20:46 156048] . Contents of the 'Scheduled Tasks' folder . 2009-03-06 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2008-05-30 12:00] . 2009-03-06 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2008-05-30 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: c:\progra~1\MIC3C8~1\ENDPOI~1\31265D~1.0\WhlLSP.dll TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Carey\Application Data\Mozilla\Firefox\Profiles\89gmhn05.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . - - - - ORPHANS REMOVED - - - - . Notify-TosBtNP - TosBtNP.dll SafeBoot-klmdb.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-30 19:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\1E.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1192) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(1384) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\TOSHIBA\TME3\TMEEJMD.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\ThpSrv.exe c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\windows\system32\TPSMain.exe c:\program files\TOSHIBA\TME3\TMEEJME.EXE c:\windows\system32\thpsrv.exe c:\windows\RTHDCPL.EXE c:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\TFNF5.exe c:\program files\Apoint2K\Apntex.exe c:\windows\system32\igfxext.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe . ************************************************************************** . Completion time: 2011-06-30 19:40:53 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-30 18:40 . Pre-Run: 170,758,426,624 bytes free Post-Run: 171,058,089,984 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg . - - End Of File - - 8A31164E0138E54CD105030BA0E84908 Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 26 Flash Player Out of Date! Adobe Flash Player 10.2.159.1 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log````````````
  10. I visited an infected website last weekend, and have been having problems with viruses since. I'm wondering if you could please help me to determine what's going on with my computer. Unfortunately, scanning with MBAM hasn't detected any of the viruses. More specifically, it was initially infected with Exploit:Win32/Pdfjsc.RJ and Exploit:Java/CVE-2010-0840.DT. These were detected and removed by Microsoft Security Essentials. Full scans with MBAM and MSE then showed the system was clean. But the following day, MBAM detected and removed VirTool:JS/Obfuscator.BN. Again, subsequent scans with MBAM and MSE were clear. Two days later, Obfuscator was again detected, along with Exploit:Win32/Pdfjsc.RF. MSE detected and removed. MSE and MBAM both showed my computer as clean, but I didn't feel I could trust it because I hadn't visited any unknown sites, downloaded anything, or opened any attachments during the days I kept getting further viruses. I then used the ESET online scanner and it found HTML/iframe.B.Gen. Subsequent scan all clear. Tried ESET again the next day, it detected and removed JS/Exploit.Pdfka.OXB.Gen. So to make a very long story short, something seems not right, and I'd be so appreciative of your help. .......... Defogger: I had a problem running this. It got to "Finish", I clicked OK, but it did not ask me to reboot and it stayed on the disable/re-enable screen. It did put a log file on my desktop, as follows: defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:14 on 29/06/2011 (Carey) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F= I'm not sure if this is normal or if the disabling has failed. Please let me know if I need to do anything further with that. Here is my MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6980 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/06/2011 23:02:20 mbam-log-2011-06-29 (23-02-20).txt Scan type: Quick scan Objects scanned: 180371 Time elapsed: 9 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the DDS.txt info: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Carey at 23:19:47 on 2011-06-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1913.1307 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\O2 Assistant\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\O2 Assistant\bin\tgsrvc.exe C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\WINDOWS\system32\thpsrv.exe C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\00THotkey.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\O2 Assistant\bin\sprtcmd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe mRun: [TFncKy] TFncKy.exe mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon mRun: [TPSODDCtl] TPSODDCtl.exe mRun: [TPSMain] TPSMain.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [000StTHK] 000StTHK.exe mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TFNF5] TFNF5.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [O2DA] "c:\program files\o2 assistant\bin\sprtcmd.exe" /P O2DA mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll LSP: c:\progra~1\mic3c8~1\endpoi~1\31265d~1.0\WhlLSP.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://portal.newham.gov.uk/InternalSite/WhlCompMgr.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{BD1C6380-6AC4-48DD-9EDE-C9485428576D} : DhcpNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll Notify: TosBtNP - TosBtNP.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\carey\application data\mozilla\firefox\profiles\89gmhn05.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-12 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 MpKslf091054c;MpKslf091054c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9f26ca7-6aac-41ae-b0ba-d5d50d7d549a}\MpKslf091054c.sys [2011-6-29 28752] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2009-3-6 5888] R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\o2 assistant\bin\sprtsvc.exe [2010-4-23 206120] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856] R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\o2 assistant\bin\tgsrvc.exe [2010-4-23 185640] R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2009-3-6 126976] R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-6-24 628072] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-5-1 4992] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2010-2-15 149904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-5 24652] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-3-6 244368] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-5-31 41216] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2008-5-31 435072] R3 whlva;SSL Network Tunneling;c:\windows\system32\drivers\whlva.sys [2010-2-15 21384] S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2008-5-30 46108] S3 DMService;Whale Component Manager;c:\windows\downloaded program files\dm.0\DMService.exe [2010-2-15 468368] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1e.tmp --> c:\windows\system32\1E.tmp [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408] S3 whliocsv;Microsoft Forefront UAG SSL Network Tunneling Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\whliocsv.exe [2010-2-15 156048] . =============== Created Last 30 ================ . 2011-06-29 22:10:39 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9f26ca7-6aac-41ae-b0ba-d5d50d7d549a}\MpKslf091054c.sys 2011-06-29 16:10:47 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9f26ca7-6aac-41ae-b0ba-d5d50d7d549a}\mpengine.dll 2011-06-28 21:51:54 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-28 21:51:53 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-16 19:54:56 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 19:52:13 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-11 13:27:53 -------- d-----w- c:\program files\O2 Assistant 2011-06-11 13:26:47 -------- d-----w- c:\program files\O2 . ==================== Find3M ==================== . 2011-06-24 07:08:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 08:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2010-07-04 19:22:31 3396176 ----a-w- c:\program files\ccsetup233.exe 2010-07-03 21:37:03 10239072 ----a-w- c:\program files\rminstall.exe 2010-03-06 10:14:44 13143816 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-02-21 13:49:42 1339288 ----a-w- c:\program files\sar_15_sfx.exe 2010-02-13 20:13:58 6521516 ----a-w- c:\program files\realalt201.exe 2010-02-13 20:07:40 6147544 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE 2009-04-07 20:11:01 939956 ----a-w- c:\program files\7z465.exe 2009-04-05 22:06:50 13440584 ----a-w- c:\program files\Install_AIM.exe 2009-03-09 13:25:26 7751011 ----a-w- c:\program files\XP-Codec-Pack-2.4.6.exe 2009-03-09 13:23:50 14929905 ----a-w- c:\program files\klcodec470f.exe 2009-03-09 12:28:57 23516968 ----a-w- c:\program files\SkypeSetupFull.exe 2009-03-09 12:18:23 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe . ============= FINISH: 23:20:40.85 =============== Thank you for your help. attach.zip ark.zip
  11. Okay. I've done the "cleanup" on OTL, uninstalled old Java and installed new Java, and reset the System Restore point. I have a few other leftover programs on my desktop that were downloaded to scan for the rootkit, including GMER, MBRCheck, RKUnhookerLE, Rootrepeal. Is it just a matter of deleting these exe files from my desktop to remove them? Also ESET is showing in my add/remove programs - is that the best way to remove it? Or would you recommend keeping any of these programs? Sorry if these are really basic questions. I haven't used any of these programs before. Thank you!!!
  12. I'm using a wireless connection on my laptop. The network here can be patchy, so I would assume it's just that. Other than the occasional pause, web pages are loading a bit more quickly than they were before, which is nice. I have a continuing problem where sometimes my browsers (either IE or Firefox) freeze completely, while any other internet-based activities (e.g. instant messaging) are still working, and windows does not detect any issues with my wireless internet connection. Closing/reopening the browser, disconnecting then reconnecting the internet, repairing the connection... none of these solve the issue. It's not limited to wireless connections either. I wondered if that was malware-related but was somehow not being picked up by MBAM or my anti-virus. I kind of hoped it might have been resolved through the work we have done on this rootkit virus, but I guess that was optimistic thinking. The browser-freeze problem has already happened once today. I believe I have narrowed it down to a problem with Avast (i.e. if I switch off Avast - dangerous, I know - then the browsers work perfectly again). I plan to uninstall avast and install another antivirus program in its place to hopefully resolve this, as it doesn't seem like it's malware related (unless I am missing something!). There is also a moment - usually 1 or 2 seconds - when I start up the laptop, when I get an error message warning me that my firewall is switched off, then the message switfly disappears and both Avast and my wireless icon appear, showing me I am online. When I check Windows Firewall, it is definitely on. Again, I wondered if this was undetected malware, but I think it's more likely a problem with the antivirus program based on the symptoms. I'm not sure if the above info is relevant to any of the checks we have been doing but thought I would mention it just in case there is still something evil hiding in my laptop that must be found and cleaned... Thanks again for helping me.
  13. It seems to be running fine. Occasionally when I click on a web page, the browser displays "Done" but the page is blank until I refresh again. This could be a normal minor glitch, or a slow internet connection issue, though. I think I need to change antivirus programs as well. (Not happy with avast.) I'm not getting any particular errors and I can access MBAM without any problems now.
  14. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 151): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F79000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F68000 pci.sys 0xBA0A8000 isapnp.sys 0xBA0B8000 ohci1394.sys 0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xB9F4A000 pcmcia.sys 0xBA0D8000 MountMgr.sys 0xB9F2B000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9F05000 dmio.sys 0xBA330000 PartMgr.sys 0xBA0E8000 VolSnap.sys 0xB9EED000 atapi.sys 0xB9E1F000 iaStor.sys 0xBA0F8000 disk.sys 0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9DFF000 fltMgr.sys 0xB9DED000 sr.sys 0xBA118000 PxHelp20.sys 0xB9DD6000 KSecDD.sys 0xB9D49000 Ntfs.sys 0xB9D1C000 NDIS.sys 0xBA338000 TVALZ.SYS 0xB9CD9000 tos_sps32.sys 0xBA5AE000 Thpevm.SYS 0xBA340000 thpdrv.sys 0xB9CBF000 Mup.sys 0xB9631000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xB961D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB95DF000 \SystemRoot\system32\DRIVERS\e1y5132.sys 0xBA370000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB95BB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA3A0000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9593000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB921B000 \SystemRoot\system32\DRIVERS\NETw5x32.sys 0xBA2B8000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xB9207000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xB91F6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xB91E2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xB9190000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xBA2C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA3D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB9177000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0xBA3F8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA2D8000 \SystemRoot\system32\DRIVERS\IFXTPM.SYS 0xBA2E8000 \SystemRoot\system32\DRIVERS\serial.sys 0xB9C87000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB9C7F000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys 0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB912C000 \SystemRoot\system32\DRIVERS\ks.sys 0xB9C6B000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xBA5C4000 \SystemRoot\system32\DRIVERS\TVALZFL.sys 0xBA148000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xBA781000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA158000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9C63000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9115000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA168000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA178000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA4A8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9064000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA188000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA378000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA388000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA574000 \SystemRoot\system32\DRIVERS\whlva.sys 0xB900C000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA198000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8FAE000 \SystemRoot\system32\DRIVERS\update.sys 0xBA58C000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA1B8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA1C8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5D2000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xA8841000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xA881D000 \SystemRoot\system32\drivers\portcls.sys 0xBA1D8000 \SystemRoot\system32\drivers\drmk.sys 0xA87B2000 \SystemRoot\system32\DRIVERS\TEchoCan.sys 0xA8696000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0xBA438000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA70C000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5E4000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA490000 \SystemRoot\System32\drivers\vga.sys 0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA350000 \SystemRoot\System32\Drivers\Npfs.SYS 0xA8CEA000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA8613000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA85BA000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xBA248000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xA856C000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA8544000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBA268000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xA8692000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xA8482000 \SystemRoot\System32\drivers\afd.sys 0xBA278000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA5F2000 \SystemRoot\System32\Drivers\TMEI3E.SYS 0xA8461000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 0xBA3A8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xA8436000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA83C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA288000 \SystemRoot\System32\Drivers\Fips.SYS 0xA83A5000 \SystemRoot\System32\Drivers\aswSP.SYS 0xA866A000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA2A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA398000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xBA468000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xA864E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB90F5000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0xA835F000 \SystemRoot\System32\Drivers\usbvideo.sys 0xB90E5000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA8291000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xA85B6000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA368000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA6B9000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04F000 \SystemRoot\System32\igxpdv32.DLL 0xBF25B000 \SystemRoot\System32\igxpdx32.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xBA420000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys 0xBA5DE000 \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys 0xA8137000 \SystemRoot\system32\DRIVERS\tdudf.sys 0xA8126000 \SystemRoot\System32\Drivers\Udfs.SYS 0xA8105000 \SystemRoot\system32\DRIVERS\trudf.sys 0xA81C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA80F9000 \SystemRoot\system32\DRIVERS\netdevio.sys 0xA7F87000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xA7C3A000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA7C25000 \SystemRoot\system32\drivers\wdmaud.sys 0xA7CAF000 \SystemRoot\system32\drivers\sysaudio.sys 0xA7914000 \SystemRoot\system32\DRIVERS\srv.sys 0xA70B9000 \SystemRoot\System32\Drivers\HTTP.sys 0xA7312000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 66): 0 System Idle Process 4 System 1100 C:\WINDOWS\system32\smss.exe 1164 csrss.exe 1192 C:\WINDOWS\system32\winlogon.exe 1236 C:\WINDOWS\system32\services.exe 1248 C:\WINDOWS\system32\lsass.exe 1408 C:\WINDOWS\system32\svchost.exe 1504 svchost.exe 1584 C:\WINDOWS\system32\svchost.exe 1816 svchost.exe 1868 svchost.exe 300 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 360 C:\Program Files\Alwil Software\Avast4\ashServ.exe 1252 C:\WINDOWS\system32\spoolsv.exe 1764 C:\WINDOWS\explorer.exe 1896 svchost.exe 1964 C:\WINDOWS\system32\agrsmsvc.exe 1992 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe 628 C:\Program Files\Java\jre6\bin\jqs.exe 912 C:\WINDOWS\system32\svchost.exe 976 C:\WINDOWS\system32\ThpSrv.exe 1440 C:\Program Files\Toshiba\TME3\TMESRV31.exe 1712 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe 1728 C:\Program Files\Toshiba\TME3\TMEEJME.exe 2256 C:\WINDOWS\system32\TODDSrv.exe 2292 C:\Program Files\Toshiba\TPHM\TPCHSrv.exe 2348 C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe 2396 C:\Program Files\Viewpoint\Common\ViewpointService.exe 2448 C:\Program Files\Canon\CAL\CALMAIN.exe 2476 C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe 2564 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe 2572 C:\Program Files\Toshiba\TME3\TMERzCtl.exe 2624 C:\WINDOWS\system32\TPSMain.exe 2632 C:\WINDOWS\system32\ThpSrv.exe 2652 C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe 2768 C:\WINDOWS\system32\TPSBattM.exe 2784 C:\WINDOWS\RTHDCPL.exe 2800 C:\WINDOWS\system32\00THotkey.exe 2816 C:\WINDOWS\system32\wuauclt.exe 2828 C:\Program Files\Toshiba\TAudEffect\TAudEff.exe 2836 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe 2872 C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe 2896 C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe 2992 C:\Program Files\ltmoh\ltmoh.exe 3024 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe 3032 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe 3048 C:\Program Files\Apoint2K\Apoint.exe 3100 C:\WINDOWS\system32\igfxtray.exe 3128 C:\WINDOWS\system32\hkcmd.exe 3140 C:\WINDOWS\system32\igfxpers.exe 3172 C:\WINDOWS\system32\igfxsrvc.exe 3180 C:\WINDOWS\system32\TFNF5.exe 3188 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 3200 C:\WINDOWS\system32\ctfmon.exe 3244 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe 3256 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe 3340 C:\WINDOWS\system32\igfxext.exe 3404 C:\Program Files\Apoint2K\ApntEx.exe 3728 wmiprvse.exe 3940 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3972 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 1912 alg.exe 3620 wmiprvse.exe 2100 C:\Program Files\Alwil Software\Avast4\Setup\avast.setup 3572 C:\Documents and Settings\Carey\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: HitachiHTS543225L9SA00, Rev: FBEOC43C Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 31D100779DE502702C374F7C15687B56FCFD5528 Done!
  15. Thanks kahdah. Here are the two logs: All processes killed ========== OTL ========== C:\Documents and Settings\Carey\Local Settings\Application Data\TA45p2 moved successfully. C:\Documents and Settings\All Users\Application Data\TA45p2 moved successfully. C:\Documents and Settings\Carey\Local Settings\Application Data\v66l66MW5Tq moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: Carey ->Temp folder emptied: 30652806 bytes ->Temporary Internet Files folder emptied: 12002463 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 82361885 bytes ->Flash cache emptied: 2505 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Guest ->Temp folder emptied: 1758344 bytes ->Temporary Internet Files folder emptied: 377135035 bytes ->FireFox cache emptied: 63963380 bytes ->Flash cache emptied: 3837 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 171571 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 303144 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35019 bytes RecycleBin emptied: 14753750 bytes Total Files Cleaned = 556.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10022010_230104 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\_av_proI.tm~a03476\setup.lok not found! File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_140.dat moved successfully. Registry entries deleted on Reboot... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=19d19e46519b014cb5bf9030486ca3fd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2010-10-02 10:37:44 # local_time=2010-10-02 11:37:44 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=769 16775125 100 98 428 222342399 0 0 # compatibility_mode=8192 67108863 100 0 206 206 0 0 # scanned=68427 # found=0 # cleaned=0 # scan_time=1418 Please let me know if these look okay, and if there is anything else I can do to ensure the virus is completely gone. Thanks so much.
  16. Kahdah, thanks so much for being willing to help me. Here are the results you requested: OTL logfile created on: 02/10/2010 14:55:05 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Carey\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 163.88 Gb Free Space | 70.37% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME Current User Name: Carey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Carey\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Program Files\Toshiba\TME3\TMERzCtl.exe (TOSHIBA) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA) PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.) PRC - C:\Program Files\Toshiba\TME3\TMESRV31.exe (TOSHIBA) PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA) PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Program Files\Toshiba\TME3\TMEEJME.exe (TOSHIBA) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Carey\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (DMService) -- C:\WINDOWS\Downloaded Program Files\DM.0\DMService.exe () SRV - (whliocsv) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\whliocsv.exe (Microsoft ® Corporation) SRV - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (Thpsrv) -- C:\WINDOWS\system32\ThpSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) SRV - (Tmesrv) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe (TOSHIBA) SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\1E.tmp File not found DRV - (whlva) -- C:\WINDOWS\system32\drivers\whlva.sys (Microsoft
  17. Just to update this further - I ran MBAM again just now and it came up clean (nothing detected). However, during the MBAM scan, my Avast popped up with a virus alert and I moved the file in question into the virus chest. Details: 93i7qG17a.sys in C:\windows\temp Win32: Malware-gen Successfully moved to the virus chest, but MBAM still finds nothing and I'm sure there is still a problem. Some of my web pages are not loading on the first try either - but they do load when I refresh. This is happening more often than usual. Can anyone help?
  18. Hello, I'm hoping you could help me to check if my computer is clean... I have been working on eradicating a rootkit virus from my laptop for a couple of days now. I believe it was initially picked up by surfing to an infected website. The initial problems were: - Google search results looked okay, but when I clicked them, I was being redirected to a variety of other websites. - Exe files for MBAM and other anti-malware programs were unclickable. Here is what I did: - I renamed MBAM and was able to run it. It detected a trojan and successfully removed it on reboot. After that: - MBAM and other anti-malware programs could still NOT be accessed unless they were renamed. - After restarting, I would get a mysterious "IE script error" even when no programs were running. - If I restarted with my wireless internet switch turned off, I would also get a "Generic Host Process for Win32 Services has encountered an error and needs to close". This didn't happen if the wireless switch was on at restart. The error would cause my desktop to look a bit odd, but still worked (eg. changed some display fonts and sizes). Next: - I downloaded and ran TDSSKiller. It detected the following: Rootkit.Win32.TDSS.tdl3 (compbatt), at C:\windows\system32\drivers\compbatt.sys - I allowed TDSSKiller to "Cure" this, which was done after reboot. - Subsequent scans on TDSSKiller don't reveal any recurrence of this rootkit. Currently: - My laptop appears to be running okay. - No redirecting websites, no script errors or other errors at startup, MBAM and other anti-malware programs are openable using their proper names. - MBAM isn't detecting anything wrong. The problem is, I'm no expert and I really want to be sure my computer is as clean as possible. I know that rootkits are insidious and I want my laptop to be as close to secure as possible. Could you please advise? I'm happy to provide whatever scans you would need to see to help me confirm this rootkit is gone... I have downloaded some of the scanning programs already but am unsure which results you would like to see first. Thanks so much for your assistance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.