Author Topic: Oh please Help! Raven sent me (Read 1380 times)

deborahPS · « **on:** January 22, 2011, 10:11:05 PM »

I'm in a big pickle and need help in a big way

Raven from Gardenweb sent me over since he has the highest regards for you expert opinions.

This is the second time I've lost this post since my computer goes into Offline mode rather quickly.

A week ago my computer was continually re-booting, not allowing me to get online. My son futzed around and we both decided to just use my Toshiba recovery disc and reinstall.

Then a few days ago the computer got the Palladium virus. Son seemed to get rid of that yet I was continually redirected to other sites/ads.
In poking around the web, son seems to think I might have a Google redirect virus, which would mean he'd have to mess around with the registry and he doesn't feel comfortable doing that without help.

Yesterday we thought to just reinstall Windows XP again and the disc would not read CD/dvd drive like it had the week prior. Tried the disc on his computer and it did work. Yet the Toshiba recovery disc did read. So could that be part of the virus?

I'm hurrying along, fearful that my computer will go into Offline mode again, but I'd be so grateful for any help. Please.

Thank you extra!
Deborah

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/01/22 13:53
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA035000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xEDEE0000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF3574000   Size: 49152   File Visible: No   Signed: -
Status: -

SSDT
-------------------
#: 017   Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa056728

#: 025   Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d7ea

#: 041   Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d6a2

#: 063   Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05dca8

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05dbbe

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d276

#: 083   Function Name: NtFreeVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa0567d8

#: 119   Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d77e

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d1b2

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d218

#: 137   Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa056870

#: 177   Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d8c2

#: 192   Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05dd76

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05d880

#: 247   Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa05da04

==EOF==

Logfile of random's system information tool 1.08 (written by random/random)
Run by Deborah at 2011-01-22 13:44:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 81 GB (84%) free of 95 GB
Total RAM: 1014 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:37 PM, on 1/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Deborah\Desktop\RSIT.exe
C:\Program Files\trend micro\Deborah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 5077 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]
Search Toolbar - C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08 271024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9D425283-D487-4337-BAB6-AB8354A81457} - Search Toolbar - C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08 271024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzukaseveguko]
C:\WINDOWS\dmol20.dll,Startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2004-08-28 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-01-22 13:44:22 ----D---- C:\Program Files\trend micro
2011-01-22 13:44:21 ----D---- C:\rsit
2011-01-22 13:41:38 ----D---- C:\WINDOWS\ERDNT
2011-01-22 13:40:22 ----D---- C:\Program Files\ERUNT
2011-01-21 10:48:05 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-01-21 10:42:30 ----D---- C:\Program Files\Microsoft Security Client
2011-01-21 09:41:31 ----ASH---- C:\hiberfil.sys
2011-01-20 14:51:30 ----A---- C:\WINDOWS\system32\drivers\hwukw.sys
2011-01-20 14:07:57 ----A---- C:\WINDOWS\system32\MAI44.tmp
2011-01-19 20:51:14 ----DC---- C:\WINDOWS\ie7
2011-01-19 20:51:01 ----DC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2011-01-19 20:50:32 ----DC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2011-01-19 19:09:42 ----D---- C:\Documents and Settings\Deborah\Application Data\AdobeUM
2011-01-19 11:43:51 ----D---- C:\Documents and Settings\Deborah\Application Data\Malwarebytes
2011-01-19 11:32:43 ----A---- C:\WINDOWS\system32\drivers\khsdgkc.sys
2011-01-19 10:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-19 10:55:52 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-19 10:55:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-19 10:55:49 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-19 10:40:44 ----SHD---- C:\WINDOWS\CSC
2011-01-19 10:40:35 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-19 08:41:23 ----D---- C:\WINDOWS\system32\%APPDATA%
2011-01-19 04:21:29 ----D---- C:\Program Files\Search Toolbar
2011-01-19 02:26:09 ----D---- C:\WINDOWS\Sun
2011-01-17 14:12:52 ----D---- C:\WINDOWS\system32\LogFiles
2011-01-17 13:25:04 ----D---- C:\WINDOWS\pss
2011-01-17 03:06:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-01-17 03:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-01-17 03:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-01-17 03:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2011-01-17 03:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-01-17 03:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-01-17 03:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-01-17 03:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2011-01-17 03:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-01-17 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-01-17 03:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-01-17 03:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2011-01-17 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-01-17 03:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-01-17 03:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-01-17 03:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-01-17 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2011-01-17 03:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-01-17 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-01-17 03:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-01-17 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-01-17 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-01-17 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-01-17 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2011-01-17 03:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-17 03:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2011-01-17 03:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2416400$
2011-01-17 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2011-01-17 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-01-17 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-01-17 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-01-17 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-01-17 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-01-16 00:11:07 ----D---- C:\bb85e9859d581b9ef0a8a5db
2011-01-15 23:56:14 ----A---- C:\WINDOWS\system32\drivers\point32.sys
2011-01-15 23:56:06 ----D---- C:\Program Files\Microsoft IntelliPoint
2011-01-15 23:55:01 ----D---- C:\0715103adab881ced1b2d8eaedfc22b3
2011-01-15 20:22:23 ----D---- C:\Documents and Settings\Deborah\Application Data\Macromedia
2011-01-15 19:16:46 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-01-15 19:16:44 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-01-15 19:16:41 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-01-15 10:20:57 ----D---- C:\WINDOWS\Prefetch
2011-01-15 10:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2011-01-15 10:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-01-15 10:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-01-15 10:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-01-15 10:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-01-15 10:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-01-15 10:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-01-15 10:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-01-15 10:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-01-15 10:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-01-15 10:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-01-15 10:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-01-15 10:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-01-15 10:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-01-15 10:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-01-15 10:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-01-15 10:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-01-15 10:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-01-15 10:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-01-15 10:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-01-15 10:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-01-15 10:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-01-15 10:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-01-15 10:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-01-15 10:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-01-15 10:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-01-15 10:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-01-15 10:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-01-15 10:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-01-15 10:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-01-15 10:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-01-15 10:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-01-15 10:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-01-15 10:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-01-15 10:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-01-15 10:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-01-15 10:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-01-15 10:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-01-15 10:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-01-15 10:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-01-15 10:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-01-15 10:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-01-15 10:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-01-15 10:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-01-15 10:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-01-15 10:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-01-15 10:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-01-15 10:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-01-15 10:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-01-15 10:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-01-15 10:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-01-15 10:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-01-15 10:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-01-15 10:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-01-15 10:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-01-15 10:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-01-15 10:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-01-15 10:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-01-15 10:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-01-15 10:01:40 ----D---- C:\WINDOWS\system32\scripting
2011-01-15 10:01:40 ----D---- C:\WINDOWS\system32\en-us
2011-01-15 10:01:40 ----D---- C:\WINDOWS\l2schemas
2011-01-15 10:01:39 ----D---- C:\WINDOWS\system32\en
2011-01-15 10:01:39 ----D---- C:\WINDOWS\system32\bits
2011-01-15 09:56:42 ----D---- C:\WINDOWS\network diagnostic
2011-01-15 09:52:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-01-15 09:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2011-01-15 09:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2011-01-15 09:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2011-01-15 09:28:44 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-01-15 09:28:43 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-01-15 09:28:43 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-01-15 09:28:43 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-01-15 09:28:43 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-01-15 09:28:43 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-01-15 09:28:36 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-01-15 09:28:36 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-01-15 09:28:36 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-01-15 09:28:36 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-01-15 09:28:35 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-01-15 09:28:34 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-01-15 09:28:33 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-01-15 09:28:33 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-01-15 09:28:32 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-01-15 09:28:32 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-01-15 09:28:32 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-01-15 09:28:27 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-01-15 09:28:20 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-01-15 09:28:20 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-01-15 09:28:20 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-01-15 09:26:58 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-01-15 08:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2011-01-15 00:59:35 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-15 00:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2011-01-15 00:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2011-01-15 00:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2011-01-15 00:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2011-01-15 00:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2011-01-15 00:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2011-01-15 00:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-01-15 00:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-01-15 00:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2011-01-15 00:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-01-15 00:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978542_0$
2011-01-15 00:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2011-01-15 00:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2011-01-15 00:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2011-01-15 00:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2011-01-15 00:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2011-01-15 00:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-01-15 00:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2011-01-15 00:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2011-01-15 00:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2011-01-15 00:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2011-01-15 00:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2011-01-15 00:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2011-01-15 00:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2011-01-15 00:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2011-01-15 00:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2011-01-15 00:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-01-15 00:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2011-01-15 00:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2011-01-15 00:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2011-01-15 00:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-01-15 00:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2011-01-15 00:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2011-01-15 00:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2011-01-15 00:55:03 ----D---- C:\Program Files\MSXML 4.0
2011-01-15 00:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2011-01-15 00:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-01-15 00:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2011-01-15 00:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2011-01-15 00:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2011-01-15 00:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-01-15 00:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2011-01-15 00:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-01-15 00:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2011-01-15 00:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2011-01-15 00:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2011-01-15 00:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2011-01-15 00:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2011-01-15 00:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2011-01-15 00:53:04 ----D---- C:\WINDOWS\ServicePackFiles
2011-01-15 00:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2011-01-15 00:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2011-01-15 00:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2011-01-15 00:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2011-01-15 00:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2011-01-15 00:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2011-01-15 00:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2011-01-15 00:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2011-01-15 00:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2011-01-15 00:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2011-01-15 00:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2011-01-15 00:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2011-01-15 00:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2011-01-15 00:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2011-01-15 00:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2011-01-15 00:51:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2011-01-15 00:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2011-01-15 00:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2011-01-15 00:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2011-01-15 00:51:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2011-01-15 00:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2011-01-15 00:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2011-01-15 00:50:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2011-01-15 00:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2011-01-15 00:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2011-01-15 00:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2011-01-15 00:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2011-01-15 00:50:01 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2011-01-15 00:47:42 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-01-15 00:41:27 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2011-01-15 00:40:06 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-01-15 00:39:51 ----N---- C:\WINDOWS\kb913800.exe
2011-01-15 00:36:43 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-01-15 00:36:21 ----D---- C:\WINDOWS\system32\PreInstall
2011-01-15 00:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-01-14 23:50:40 ----D---- C:\Documents and Settings\Deborah\Application Data\Mozilla
2011-01-14 23:50:26 ----D---- C:\Program Files\Mozilla Firefox
2011-01-14 22:41:12 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-14 22:41:11 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-14 22:41:11 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-14 22:41:08 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-14 22:41:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-14 22:41:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-14 22:41:08 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-14 22:40:52 ----A---- C:\WINDOWS\system32\MFC71.dll
2011-01-14 22:40:52 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-14 22:40:50 ----D---- C:\Program Files\Alwil Software
2011-01-14 22:35:12 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-01-14 22:01:36 ----D---- C:\WINDOWS\system32\appmgmt
2011-01-14 21:50:14 ----A---- C:\WINDOWS\msoffice.ini
2011-01-14 21:44:34 ----ASH---- C:\Documents and Settings\Deborah\Application Data\desktop.ini
2011-01-14 21:44:32 ----SD---- C:\Documents and Settings\Deborah\Application Data\Microsoft
2011-01-14 21:44:32 ----D---- C:\Documents and Settings\Deborah\Application Data\You've Got Pictures Screensaver
2011-01-14 21:44:32 ----D---- C:\Documents and Settings\Deborah\Application Data\toshiba
2011-01-14 21:44:32 ----D---- C:\Documents and Settings\Deborah\Application Data\Intel
2011-01-14 21:44:32 ----D---- C:\Documents and Settings\Deborah\Application Data\Identities
2011-01-14 21:44:32 ----D---- C:\Documents and Settings\Deborah\Application Data\AOL
2011-01-14 21:44:32 ----D---- C:\Documents and Settings\Deborah\Application Data\Adobe
2011-01-14 21:43:50 ----A---- C:\WINDOWS\system32\results.txt
2011-01-14 21:43:46 ----A---- C:\WINDOWS\system32\drivers\AegisP.sys
2011-01-14 21:43:31 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2011-01-14 21:43:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-01-14 21:15:50 ----SHD---- C:\RECYCLER
2011-01-14 21:15:49 ----A---- C:\WINDOWS\smscfg.ini
2011-01-14 21:14:55 ----HDC---- C:\WINDOWS\$NtUninstallKB912945$
2011-01-14 21:14:23 ----D---- C:\Program Files\AVerMedia
2011-01-14 21:14:08 ----RA---- C:\WINDOWS\system32\SETBROWS.EXE
2011-01-14 21:14:08 ----RA---- C:\WINDOWS\system32\MCSysUtil.dll
2011-01-14 21:14:08 ----A---- C:\WINDOWS\system32\XML30Lib.dll
2011-01-14 21:14:08 ----A---- C:\WINDOWS\system32\MCCoreUtil.dll
2011-01-14 21:14:08 ----A---- C:\WINDOWS\system32\CSH.DLL
2011-01-14 21:14:07 ----D---- C:\Program Files\Metamail Inc
2011-01-14 21:13:36 ----D---- C:\Program Files\Common Files\InterVideo
2011-01-14 21:13:10 ----A---- C:\WINDOWS\system32\igfxres.dll
2011-01-14 21:08:32 ----SHD---- C:\System Volume Information
2011-01-14 21:08:31 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 months======

2011-01-22 13:44:22 ----D---- C:\Program Files
2011-01-22 13:42:33 ----D---- C:\WINDOWS\Temp
2011-01-22 13:41:38 ----D---- C:\WINDOWS
2011-01-22 08:27:53 ----SD---- C:\WINDOWS\Tasks
2011-01-22 00:23:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-22 00:22:57 ----D---- C:\WINDOWS\Registration
2011-01-22 00:22:47 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2011-01-22 00:22:33 ----D---- C:\WINDOWS\system32\DLA
2011-01-22 00:21:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-21 15:28:33 ----HD---- C:\WINDOWS\inf
2011-01-21 10:48:05 ----AD---- C:\WINDOWS\system32
2011-01-21 10:43:01 ----SHD---- C:\WINDOWS\Installer
2011-01-21 10:42:51 ----AD---- C:\WINDOWS\system32\drivers
2011-01-21 10:42:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-01-21 00:05:06 ----A---- C:\WINDOWS\setuplog.txt
2011-01-20 16:15:36 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-20 15:53:32 ----RASH---- C:\boot.ini
2011-01-20 15:53:32 ----A---- C:\WINDOWS\win.ini
2011-01-20 15:53:32 ----A---- C:\WINDOWS\system.ini
2011-01-20 14:28:56 ----D---- C:\WINDOWS\system32\config
2011-01-20 14:28:45 ----D---- C:\WINDOWS\system32\wbem
2011-01-20 14:28:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-20 14:28:35 ----D---- C:\Program Files\Internet Explorer
2011-01-20 14:27:17 ----D---- C:\WINDOWS\system32\Restore
2011-01-20 13:44:14 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-19 20:54:31 ----D---- C:\WINDOWS\Help
2011-01-19 20:52:37 ----D---- C:\WINDOWS\Media
2011-01-19 20:51:04 ----A---- C:\WINDOWS\imsins.BAK
2011-01-19 20:50:02 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-17 03:06:11 ----D---- C:\WINDOWS\WinSxS
2011-01-17 03:02:45 ----D---- C:\Program Files\Movie Maker
2011-01-17 03:01:03 ----D---- C:\Program Files\Outlook Express
2011-01-15 23:56:10 ----RSD---- C:\WINDOWS\Fonts
2011-01-15 19:24:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-01-15 10:41:51 ----A---- C:\WINDOWS\OEWABLog.txt
2011-01-15 10:20:12 ----D---- C:\WINDOWS\AppPatch
2011-01-15 10:20:12 ----D---- C:\Program Files\Messenger
2011-01-15 10:20:11 ----D---- C:\WINDOWS\system32\Setup
2011-01-15 10:19:17 ----D---- C:\WINDOWS\security
2011-01-15 10:01:51 ----D---- C:\WINDOWS\system32\inetsrv
2011-01-15 10:01:50 ----D---- C:\WINDOWS\ime
2011-01-15 10:01:40 ----D---- C:\WINDOWS\system32\usmt
2011-01-15 10:01:39 ----D---- C:\WINDOWS\PeerNet
2011-01-15 09:59:09 ----D---- C:\WINDOWS\system32\npp
2011-01-15 09:59:09 ----D---- C:\WINDOWS\mui
2011-01-15 09:59:08 ----D---- C:\WINDOWS\msagent
2011-01-15 09:59:06 ----D---- C:\WINDOWS\srchasst
2011-01-15 09:59:06 ----D---- C:\Program Files\NetMeeting
2011-01-15 09:59:04 ----D---- C:\WINDOWS\system32\Com
2011-01-15 09:59:02 ----D---- C:\Program Files\Windows NT
2011-01-15 09:58:58 ----D---- C:\Program Files\Common Files\System
2011-01-15 09:58:37 ----AD---- C:\WINDOWS\system32\oobe
2011-01-15 09:58:35 ----D---- C:\WINDOWS\system
2011-01-15 09:55:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-01-15 09:52:28 ----D---- C:\WINDOWS\ehome
2011-01-15 09:40:12 ----D---- C:\Program Files\Windows Media Player
2011-01-15 09:17:59 ----D---- C:\WINDOWS\Debug
2011-01-15 08:56:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-15 00:28:52 ----D---- C:\WINDOWS\SoftwareDistribution
2011-01-14 22:01:35 ----D---- C:\Program Files\TOSHIBA
2011-01-14 22:01:16 ----D---- C:\Program Files\WildTangent
2011-01-14 21:54:20 ----D---- C:\Program Files\Pure Networks
2011-01-14 21:54:20 ----D---- C:\Program Files\Common Files
2011-01-14 21:52:49 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2011-01-14 21:51:56 ----D---- C:\Program Files\GemMaster
2011-01-14 21:50:24 ----D---- C:\Program Files\Common Files\AOL
2011-01-14 21:50:24 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2011-01-14 21:44:47 ----AD---- C:\WINDOWS\I386
2011-01-14 21:44:31 ----D---- C:\Documents and Settings
2011-01-14 21:43:31 ----D---- C:\Program Files\Intel
2011-01-14 21:15:43 ----D---- C:\WINDOWS\repair
2011-01-14 21:13:31 ----D---- C:\Program Files\InterVideo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 KR10N;KR10N; C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 204160]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKslc93fa8b1;MpKslc93fa8b1; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF3835D9-70C4-4825-B856-5099FE0460AE}\MpKslc93fa8b1.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-01-14 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-12-04 27784]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-09 163328]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
S2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-01-22 13:45:41

======Uninstall list======

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Search Toolbar-->C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2416400)-->"C:\WINDOWS\$NtUninstallKB2416400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WI

Corrine · « **Reply #1 on:** January 23, 2011, 12:40:22 AM »

Hi, Deborah. Welcome to LandzDown Forum. Your son is wise not electing to mess around with the registry.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

The end of the info.txt logfile got cut off due to forum post size restrictions. I don't need to see the remaining Security Updates so with your next reply, go to C:\rsit and open info.txt. Scroll down past the list of Security Updates and copy/paste the rest of the log to the end.

Due to using the recovery disc, you have outdated, vulnerable software on your computer. This includes Java, Adobe Reader and Internet Explorer.

First, let's get the vulnerable Java off your computer. You can download the latest version later when your computer is more stable. In the meantime, I will include the download instructions here that you can refer back to later. (Then again, you may not need Java. See Do You Need Java?.)

Go to Add/Remove Programs and Uninstall J2SE Runtime Environment 5.0 Update 4

Please download JavaRa and unzip it to your desktop.

Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
Click on Remove Older Versions to remove older versions of Java.
A logfile will pop up. Please save it to a convenient location.

Now or later: download and install Java SE Runtime Environment (JRE) 6 Update 23.

Download Link: Java SE Runtime Environment 6u23

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Adobe Reader: Until it is updated, do not open any PDF files. When your computer is stable, go to http://get.adobe.com/reader/ to get the latest version. Note UNCHECK the optional McAfee® Security Scan Plus.

Internet Explorer: It doesn't matter if you primarily use an alternate browser. Again, when your computer is stable, you need to update IE.

Since you updated Firefox and not IE, I expect that is your primary browser. In that case, please download GooredFixfrom one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Let me know how your computer is now. If you have been getting the redirects with IE, please include that information in your reply.

deborahPS · « **Reply #2 on:** January 23, 2011, 05:49:43 PM »

Hello Corrine, I'm Deborah's son Matthew.
I tried to uninstall J2SE Runtime Environment 5.0 Update 4 last night and the uninstall just hung... I tried it again this morning and it uninstalled with no problems. Mom never uses IE but I think it should be up to date, I'll update that and Adobe once we're in the clear.
Thank you for your help

Matthew

GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:26 on 23/01/2011 (Deborah)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{5365ACD6-DC08-4118-8755-922CA6B5E09E} -> Success!
Deleting C:\Documents and Settings\Deborah\Local Settings\Application Data\{5365ACD6-DC08-4118-8755-922CA6B5E09E} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:50 15/01/2011]

C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\3eo2e989.default\extensions\
searchtoolbar@zugo.com [22:27 20/01/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73-->C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.8minutedating.com
127.0.0.1 whysohardx.com
127.0.0.1 protectyourpc-11.com
127.0.0.1 checkserverstatux.com
127.0.0.1 xinmin.cn
127.0.0.1 xy95.cn
127.0.0.1 koralda.com
127.0.0.1 weirden.com
127.0.0.1 nanocloudcontroller.com
127.0.0.1 coo0lnet.net

======Security center information======

AV: Microsoft Security Essentials
AV: avast! Antivirus

======System event log======

Computer Name: NONNA
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00A0D14D9BF0. The IP address being used is 169.254.7.231.

Record Number: 181
Source Name: Dhcp
Time Written: 20110115002155.000000-480
Event Type: warning
User:

Computer Name: NONNA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302D262F1. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 167
Source Name: Dhcp
Time Written: 20110115001351.000000-480
Event Type: warning
User:

Computer Name: NONNA
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 151
Source Name: Disk
Time Written: 20110115000501.000000-480
Event Type: error
User:

Computer Name: NONNA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302D262F1. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 145
Source Name: Dhcp
Time Written: 20110114235340.000000-480
Event Type: warning
User:

Computer Name: NONNA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302D262F1. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 141
Source Name: Dhcp
Time Written: 20110114235301.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: NONNA
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 56
Source Name: WinMgmt
Time Written: 20110115102300.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NONNA
Event Code: 1
Message: Service registration successful.

Record Number: 55
Source Name: Media Center Receiver
Time Written: 20110115102224.000000-480
Event Type:
User:

Computer Name: NONNA
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 50
Source Name: WinMgmt
Time Written: 20110115100231.000000-480
Event Type: warning
User: NONNA\Deborah

Computer Name: NONNA
Event Code: 1
Message: Service registration successful.

Record Number: 38
Source Name: Media Center Receiver
Time Written: 20110115014312.000000-480
Event Type:
User:

Computer Name: NONNA
Event Code: 1517
Message: Windows saved user NONNA\Deborah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 26
Source Name: Userenv
Time Written: 20110114224149.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Corrine · « **Reply #3 on:** January 23, 2011, 06:42:19 PM »

Hi, Matthew.

Did that solve the problem of the redirects?

I note that both Avast and Microsoft Security Essentials are installed. Running two antivirus software programs can result in conflicts. I suggest selecting one and uninstalling the second. In fact, I am surprised MSE installed correctly with Avast still installed.

Although the Windows Vista and Windows 7 firewall works great, on Windows XP, it is generally advisable to use a two-way firewall. Many people have found the Sunbelt Personal Firewall (formerly Kerio) works great on Windows XP. It is available from http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/

Let's see what an online scan shows. It may take a while to complete.

Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

deborahPS · « **Reply #4 on:** January 23, 2011, 09:00:25 PM »

Hello Corrine,
No we're still getting the redirects and the computer will go into offline mode. Yesterday I went into the settings for the wireless card and turned off the power saver option thinking that would do it but mom says it hasn't.

esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=141095f9a1ac1745a8c3462b5c3a1eac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-23 09:21:04
# local_time=2011-01-23 01:21:04 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 399 399 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 6909998 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52955
# found=2
# cleaned=0
# scan_time=1732
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cp3.jar-2724b8ca-12b75d25.zip Java/Agent.U trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rox.jar-42b9aebf-6fc1c323.zip Java/Agent.V trojan (unable to clean) 00000000000000000000000000000000 I

Corrine · « **Reply #5 on:** January 23, 2011, 09:11:37 PM »

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

deborahPS · « **Reply #6 on:** January 23, 2011, 11:12:49 PM »

ComboFix 11-01-22.03 - Deborah 01/23/2011 15:21:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.593 [GMT -8:00]
Running from: c:\documents and settings\Deborah\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Deborah\Application Data\completescan_pal
c:\documents and settings\Deborah\Application Data\install_pal
c:\documents and settings\Deborah\Application Data\uid_pal
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\Drivers\hwukw.sys
c:\windows\system32\Drivers\khsdgkc.sys
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 21:39 . 2008-06-21 12:54   65576   ----a-w-   c:\windows\system32\drivers\SbFwIm.sys
2011-01-23 21:39 . 2008-10-31 15:09   270888   ----a-w-   c:\windows\system32\drivers\SbFw.sys
2011-01-23 21:39 . 2011-01-23 21:39   --------   d-----w-   c:\program files\Sunbelt Software
2011-01-23 21:29 . 2011-01-20 18:39   5890896   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6BB09FAB-0D2A-4D2C-8D18-7CE419EA6086}\mpengine.dll
2011-01-23 20:18 . 2011-01-23 20:18   --------   d-----w-   c:\program files\ESET
2011-01-22 21:44 . 2011-01-22 21:45   --------   d-----w-   c:\program files\trend micro
2011-01-22 21:44 . 2011-01-22 21:45   --------   d-----w-   C:\rsit
2011-01-22 21:40 . 2011-01-22 21:40   --------   d-----w-   c:\program files\ERUNT
2011-01-22 05:44 . 2011-01-22 05:44   1409   ----a-w-   c:\windows\QTFont.for
2011-01-21 18:48 . 2010-10-19 18:41   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-21 18:42 . 2011-01-21 18:43   --------   d-----w-   c:\program files\Microsoft Security Client
2011-01-20 22:28 . 2011-01-20 22:28   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-01-20 22:07 . 2011-01-20 22:07   18297   ----a-w-   c:\windows\system32\MAI44.tmp
2011-01-19 19:55 . 2011-01-19 19:55   --------   d-s---w-   c:\documents and settings\NetworkService\UserData
2011-01-19 18:55 . 2011-01-19 18:55   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-19 18:55 . 2011-01-19 18:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 18:55 . 2010-12-21 02:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:55 . 2011-01-19 18:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:55 . 2010-12-21 02:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-19 18:41 . 2011-01-19 18:41   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-01-19 18:07 . 2011-01-23 04:18   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-19 16:41 . 2011-01-19 16:41   --------   d-----w-   c:\windows\system32\%APPDATA%
2011-01-19 12:24 . 2011-01-19 12:24   0   ----a-w-   c:\windows\Vjagu.bin
2011-01-19 10:26 . 2011-01-19 10:26   --------   d-----w-   c:\windows\Sun
2011-01-17 22:12 . 2011-01-17 22:12   --------   d-----w-   c:\windows\system32\LogFiles
2011-01-16 12:25 . 2010-09-18 06:53   974848   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-16 12:25 . 2010-09-18 06:53   954368   -c----w-   c:\windows\system32\dllcache\mfc40.dll
2011-01-16 12:25 . 2010-09-18 06:53   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-16 12:24 . 2010-08-23 16:12   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-16 12:22 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-16 12:17 . 2009-08-13 15:16   512000   -c----w-   c:\windows\system32\dllcache\jscript.dll
2011-01-16 12:17 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-01-16 08:11 . 2011-01-16 08:11   --------   d-----w-   C:\bb85e9859d581b9ef0a8a5db
2011-01-16 07:56 . 2008-12-04 19:34   27784   ----a-w-   c:\windows\system32\drivers\point32.sys
2011-01-16 07:56 . 2011-01-16 07:56   --------   d-----w-   c:\program files\Microsoft IntelliPoint
2011-01-16 07:55 . 2011-01-16 08:10   --------   d-----w-   C:\0715103adab881ced1b2d8eaedfc22b3
2011-01-16 03:16 . 2001-08-17 21:48   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2011-01-16 03:16 . 2001-08-17 21:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2011-01-16 03:16 . 2008-04-14 00:11   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2011-01-16 03:16 . 2008-04-14 00:11   21504   ----a-w-   c:\windows\system32\hidserv.dll
2011-01-16 03:16 . 2008-04-13 18:45   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2011-01-16 03:16 . 2008-04-13 18:45   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\system32\scripting
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\l2schemas
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\system32\en
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\system32\bits
2011-01-15 17:26 . 2004-08-04 06:29   73216   ------w-   c:\windows\system32\drivers\atintuxx.sys
2011-01-15 16:55 . 2011-01-23 20:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-15 08:55 . 2011-01-15 08:55   --------   d-----w-   c:\program files\MSXML 4.0
2011-01-15 08:53 . 2011-01-15 17:59   --------   d-----w-   c:\windows\ServicePackFiles
2011-01-15 08:49 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-01-15 08:46 . 2010-02-24 13:11   455680   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-01-15 08:46 . 2010-06-18 13:36   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2011-01-15 08:46 . 2010-08-26 13:39   357248   -c----w-   c:\windows\system32\dllcache\srv.sys
2011-01-15 08:45 . 2010-08-27 08:02   119808   -c----w-   c:\windows\system32\dllcache\t2embed.dll
2011-01-15 08:45 . 2009-10-15 16:28   81920   -c----w-   c:\windows\system32\dllcache\fontsub.dll
2011-01-15 08:45 . 2009-11-21 15:51   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2011-01-15 08:43 . 2009-06-21 21:44   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2011-01-15 08:42 . 2009-06-10 17:19   2066432   -c----w-   c:\windows\system32\dllcache\mstscax.dll
2011-01-15 08:40 . 2010-06-14 07:41   1172480   -c----w-   c:\windows\system32\dllcache\msxml3.dll
2011-01-15 08:40 . 2008-10-15 16:34   337408   -c----w-   c:\windows\system32\dllcache\netapi32.dll
2011-01-15 08:40 . 2008-05-01 14:33   331776   -c----w-   c:\windows\system32\dllcache\msadce.dll
2011-01-15 08:40 . 2008-06-13 11:05   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2011-01-15 08:40 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2011-01-15 08:40 . 2008-05-08 14:02   203136   -c----w-   c:\windows\system32\dllcache\rmcast.sys
2011-01-15 08:39 . 2006-03-21 03:23   23040   ------w-   c:\windows\kb913800.exe
2011-01-15 06:40 . 2004-01-09 09:13   380928   ----a-w-   c:\windows\system32\actskin4.ocx
2011-01-15 06:40 . 2003-03-18 20:20   1060864   ----a-w-   c:\windows\system32\MFC71.dll
2011-01-15 06:40 . 2011-01-15 16:56   --------   d-----w-   c:\program files\Alwil Software
2011-01-15 05:44 . 2011-01-20 22:28   --------   d-----w-   c:\documents and settings\Deborah
2011-01-15 05:44 . 2011-01-15 05:14   45056   ----a-r-   c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2011-01-15 05:44 . 2006-02-16 09:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\AOL
2011-01-15 05:44 . 2006-02-16 09:56   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2011-01-15 05:44 . 2006-02-16 09:18   --------   d-----w-   c:\windows\system32\config\systemprofile\WINDOWS
2011-01-15 05:44 . 2006-02-16 09:18   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\toshiba
2011-01-15 05:43 . 2011-01-15 05:43   21275   ----a-w-   c:\windows\system32\drivers\AegisP.sys
2011-01-15 05:43 . 2011-01-15 05:43   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Intel
2011-01-15 05:43 . 2011-01-15 05:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\Intel
2011-01-15 05:43 . 2011-01-15 05:43   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Intel
2011-01-15 05:43 . 2011-01-16 07:56   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-01-15 05:42 . 2006-02-16 09:18   --------   d-----w-   c:\documents and settings\Default User\WINDOWS
2011-01-15 05:14 . 2011-01-15 05:14   --------   d-----w-   c:\program files\AVerMedia
2011-01-15 05:14 . 2011-01-15 05:14   45056   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2011-01-15 05:14 . 2006-01-26 19:28   69632   ----a-r-   c:\windows\system32\MCSysUtil.dll
2011-01-15 05:14 . 2006-01-26 19:25   135168   ----a-w-   c:\windows\system32\XML30Lib.dll
2011-01-15 05:14 . 2006-01-26 19:24   163840   ----a-w-   c:\windows\system32\MCCoreUtil.dll
2011-01-15 05:14 . 2006-01-26 18:04   50176   ----a-w-   c:\windows\system32\CSH.DLL
2011-01-15 05:14 . 2005-07-06 22:44   4528   ----a-r-   c:\windows\system32\SETBROWS.EXE
2011-01-15 05:14 . 2011-01-15 05:14   --------   d-----w-   c:\program files\Metamail Inc
2011-01-15 05:13 . 2011-01-15 05:13   --------   d-----w-   c:\program files\Common Files\InterVideo
2011-01-15 05:13 . 2005-11-28 05:51   135168   ----a-w-   c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2006-02-15 15:36   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-02-15 14:03   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2006-02-15 14:04   667136   ----a-w-   c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2006-02-15 14:04   61952   ----a-w-   c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2006-02-15 14:02   81920   ----a-w-   c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2006-02-15 14:02   369664   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-02-15 14:03   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-15 14:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-15 14:04   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-15 14:29   88203   ----a-w-   c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-10-06 13:20   122940   ----a-w-   c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52   77824   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55   118784   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55   98304   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 20:56   1406024   ----a-w-   c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 19:41   602182   ----a-w-   c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 20:37   667718   ----a-w-   c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2004-08-18 11:37   184320   ----a-w-   c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 01:37   151552   ----a-w-   c:\toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13   122880   ----a-w-   c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-12-16 08:32   761945   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-12-16 08:34   82009   ----a-w-   c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2005-03-11 23:03   73728   ----a-w-   c:\windows\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02   352256   ----a-w-   c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32   65536   ----a-w-   c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00   282624   ----a-w-   c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25   73728   ----a-w-   c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/23/2011 1:39 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/23/2011 1:39 PM 65576]
.
Contents of the 'Scheduled Tasks' folder

2011-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Deborah\Application Data\Mozilla\Firefox\Profiles\3eo2e989.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Dzukaseveguko - c:\windows\dmol20.dll
MSConfigStartUp-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
MSConfigStartUp-TFncKy - TFncKy.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 15:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9SA00 rev.MBZOC60R -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EC2555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ec87b0]; MOV EAX, [0x86ec882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F48AB8]
3 CLASSPNP[0xF7560FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000081[0x86E9B030]
5 ACPI[0xF74B7620] -> nt!IofCallDriver[0x804E37D5] -> [0x86EE7320]
\Driver\atapi[0x86EF81F0] -> IRP_MJ_CREATE -> 0x86EC2555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS541010G9SA00_________________________MBZOC60R#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86EC239B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-23 15:37:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-23 23:37

Pre-Run: 84,267,819,008 bytes free
Post-Run: 84,294,307,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - EE340D0EF2499CF83FC92D8BA4587810

Corrine · « **Reply #7 on:** January 24, 2011, 12:15:25 AM »

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

deborahPS · « **Reply #8 on:** January 24, 2011, 12:37:56 AM »

2011/01/23 17:32:17.0500   TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/23 17:32:17.0500   ================================================================================
2011/01/23 17:32:17.0500   SystemInfo:
2011/01/23 17:32:17.0500
2011/01/23 17:32:17.0500   OS Version: 5.1.2600 ServicePack: 3.0
2011/01/23 17:32:17.0500   Product type: Workstation
2011/01/23 17:32:17.0500   ComputerName: NONNA
2011/01/23 17:32:17.0500   UserName: Deborah
2011/01/23 17:32:17.0500   Windows directory: C:\WINDOWS
2011/01/23 17:32:17.0500   System windows directory: C:\WINDOWS
2011/01/23 17:32:17.0500   Processor architecture: Intel x86
2011/01/23 17:32:17.0500   Number of processors: 1
2011/01/23 17:32:17.0500   Page size: 0x1000
2011/01/23 17:32:17.0500   Boot type: Normal boot
2011/01/23 17:32:17.0500   ================================================================================
2011/01/23 17:32:23.0609   Initialize success
2011/01/23 17:32:40.0546   ================================================================================
2011/01/23 17:32:40.0546   Scan started
2011/01/23 17:32:40.0546   Mode: Manual;
2011/01/23 17:32:40.0546   ================================================================================
2011/01/23 17:32:40.0937   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/23 17:32:41.0000   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/23 17:32:41.0078   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/23 17:32:41.0140   AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/23 17:32:41.0203   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/23 17:32:41.0296   AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/23 17:32:41.0578   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/23 17:32:41.0671   ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/23 17:32:41.0734   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/23 17:32:41.0843   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/23 17:32:41.0890   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/23 17:32:41.0937   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/23 17:32:41.0984   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/23 17:32:42.0046   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/23 17:32:42.0109   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/23 17:32:42.0156   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/23 17:32:42.0218   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/23 17:32:42.0421   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/23 17:32:42.0515   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/23 17:32:42.0656   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/23 17:32:42.0718   DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/23 17:32:42.0765   DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/23 17:32:42.0828   DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/01/23 17:32:42.0875   DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/23 17:32:42.0906   DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/23 17:32:42.0937   DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/23 17:32:42.0984   DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/01/23 17:32:43.0031   DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/23 17:32:43.0062   DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/23 17:32:43.0140   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/23 17:32:43.0343   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/23 17:32:43.0390   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/23 17:32:43.0453   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/23 17:32:43.0500   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/23 17:32:43.0593   DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/23 17:32:43.0671   DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/23 17:32:44.0093   E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/23 17:32:44.0140   e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/01/23 17:32:44.0203   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/23 17:32:44.0265   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/23 17:32:44.0453   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/23 17:32:44.0515   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/23 17:32:44.0593   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/23 17:32:44.0687   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/23 17:32:44.0734   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/23 17:32:44.0812   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/23 17:32:44.0875   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/23 17:32:44.0937   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/23 17:32:45.0125   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/23 17:32:45.0250   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/23 17:32:45.0375   ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/23 17:32:45.0609   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/23 17:32:46.0031   IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/23 17:32:46.0390   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/23 17:32:46.0453   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/23 17:32:46.0500   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/23 17:32:46.0531   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/23 17:32:46.0593   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/23 17:32:46.0656   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/23 17:32:46.0703   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/23 17:32:46.0750   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/23 17:32:46.0796   Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/01/23 17:32:46.0859   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/23 17:32:46.0937   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/23 17:32:47.0140   KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/01/23 17:32:47.0234   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/23 17:32:47.0359   meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/01/23 17:32:47.0406   MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/23 17:32:47.0453   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/23 17:32:47.0531   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/23 17:32:47.0671   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/23 17:32:47.0828   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/23 17:32:47.0906   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/23 17:32:47.0984   MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/01/23 17:32:48.0171   MpKslade72b90 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF936264-EB68-4D07-862F-8D4A469A1A8E}\MpKslade72b90.sys
2011/01/23 17:32:48.0250   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/23 17:32:48.0453   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/23 17:32:48.0531   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/23 17:32:48.0593   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/23 17:32:48.0609   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/23 17:32:48.0640   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/23 17:32:48.0671   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/23 17:32:48.0718   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/23 17:32:48.0843   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/23 17:32:48.0890   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/23 17:32:48.0968   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/23 17:32:49.0078   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/23 17:32:49.0125   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/23 17:32:49.0187   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/23 17:32:49.0250   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/23 17:32:49.0328   Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/01/23 17:32:49.0390   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/23 17:32:49.0453   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/23 17:32:49.0531   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/23 17:32:49.0718   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/23 17:32:49.0765   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/23 17:32:49.0781   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/23 17:32:49.0859   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/23 17:32:49.0953   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/23 17:32:50.0031   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/23 17:32:50.0062   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/23 17:32:50.0140   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/23 17:32:50.0187   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/23 17:32:50.0281   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/23 17:32:50.0468   Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/01/23 17:32:50.0656   Point32 (7e6ee233b06a921f44e98720990f1f75) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/01/23 17:32:50.0687   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/23 17:32:50.0718   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/23 17:32:50.0750   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/23 17:32:50.0796   PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/23 17:32:50.0937   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/23 17:32:51.0000   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/23 17:32:51.0062   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/23 17:32:51.0093   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/23 17:32:51.0156   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/23 17:32:51.0234   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/23 17:32:51.0296   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/23 17:32:51.0343   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/23 17:32:51.0468   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/23 17:32:51.0640   s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/01/23 17:32:51.0718   SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
2011/01/23 17:32:51.0796   SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2011/01/23 17:32:51.0859   sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2011/01/23 17:32:51.0953   sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/23 17:32:52.0015   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/23 17:32:52.0109   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/23 17:32:52.0296   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/01/23 17:32:52.0390   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/23 17:32:52.0484   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/23 17:32:52.0578   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/23 17:32:52.0703   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/23 17:32:52.0765   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/23 17:32:52.0906   SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/23 17:32:52.0953   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/23 17:32:53.0000   tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/01/23 17:32:53.0140   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/23 17:32:53.0203   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/23 17:32:53.0250   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/23 17:32:53.0328   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/23 17:32:53.0421   tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2011/01/23 17:32:53.0531   tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/01/23 17:32:53.0562   TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/01/23 17:32:53.0609   Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/01/23 17:32:53.0703   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/23 17:32:53.0765   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/23 17:32:53.0828   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/23 17:32:53.0859   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/23 17:32:53.0921   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/23 17:32:53.0968   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/23 17:32:54.0078   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/23 17:32:54.0187   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/23 17:32:54.0328   w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/01/23 17:32:54.0468   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/23 17:32:54.0546   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/23 17:32:54.0640   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/23 17:32:54.0843   \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/23 17:32:54.0859   ================================================================================
2011/01/23 17:32:54.0859   Scan finished
2011/01/23 17:32:54.0859   ================================================================================
2011/01/23 17:32:54.0875   Detected object count: 1
2011/01/23 17:33:18.0875   \HardDisk1 - will be cured after reboot
2011/01/23 17:33:18.0875   Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/01/23 17:33:22.0734   Deinitialize success

Corrine · « **Reply #9 on:** January 24, 2011, 12:45:20 AM »

I'll bet things are getting better now.

Its been a long day and I need fresh eyes to take a closer look at the ComboFix log so will probably not have further instructions until tomorrow. In the meantime, Matthew, did you or your Mom create this directory in System32? c:\windows\system32\LogFiles That is not a normal location for creating folders.

deborahPS · « **Reply #10 on:** January 24, 2011, 01:16:39 AM »

Yeah things are running better... you are correct that's not normal. I nor my mom made the dir for logfiles

Corrine · « **Reply #11 on:** January 24, 2011, 01:37:54 AM »

Let's see what is in that folder.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code: [Select]

DirLook::
c:\windows\system32\LogFiles

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

deborahPS · « **Reply #12 on:** January 24, 2011, 02:23:57 AM »

ComboFix 11-01-23.03 - Deborah 01/23/2011 19:12:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.643 [GMT -8:00]
Running from: c:\documents and settings\Deborah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Deborah\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 01:35 . 2011-01-24 01:35   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF936264-EB68-4D07-862F-8D4A469A1A8E}\MpKsl44d8fa75.sys
2011-01-24 00:10 . 2011-01-20 18:39   5890896   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF936264-EB68-4D07-862F-8D4A469A1A8E}\mpengine.dll
2011-01-23 21:39 . 2008-06-21 12:54   65576   ----a-w-   c:\windows\system32\drivers\SbFwIm.sys
2011-01-23 21:39 . 2008-10-31 15:09   270888   ----a-w-   c:\windows\system32\drivers\SbFw.sys
2011-01-23 21:39 . 2011-01-23 21:39   --------   d-----w-   c:\program files\Sunbelt Software
2011-01-23 20:18 . 2011-01-23 20:18   --------   d-----w-   c:\program files\ESET
2011-01-22 21:44 . 2011-01-22 21:45   --------   d-----w-   c:\program files\trend micro
2011-01-22 21:44 . 2011-01-22 21:45   --------   d-----w-   C:\rsit
2011-01-22 21:40 . 2011-01-22 21:40   --------   d-----w-   c:\program files\ERUNT
2011-01-22 05:44 . 2011-01-22 05:44   1409   ----a-w-   c:\windows\QTFont.for
2011-01-21 18:48 . 2010-10-19 18:41   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-21 18:42 . 2011-01-21 18:43   --------   d-----w-   c:\program files\Microsoft Security Client
2011-01-20 22:28 . 2011-01-20 22:28   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-01-20 22:07 . 2011-01-20 22:07   18297   ----a-w-   c:\windows\system32\MAI44.tmp
2011-01-19 19:55 . 2011-01-19 19:55   --------   d-s---w-   c:\documents and settings\NetworkService\UserData
2011-01-19 18:55 . 2011-01-19 18:55   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-19 18:55 . 2011-01-19 18:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-19 18:55 . 2010-12-21 02:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 18:55 . 2011-01-19 18:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-01-19 18:55 . 2010-12-21 02:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-19 18:41 . 2011-01-19 18:41   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-01-19 18:07 . 2011-01-23 04:18   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-19 16:41 . 2011-01-19 16:41   --------   d-----w-   c:\windows\system32\%APPDATA%
2011-01-19 12:24 . 2011-01-19 12:24   0   ----a-w-   c:\windows\Vjagu.bin
2011-01-19 10:26 . 2011-01-19 10:26   --------   d-----w-   c:\windows\Sun
2011-01-17 22:12 . 2011-01-17 22:12   --------   d-----w-   c:\windows\system32\LogFiles
2011-01-16 12:25 . 2010-09-18 06:53   974848   -c----w-   c:\windows\system32\dllcache\mfc42.dll
2011-01-16 12:25 . 2010-09-18 06:53   954368   -c----w-   c:\windows\system32\dllcache\mfc40.dll
2011-01-16 12:25 . 2010-09-18 06:53   953856   -c----w-   c:\windows\system32\dllcache\mfc40u.dll
2011-01-16 12:24 . 2010-08-23 16:12   617472   -c----w-   c:\windows\system32\dllcache\comctl32.dll
2011-01-16 12:22 . 2010-11-02 15:17   40960   -c----w-   c:\windows\system32\dllcache\ndproxy.sys
2011-01-16 12:17 . 2009-08-13 15:16   512000   -c----w-   c:\windows\system32\dllcache\jscript.dll
2011-01-16 12:17 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-01-16 08:11 . 2011-01-16 08:11   --------   d-----w-   C:\bb85e9859d581b9ef0a8a5db
2011-01-16 07:56 . 2008-12-04 19:34   27784   ----a-w-   c:\windows\system32\drivers\point32.sys
2011-01-16 07:56 . 2011-01-16 07:56   --------   d-----w-   c:\program files\Microsoft IntelliPoint
2011-01-16 07:55 . 2011-01-16 08:10   --------   d-----w-   C:\0715103adab881ced1b2d8eaedfc22b3
2011-01-16 03:16 . 2001-08-17 21:48   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2011-01-16 03:16 . 2001-08-17 21:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2011-01-16 03:16 . 2008-04-14 00:11   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2011-01-16 03:16 . 2008-04-14 00:11   21504   ----a-w-   c:\windows\system32\hidserv.dll
2011-01-16 03:16 . 2008-04-13 18:45   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2011-01-16 03:16 . 2008-04-13 18:45   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\system32\scripting
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\l2schemas
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\system32\en
2011-01-15 18:01 . 2011-01-15 18:01   --------   d-----w-   c:\windows\system32\bits
2011-01-15 17:26 . 2004-08-04 06:29   73216   ------w-   c:\windows\system32\drivers\atintuxx.sys
2011-01-15 16:55 . 2011-01-23 20:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-15 08:55 . 2011-01-15 08:55   --------   d-----w-   c:\program files\MSXML 4.0
2011-01-15 08:53 . 2011-01-15 17:59   --------   d-----w-   c:\windows\ServicePackFiles
2011-01-15 08:49 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2011-01-15 08:46 . 2010-02-24 13:11   455680   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2011-01-15 08:46 . 2010-06-18 13:36   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe
2011-01-15 08:46 . 2010-08-26 13:39   357248   -c----w-   c:\windows\system32\dllcache\srv.sys
2011-01-15 08:45 . 2010-08-27 08:02   119808   -c----w-   c:\windows\system32\dllcache\t2embed.dll
2011-01-15 08:45 . 2009-10-15 16:28   81920   -c----w-   c:\windows\system32\dllcache\fontsub.dll
2011-01-15 08:45 . 2009-11-21 15:51   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2011-01-15 08:43 . 2009-06-21 21:44   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2011-01-15 08:42 . 2009-06-10 17:19   2066432   -c----w-   c:\windows\system32\dllcache\mstscax.dll
2011-01-15 08:40 . 2010-06-14 07:41   1172480   -c----w-   c:\windows\system32\dllcache\msxml3.dll
2011-01-15 08:40 . 2008-10-15 16:34   337408   -c----w-   c:\windows\system32\dllcache\netapi32.dll
2011-01-15 08:40 . 2008-05-01 14:33   331776   -c----w-   c:\windows\system32\dllcache\msadce.dll
2011-01-15 08:40 . 2008-06-13 11:05   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2011-01-15 08:40 . 2008-06-13 11:05   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2011-01-15 08:40 . 2008-05-08 14:02   203136   -c----w-   c:\windows\system32\dllcache\rmcast.sys
2011-01-15 08:39 . 2006-03-21 03:23   23040   ------w-   c:\windows\kb913800.exe
2011-01-15 06:40 . 2004-01-09 09:13   380928   ----a-w-   c:\windows\system32\actskin4.ocx
2011-01-15 06:40 . 2003-03-18 20:20   1060864   ----a-w-   c:\windows\system32\MFC71.dll
2011-01-15 06:40 . 2011-01-15 16:56   --------   d-----w-   c:\program files\Alwil Software
2011-01-15 05:44 . 2011-01-20 22:28   --------   d-----w-   c:\documents and settings\Deborah
2011-01-15 05:44 . 2011-01-15 05:14   45056   ----a-r-   c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2011-01-15 05:44 . 2006-02-16 09:59   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\AOL
2011-01-15 05:44 . 2006-02-16 09:56   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2011-01-15 05:44 . 2006-02-16 09:18   --------   d-----w-   c:\windows\system32\config\systemprofile\WINDOWS
2011-01-15 05:44 . 2006-02-16 09:18   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\toshiba
2011-01-15 05:43 . 2011-01-15 05:43   21275   ----a-w-   c:\windows\system32\drivers\AegisP.sys
2011-01-15 05:43 . 2011-01-15 05:43   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Intel
2011-01-15 05:43 . 2011-01-15 05:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\Intel
2011-01-15 05:43 . 2011-01-15 05:43   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Intel
2011-01-15 05:43 . 2011-01-16 07:56   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-01-15 05:42 . 2006-02-16 09:18   --------   d-----w-   c:\documents and settings\Default User\WINDOWS
2011-01-15 05:14 . 2011-01-15 05:14   --------   d-----w-   c:\program files\AVerMedia
2011-01-15 05:14 . 2011-01-15 05:14   45056   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2011-01-15 05:14 . 2006-01-26 19:28   69632   ----a-r-   c:\windows\system32\MCSysUtil.dll
2011-01-15 05:14 . 2006-01-26 19:25   135168   ----a-w-   c:\windows\system32\XML30Lib.dll
2011-01-15 05:14 . 2006-01-26 19:24   163840   ----a-w-   c:\windows\system32\MCCoreUtil.dll
2011-01-15 05:14 . 2006-01-26 18:04   50176   ----a-w-   c:\windows\system32\CSH.DLL
2011-01-15 05:14 . 2005-07-06 22:44   4528   ----a-r-   c:\windows\system32\SETBROWS.EXE
2011-01-15 05:14 . 2011-01-15 05:14   --------   d-----w-   c:\program files\Metamail Inc
2011-01-15 05:13 . 2011-01-15 05:13   --------   d-----w-   c:\program files\Common Files\InterVideo
2011-01-15 05:13 . 2005-11-28 05:51   135168   ----a-w-   c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2006-02-15 15:36   81920   ----a-w-   c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-02-15 14:03   249856   ----a-w-   c:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2006-02-15 14:04   667136   ----a-w-   c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2006-02-15 14:04   61952   ----a-w-   c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2006-02-15 14:02   81920   ----a-w-   c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2006-02-15 14:02   369664   ----a-w-   c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-02-15 14:03   40960   ----a-w-   c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-15 14:02   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-15 14:04   1853312   ----a-w-   c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\LogFiles ----

2011-01-17 22:12 . 2011-01-23 21:39   5766   ----a-w-   c:\windows\system32\LogFiles\HTTPERR\httperr1.log

((((((((((((((((((((((((((((( SnapShot@2011-01-23_23.32.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-15 14:03 . 2011-01-24 01:38   61440 c:\windows\system32\perfc009.dat
- 2006-02-15 14:03 . 2011-01-23 23:24   61440 c:\windows\system32\perfc009.dat
+ 2006-02-15 14:03 . 2011-01-24 01:38   399284 c:\windows\system32\perfh009.dat
- 2006-02-15 14:03 . 2011-01-23 23:24   399284 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-10-15 14:29   88203   ----a-w-   c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-10-06 13:20   122940   ----a-w-   c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52   77824   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55   118784   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55   98304   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 20:56   1406024   ----a-w-   c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-11-28 19:41   602182   ----a-w-   c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-05 20:37   667718   ----a-w-   c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2004-08-18 11:37   184320   ----a-w-   c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-18 01:37   151552   ----a-w-   c:\toshiba\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13   122880   ----a-w-   c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-12-16 08:32   761945   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-12-16 08:34   82009   ----a-w-   c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2005-03-11 23:03   73728   ----a-w-   c:\windows\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02   352256   ----a-w-   c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32   65536   ----a-w-   c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-06-01 05:00   282624   ----a-w-   c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 20:25   73728   ----a-w-   c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 MpKsl44d8fa75;MpKsl44d8fa75;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF936264-EB68-4D07-862F-8D4A469A1A8E}\MpKsl44d8fa75.sys [1/23/2011 5:35 PM 28752]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/23/2011 1:39 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/23/2011 1:39 PM 65576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL44D8FA75
.
Contents of the 'Scheduled Tasks' folder

2011-01-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Deborah\Application Data\Mozilla\Firefox\Profiles\3eo2e989.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-01-23 19:21:32
ComboFix-quarantined-files.txt 2011-01-24 03:21
ComboFix2.txt 2011-01-23 23:37

Pre-Run: 84,374,466,560 bytes free
Post-Run: 84,356,210,688 bytes free

- - End Of File - - 1C99CE6E06AD61D9E27E81F759A97A3E

deborahPS · « **Reply #13 on:** January 24, 2011, 04:42:19 PM »

Hi Corrine, mom's computer is running beautifully.

I've updated Java,adobe, and IE before I went to bed.
Mom said I'm good at fixing this stuff, but you are awesome Corrine. Thank you so much.
Oh quick question: I have a flash drive that has a backup of moms bookmarks,pic, ect... can you think of any useful programs that I should get? Keeping my eye open for the next step?
Again, your hard work helping us is very much appreciated

Matt

Corrine · « **Reply #14 on:** January 24, 2011, 09:58:49 PM »

Hi, Matt. Thank you.

Regarding the flash drive, if you are looking to check for malware, launch MSE and click on the Settings tab. Select Advanced and check the box "Scan removable drives". If you wish to remove autorun from the flash drive, let me know.

Let's finish cleaning up and then I'll have suggestions for your Mom to help keep her computer clean. (You may be interested for your own computer.

)

BTW, the folder I was curious about is fine.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code: [Select]

File::
MAI44.tmp
Vjagu.bin

Folder::
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\javapi

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

LandzDown Forum

News:

Author Topic: Oh please Help! Raven sent me (Read 1380 times)

deborahPS

Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

deborahPS

Re: Oh please Help! Raven sent me

Corrine

Re: Oh please Help! Raven sent me