Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

JS/Dursg.A Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

JS/Dursg.A Malware

Unread postby blanval » February 5th, 2011, 9:10 am

My netbook keeps scanning saying that I have JS/Dursg.A Malware
My computer is running super slow, sometimes not even opening files or the internet. Please help! Thanks!!

Valerie



HijackThis Log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:41 AM, on 2/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\igfxext.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Owner\AppData\Roaming\SystemProc\lsass.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\SndVol.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\HijackThis2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Owner\qrloadC6.dll,_IWMPEvents
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Owner\AppData\Roaming\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: scanadiskk98.dll
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 11043 bytes



Uninstall List
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
AMRT
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bejeweled 2 Deluxe
BlackBerry Desktop Software 6.0.1
BlackBerry Desktop Software 6.0.1
Blackhawk Striker 2
Bonjour
CA Anti-Virus Plus
CA Anti-Virus Plus
Coupon Printer for Windows
Faerie Solitaire
FATE Undiscovered Realms
Google Calendar Sync
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 14
Junk Mail filter update
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The Vegas Heist
Polar Bowler
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Skype Launcher
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA eco Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Virtual Families
Virtual Villagers - The Secret City
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Autosync
Yahoo! Messenger
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm
Advertisement
Register to Remove

Re: JS/Dursg.A Malware

Unread postby Cypher » February 7th, 2011, 7:59 am

Hi.
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: JS/Dursg.A Malware

Unread postby Cypher » February 7th, 2011, 8:08 am

Hi Valerie and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
Backup your data - Vista
Backup your data - windows 7


Windows 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Right-click on Rkill And select " Run as administrator " to run it.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: JS/Dursg.A Malware

Unread postby blanval » February 7th, 2011, 11:19 pm

Hey Cypher-

Thanks for your help. I did the Rkill and the Malwarebytes Anti-Malware downloads. For the MBAM results (after I ran the scan), I do not see a "C:\System Volume Information folder" that you mentioned NOT to delete. Is that ok? I have not removed anything in the results yet and won't until I hear back from you. Thanks!!!!

Valerie
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby Cypher » February 8th, 2011, 7:19 am

Hi Valerie.
Just go ahead and let Malwarebytes fix anything it finds.
Post the requested logs in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 3:18 am

Ok, my computer automatically scanned when I just restarted it after running Rkill made my computer freeze, and it found another thing-- . I don't know if its related or not, so I'll mention it here. My kids haven't been on my computer at all, and I know I haven't gone to any shady sites, so I'm not sure where this one came from.



RKILL LOG

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/10/2011 at 0:27:46.
Operating System: Windows 7 Starter


Processes terminated by Rkill or while it was running:

C:\Users\Owner\AppData\Roaming\SystemProc\lsass.exe
C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\consent.exe
C:\windows\System32\InfDefaultInstall.exe
C:\windows\System32\InfDefaultInstall.exe
C:\windows\system32\runonce.exe


Rkill completed on 02/10/2011 at 0:29:19.






MBAM LOG

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5708

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/10/2011 1:05:02 AM
mbam-log-2011-02-10 (01-05-02).txt

Scan type: Quick scan
Objects scanned: 147918
Time elapsed: 12 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Owner\qrloadC6.dll (Rootkit.MBR) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GamevanceText.Linker.1 (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GamevanceText.Linker (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Rootkit.MBR) -> Value: NvCplDaemonTool -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Agent) -> Value: RTHDBPL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Owner\AppData\Roaming\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Owner\qrloadC6.dll (Rootkit.MBR) -> Delete on reboot.
c:\$Recycle.Bin\s-1-5-21-3360501703-2882772190-2378208542-1000\$RRHZKY9.dll (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanadiskk98.dll (Rootkit.MBR) -> Delete on reboot.
c:\Users\Owner\AppData\Local\Temp\3996.tmp (Rootkit.MBR) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\msitcm.cpl (Rootkit.MBR) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Delete on reboot.






RSIT LOG


Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-02-10 01:12:49
Microsoft Windows 7 Starter
System drive C: has 179 GB (78%) free of 228 GB
Total RAM: 1013 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:13:26 AM, on 2/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Owner\qrloadC6.dll,_IWMPEvents
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 11070 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360501703-2882772190-2378208542-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360501703-2882772190-2378208542-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-22 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-27 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-12 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-22 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-11-05 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-11-05 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-11-05 150552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-10-28 7862816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-15 1586472]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 425984]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 476512]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 460088]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 738616]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-09-28 1328480]
"TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-05 2446648]
"ThpSrv"=C:\windows\system32\thpsrv /logon []
"TUSBSleepChargeSrv"=C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [2009-10-26 253312]
"ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-10-30 611672]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-09-17 611672]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2009-10-28 467304]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2009-10-28 29528]
"NortonOnlineBackupReminder"=C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-08-10 529256]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2011-01-31 1766736]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Malwarebytes' Anti-Malware (reboot)"=C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 136176]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-09-24 39408]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2010-11-04 6174008]
"NvCplDaemonTool"=C:\Users\Owner\qrloadC6.dll,_IWMPEvents []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-10-15 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\windows\system32\UmxWnp.Dll [2009-03-27 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-02-10 01:12:49 ----D---- C:\rsit
2011-02-07 20:47:20 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-02-07 20:45:23 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 20:45:22 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 20:45:18 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-02 23:14:31 ----A---- C:\windows\system32\SystemLook.txt
2011-01-29 18:51:51 ----D---- C:\Program Files\Trend Micro
2011-01-14 01:02:58 ----D---- C:\Users\Owner\AppData\Roaming\Blackberry Desktop
2011-01-14 00:52:55 ----D---- C:\Users\Owner\AppData\Roaming\Research In Motion
2011-01-13 21:42:05 ----A---- C:\windows\system32\drivers\RimSerial.sys
2011-01-13 21:37:43 ----D---- C:\ProgramData\Research In Motion
2011-01-13 21:37:01 ----D---- C:\Program Files\Research In Motion
2011-01-13 21:37:01 ----D---- C:\Program Files\Common Files\Research In Motion
2011-01-12 12:35:58 ----A---- C:\windows\system32\odbc32.dll
2011-01-12 12:35:55 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-12 12:35:54 ----A---- C:\windows\system32\mf.dll
2011-01-12 12:35:54 ----A---- C:\windows\system32\DWrite.dll
2011-01-12 12:35:54 ----A---- C:\windows\system32\d2d1.dll
2011-01-12 12:35:53 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-12 12:35:53 ----A---- C:\windows\system32\FntCache.dll
2011-01-12 12:35:52 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-12 12:35:52 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-12 12:35:52 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-01-12 12:35:52 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-12 12:35:52 ----A---- C:\windows\system32\cdd.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-01-12 12:35:51 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-09 21:46:36 ----D---- C:\Program Files\Coupons
2011-01-06 18:12:21 ----D---- C:\Users\Owner\AppData\Roaming\Mozilla
2011-01-03 23:29:56 ----D---- C:\Users\Owner\AppData\Roaming\Template
2011-01-02 22:24:11 ----D---- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
2010-12-24 12:52:05 ----D---- C:\Program Files\Amazon
2010-12-15 21:17:59 ----A---- C:\windows\system32\tzres.dll
2010-12-15 21:17:40 ----A---- C:\windows\system32\iertutil.dll
2010-12-15 21:17:39 ----A---- C:\windows\system32\mstime.dll
2010-12-15 21:17:38 ----A---- C:\windows\system32\mshtml.dll
2010-12-15 21:17:37 ----A---- C:\windows\system32\ieframe.dll
2010-12-15 21:17:36 ----A---- C:\windows\system32\wininet.dll
2010-12-15 21:17:36 ----A---- C:\windows\system32\urlmon.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\mshtmled.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\msfeedssync.exe
2010-12-15 21:17:35 ----A---- C:\windows\system32\msfeedsbs.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\msfeeds.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\licmgr10.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\jsproxy.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\ieui.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\iepeers.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\iedkcs32.dll
2010-12-15 21:17:29 ----A---- C:\windows\system32\schedsvc.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\wmicmiplugin.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\taskschd.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\taskeng.exe
2010-12-15 21:17:28 ----A---- C:\windows\system32\taskcomp.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\schtasks.exe
2010-12-15 21:17:26 ----A---- C:\windows\system32\atmlib.dll
2010-12-15 21:17:26 ----A---- C:\windows\system32\atmfd.dll
2010-12-15 21:17:23 ----A---- C:\windows\system32\webio.dll
2010-12-15 21:17:22 ----A---- C:\windows\system32\consent.exe
2010-12-15 21:17:20 ----A---- C:\windows\system32\oleaut32.dll
2010-12-15 21:17:17 ----A---- C:\windows\system32\win32k.sys
2010-12-15 16:31:30 ----D---- C:\Users\Owner\AppData\Roaming\Amazon
2010-11-30 10:34:54 ----D---- C:\Program Files\Microsoft Visual Studio
2010-11-30 10:34:52 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-30 10:24:03 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-11-30 10:22:26 ----D---- C:\windows\SHELLNEW
2010-11-30 10:20:10 ----RHD---- C:\MSOCache
2010-11-17 20:30:10 ----D---- C:\Users\Owner\AppData\Roaming\AutoSync for Yahoo

======List of files/folders modified in the last 3 months======

2011-02-10 01:13:27 ----D---- C:\windows\Temp
2011-02-10 01:13:01 ----D---- C:\windows\system32\config
2011-02-10 01:09:07 ----D---- C:\windows\Vss
2011-02-10 01:09:07 ----D---- C:\windows\system32\drivers
2011-02-09 22:45:38 ----SHD---- C:\System Volume Information
2011-02-09 21:32:45 ----D---- C:\windows\system32\catroot
2011-02-09 21:32:44 ----D---- C:\windows\system32\catroot2
2011-02-09 21:30:36 ----D---- C:\windows\winsxs
2011-02-08 16:46:52 ----AD---- C:\windows\System32
2011-02-08 16:46:51 ----D---- C:\windows\inf
2011-02-08 16:46:51 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-07 20:45:22 ----HD---- C:\ProgramData
2011-01-29 18:53:05 ----D---- C:\windows\Prefetch
2011-01-29 18:52:17 ----SHD---- C:\windows\Installer
2011-01-29 18:52:16 ----HD---- C:\Config.msi
2011-01-29 18:51:52 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2011-01-29 18:51:51 ----RD---- C:\Program Files
2011-01-17 10:29:02 ----AD---- C:\Windows
2011-01-14 18:00:50 ----D---- C:\windows\system32\DriverStore
2011-01-14 10:02:22 ----D---- C:\Program Files\Google
2011-01-13 21:37:01 ----D---- C:\Program Files\Common Files
2011-01-13 20:11:43 ----A---- C:\windows\system32\MRT.exe
2011-01-05 12:49:12 ----HD---- C:\windows\system32\GroupPolicyUsers
2010-12-31 18:55:19 ----D---- C:\windows\rescache
2010-12-24 12:06:23 ----D---- C:\windows\system32\wdi
2010-12-16 03:26:26 ----D---- C:\windows\system32\migration
2010-12-16 03:26:26 ----D---- C:\windows\system32\en-US
2010-12-16 03:26:26 ----D---- C:\Program Files\Windows Mail
2010-12-16 03:26:26 ----D---- C:\Program Files\Internet Explorer
2010-12-09 00:15:03 ----D---- C:\windows\system32\drivers\UMDF
2010-11-30 10:49:08 ----D---- C:\ProgramData\Microsoft Help
2010-11-30 10:48:56 ----RSD---- C:\windows\assembly
2010-11-30 10:37:41 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-30 10:37:05 ----D---- C:\Program Files\MSBuild
2010-11-30 10:35:53 ----D---- C:\Program Files\Microsoft Office
2010-11-30 10:32:02 ----RSD---- C:\windows\Fonts
2010-11-30 10:31:00 ----SD---- C:\ProgramData\Microsoft
2010-11-30 10:30:59 ----D---- C:\Program Files\Microsoft.NET
2010-11-30 10:22:55 ----A---- C:\windows\win.ini
2010-11-30 10:22:52 ----D---- C:\Program Files\Common Files\System
2010-11-26 15:39:53 ----D---- C:\windows\system32\NDF
2010-11-26 12:12:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 12:12:45 ----D---- C:\Program Files\TOSHIBA Corporation
2010-11-24 00:59:43 ----D---- C:\Program Files\Yahoo!
2010-11-17 20:26:43 ----D---- C:\windows\Downloaded Installations
2010-11-17 15:23:01 ----D---- C:\ProgramData\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KmxAMRT;KmxAMRT; C:\windows\system32\DRIVERS\KmxAMRT.sys [2010-09-17 135248]
R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 36208]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 KmxAgent;KmxAgent; C:\windows\System32\DRIVERS\kmxagent.sys [2010-03-22 79864]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-11-06 1227776]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-10-15 4805120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-10-28 2785568]
R3 KmxCfg;KmxCfg; C:\windows\System32\DRIVERS\kmxcfg.sys [2010-06-09 244304]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2009-07-13 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-10-15 231856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 KmxAMVet;KmxAMVet; \??\C:\WINDOWS\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
S3 RimUsb;BlackBerry Smartphone; C:\windows\System32\Drivers\RimUsb.sys [2010-06-16 75776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CAAMSvc;CAAMSvc; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-01-31 206152]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2010-11-06 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-01-31 206160]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-10-27 185712]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-10-21 518720]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 464224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 185712]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-08-24 740160]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-09-17 301648]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2011-01-31 251216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
R3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-10-30 677232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-24 136176]
S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-08-27 238328]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-24 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 3:19 am

RSIT INFO


info.txt logfile of random's system information tool 1.08 2011-02-10 01:13:43

======Uninstall list======

-->"C:\Program Files\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files\Toshiba Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files\Toshiba Games\Web Link - Dark Orbit\Uninstall.exe"
-->"C:\Program Files\Toshiba Games\Web Link - Deepolis\Uninstall.exe"
-->"C:\Program Files\Toshiba Games\Web Link - RuneScape HD\Uninstall.exe"
-->"C:\Program Files\Toshiba Games\Web Link - Seafight\Uninstall.exe"
-->MsiExec.exe /X{166478EA-A017-43C0-BE42-7560BD5A646B}
Adobe Flash Player 10 ActiveX-->C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Amazon MP3 Downloader 1.0.10-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AMRT-->MsiExec.exe /I{01A3E75B-54C0-407F-8B95-B77705C7DCC4}
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Bejeweled 2 Deluxe-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
BlackBerry Desktop Software 6.0.1-->MsiExec.exe /I{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}
BlackBerry Desktop Software 6.0.1-->MsiExec.exe /i{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}
Blackhawk Striker 2-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
CA Anti-Virus Plus-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\setup\ccinstaller.exe" /u /silent /module="am"
CA Anti-Virus Plus-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=am
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Faerie Solitaire-->"C:\Program Files\TOSHIBA Games\Faerie Solitaire\Uninstall.exe"
FATE Undiscovered Realms-->"C:\Program Files\TOSHIBA Games\FATE Undiscovered Realms\Uninstall.exe"
Google Calendar Sync-->"C:\Program Files\Google\Google Calendar Sync\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Intel(R) Graphics Media Accelerator Driver-->C:\windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{350FB27C-CF62-4EF3-AF9D-70FF313FE221}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery P.I. - The Vegas Heist-->"C:\Program Files\TOSHIBA Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
Polar Bowler-->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Skype Launcher-->C:\Program Files\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Toshiba Application and Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Bulletin Board-->"C:\Program Files\InstallShield Installation Information\{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Bulletin Board-->MsiExec.exe /X{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}
TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B}
TOSHIBA eco Utility-->C:\Program Files\InstallShield Installation Information\{53536479-DFB0-47ED-9D10-43F3708C222D}\setup.exe -runfromtemp -l0x0409
TOSHIBA eco Utility-->C:\Program Files\InstallShield Installation Information\{53536479-DFB0-47ED-9D10-43F3708C222D}\setup.exe -runfromtemp -l0x0409
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
TOSHIBA Media Controller-->C:\Program Files\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -l0x0009 -removeonly
Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}
TOSHIBA Quality Application-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly
TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA ReelTime-->"C:\Program Files\InstallShield Installation Information\{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA ReelTime-->MsiExec.exe /X{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}
TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA USB Sleep and Charge Utility-->C:\Program Files\InstallShield Installation Information\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA Web Camera Application-->C:\Program Files\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly
ToshibaRegistration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly
Virtual Families-->"C:\Program Files\TOSHIBA Games\Virtual Families\Uninstall.exe"
Virtual Villagers - The Secret City-->"C:\Program Files\TOSHIBA Games\Virtual Villagers - The Secret City\Uninstall.exe"
WildTangent Games-->"C:\Program Files\TOSHIBA Games\Uninstall.exe"
WildTangent ORB Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Yahoo! Autosync-->MsiExec.exe /X{98B672F2-857C-4CC9-A25D-6B218077F4F6}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======System event log======

Computer Name: Owner-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1904
Source Name: RTL8167
Time Written: 20100922173541.371238-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1892
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100922173453.292246-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 52
Message: The time service has set the time with offset 16044284129247284 seconds.
Record Number: 1805
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100922172912.292274-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Owner-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1715
Source Name: RTL8167
Time Written: 20100922172338.156034-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 1703
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100506040412.407278-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Owner-PC
Event Code: 26
Message: Error: CreateFile(KMXAGENT) error 2
Record Number: 958
Source Name: UmxCfg
Time Written: 20100922190222.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 26
Message: Error: Cannot open kmxagent driver
Record Number: 957
Source Name: UmxCfg
Time Written: 20100922190222.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3360501703-2882772190-2378208542-1000:
Process 512 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3360501703-2882772190-2378208542-1000
Process 2068 (\Device\HarddiskVolume2\ProgramData\Google\Google Toolbar\Update\gtb899.tmp.exe) has opened key \REGISTRY\USER\S-1-5-21-3360501703-2882772190-2378208542-1000

Record Number: 825
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100922173410.672971-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Record Number: 800
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100922052739.924538-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 791
Source Name: Microsoft-Windows-Search
Time Written: 20100922172619.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-2S0D2JNQ69P
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-2S0D2JNQ69P$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x208
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 426
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100506040402.704061-000
Event Type: Audit Success
User:

Computer Name: WIN-2S0D2JNQ69P
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 425
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100506040334.639612-000
Event Type: Audit Success
User:

Computer Name: WIN-2S0D2JNQ69P
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-2S0D2JNQ69P$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x208
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 424
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100506040334.639612-000
Event Type: Audit Success
User:

Computer Name: WIN-2S0D2JNQ69P
Event Code: 4738
Message: A user account was changed.

Subject:
Security ID: S-1-5-21-3360501703-2882772190-2378208542-500
Account Name: Administrator
Account Domain: WIN-2S0D2JNQ69P
Logon ID: 0x1c6f0

Target Account:
Security ID: S-1-5-21-3360501703-2882772190-2378208542-500
Account Name: Administrator
Account Domain: WIN-2S0D2JNQ69P

Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x211
New UAC Value: 0x211
User Account Control: -
User Parameters: -
SID History: -
Logon Hours: -

Additional Information:
Privileges: -
Record Number: 423
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100506040317.495182-000
Event Type: Audit Success
User:

Computer Name: WIN-2S0D2JNQ69P
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3360501703-2882772190-2378208542-500
Account Name: Administrator
Domain Name: WIN-2S0D2JNQ69P
Logon ID: 0x1c6f0
Record Number: 422
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100506040316.496780-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 3:25 am

Oops, I forgot to look up what was found before I hit submit. Sorry... My scanner found Win32/Swisyn.DP


Thanks again!! I truly appreciate it!
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby Cypher » February 10th, 2011, 7:02 am

Hi Valerie.
Thanks again!! I truly appreciate it!

You're welcome.
My kids haven't been on my computer at all, and I know I haven't gone to any shady sites, so I'm not sure where this one came from.
It would be helpful if you could keep the computer use at a minimum until we get it clean.
Quick question have you been helped at another forum? some entries in your logs suggest you have.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Coupon Printer for Windows

Next.

Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select " Run as administrator " to run it.
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemonTool"=-
    
    :Files
    C:\Program Files\Coupons
    C:\Users\Owner\qrloadC6.dll
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • Have you been helped at another forum?
  • OTM log.
  • RSIT log.txt.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 8:48 am

No, I haven't requested/ received help at any other sites. When I googled the original problem, this was the first help site I saw, so I stopped looking. I ran the rkill and mbam scans when you first replied, but then I came across the question about deleting stuff from mbam, so I re-ran those programs right before posting the logs so you could see the most current results. Maybe that's what you're seeing? Other than that, I have no clue. I will do the other things you told me to do in a little bit.
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby Cypher » February 10th, 2011, 11:28 am

Hi blanval.
No, I haven't requested/ received help at any other sites.

Systemlook is a tool that is used by malware removal helpers and it has been run on your system.
C:\windows\system32\SystemLook.txt

Thats why i asked if you had been helper elsewhere.
I will do the other things you told me to do in a little bit.

Ok post the requested logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 1:02 pm

OTM LOG


All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"CustomizeSearch"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool deleted successfully.
========== FILES ==========
C:\Program Files\Coupons folder moved successfully.
File/Folder C:\Users\Owner\qrloadC6.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 74636034 bytes
->Temporary Internet Files folder emptied: 68903972 bytes
->Java cache emptied: 16793495 bytes
->Google Chrome cache emptied: 17024938 bytes
->Flash cache emptied: 112463 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2976182 bytes
RecycleBin emptied: 311067136 bytes

Total Files Cleaned = 469.00 mb




OTM by OldTimer - Version 3.1.17.2 log created on 02102011_104534

Files moved on Reboot...

Registry entries deleted on Reboot...






RSIT LOG


Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-02-10 11:00:33
Microsoft Windows 7 Starter
System drive C: has 179 GB (78%) free of 228 GB
Total RAM: 1013 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:00:58 AM, on 2/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\notepad.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 10380 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360501703-2882772190-2378208542-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3360501703-2882772190-2378208542-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-22 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-27 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-12 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-22 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-11-05 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-11-05 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-11-05 150552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-10-28 7862816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-15 1586472]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 425984]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 476512]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 460088]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 738616]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-09-28 1328480]
"TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-05 2446648]
"ThpSrv"=C:\windows\system32\thpsrv /logon []
"TUSBSleepChargeSrv"=C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [2009-10-26 253312]
"ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-10-30 611672]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-09-17 611672]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2009-10-28 467304]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2009-10-28 29528]
"NortonOnlineBackupReminder"=C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-08-10 529256]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2011-01-31 1766736]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Malwarebytes' Anti-Malware (reboot)"=C:\Users\Default\Desktop\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 136176]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-09-24 39408]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2010-11-04 6174008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-10-15 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\windows\system32\UmxWnp.Dll [2009-03-27 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-02-10 10:45:34 ----D---- C:\_OTM
2011-02-10 10:43:41 ----D---- C:\windows\ERDNT
2011-02-10 10:39:45 ----SHD---- C:\windows\system32\%APPDATA%
2011-02-10 01:12:49 ----D---- C:\rsit
2011-02-09 21:34:38 ----A---- C:\windows\system32\win32k.sys
2011-02-09 21:34:34 ----A---- C:\windows\system32\kerberos.dll
2011-02-09 21:34:30 ----A---- C:\windows\system32\jscript.dll
2011-02-09 21:34:29 ----A---- C:\windows\system32\vbscript.dll
2011-02-09 21:34:24 ----A---- C:\windows\system32\mshtml.dll
2011-02-09 21:34:12 ----A---- C:\windows\system32\msfeeds.dll
2011-02-09 21:34:11 ----A---- C:\windows\system32\mstime.dll
2011-02-09 21:34:11 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-09 21:34:10 ----A---- C:\windows\system32\mshtmled.dll
2011-02-09 21:34:10 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-09 21:34:10 ----A---- C:\windows\system32\iertutil.dll
2011-02-09 21:34:10 ----A---- C:\windows\system32\iepeers.dll
2011-02-09 21:34:09 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-09 21:34:09 ----A---- C:\windows\system32\licmgr10.dll
2011-02-09 21:34:00 ----A---- C:\windows\system32\atmlib.dll
2011-02-09 21:34:00 ----A---- C:\windows\system32\atmfd.dll
2011-02-09 21:33:53 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-09 21:33:53 ----A---- C:\windows\system32\ntdll.dll
2011-02-09 21:33:52 ----A---- C:\windows\system32\ntkrnlpa.exe
2011-02-09 21:33:25 ----A---- C:\windows\system32\upnp.dll
2011-02-09 21:33:24 ----A---- C:\windows\system32\urlmon.dll
2011-02-09 21:33:23 ----A---- C:\windows\system32\msxml6.dll
2011-02-09 21:33:22 ----A---- C:\windows\system32\wininet.dll
2011-02-09 21:33:22 ----A---- C:\windows\system32\msxml3.dll
2011-02-09 21:33:21 ----A---- C:\windows\system32\ieframe.dll
2011-02-09 21:33:20 ----A---- C:\windows\system32\wscsvc.dll
2011-02-09 21:33:20 ----A---- C:\windows\system32\wscapi.dll
2011-02-09 21:33:20 ----A---- C:\windows\system32\winhttp.dll
2011-02-09 21:33:20 ----A---- C:\windows\system32\WebClnt.dll
2011-02-09 21:33:20 ----A---- C:\windows\system32\slwga.dll
2011-02-09 21:33:20 ----A---- C:\windows\system32\davclnt.dll
2011-02-09 21:33:07 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-07 20:47:20 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-02-07 20:45:23 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 20:45:22 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 20:45:18 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-02 23:14:31 ----A---- C:\windows\system32\SystemLook.txt
2011-01-29 18:51:51 ----D---- C:\Program Files\Trend Micro
2011-01-14 01:02:58 ----D---- C:\Users\Owner\AppData\Roaming\Blackberry Desktop
2011-01-14 00:52:55 ----D---- C:\Users\Owner\AppData\Roaming\Research In Motion
2011-01-13 21:42:05 ----A---- C:\windows\system32\drivers\RimSerial.sys
2011-01-13 21:37:43 ----D---- C:\ProgramData\Research In Motion
2011-01-13 21:37:01 ----D---- C:\Program Files\Research In Motion
2011-01-13 21:37:01 ----D---- C:\Program Files\Common Files\Research In Motion
2011-01-12 12:35:58 ----A---- C:\windows\system32\odbc32.dll
2011-01-12 12:35:55 ----A---- C:\windows\system32\d3d10warp.dll
2011-01-12 12:35:54 ----A---- C:\windows\system32\mf.dll
2011-01-12 12:35:54 ----A---- C:\windows\system32\DWrite.dll
2011-01-12 12:35:54 ----A---- C:\windows\system32\d2d1.dll
2011-01-12 12:35:53 ----A---- C:\windows\system32\XpsPrint.dll
2011-01-12 12:35:53 ----A---- C:\windows\system32\FntCache.dll
2011-01-12 12:35:52 ----A---- C:\windows\system32\XpsGdiConverter.dll
2011-01-12 12:35:52 ----A---- C:\windows\system32\WMVDECOD.DLL
2011-01-12 12:35:52 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-01-12 12:35:52 ----A---- C:\windows\system32\d3d10_1core.dll
2011-01-12 12:35:52 ----A---- C:\windows\system32\cdd.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\XpsRasterService.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\mfreadwrite.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\ExplorerFrame.dll
2011-01-12 12:35:51 ----A---- C:\windows\system32\d3d10_1.dll
2011-01-06 18:12:21 ----D---- C:\Users\Owner\AppData\Roaming\Mozilla
2011-01-03 23:29:56 ----D---- C:\Users\Owner\AppData\Roaming\Template
2011-01-02 22:24:11 ----D---- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
2010-12-24 12:52:05 ----D---- C:\Program Files\Amazon
2010-12-15 21:17:59 ----A---- C:\windows\system32\tzres.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\jsproxy.dll
2010-12-15 21:17:35 ----A---- C:\windows\system32\ieui.dll
2010-12-15 21:17:29 ----A---- C:\windows\system32\schedsvc.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\wmicmiplugin.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\taskschd.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\taskeng.exe
2010-12-15 21:17:28 ----A---- C:\windows\system32\taskcomp.dll
2010-12-15 21:17:28 ----A---- C:\windows\system32\schtasks.exe
2010-12-15 21:17:23 ----A---- C:\windows\system32\webio.dll
2010-12-15 21:17:22 ----A---- C:\windows\system32\consent.exe
2010-12-15 21:17:20 ----A---- C:\windows\system32\oleaut32.dll
2010-12-15 16:31:30 ----D---- C:\Users\Owner\AppData\Roaming\Amazon
2010-11-30 10:34:54 ----D---- C:\Program Files\Microsoft Visual Studio
2010-11-30 10:34:52 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-30 10:24:03 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-11-30 10:22:26 ----D---- C:\windows\SHELLNEW
2010-11-30 10:20:10 ----RHD---- C:\MSOCache
2010-11-17 20:30:10 ----D---- C:\Users\Owner\AppData\Roaming\AutoSync for Yahoo

======List of files/folders modified in the last 3 months======

2011-02-10 11:01:00 ----D---- C:\windows\Temp
2011-02-10 10:52:04 ----D---- C:\windows\winsxs
2011-02-10 10:51:37 ----D---- C:\windows\system32\config
2011-02-10 10:50:08 ----D---- C:\Program Files\Internet Explorer
2011-02-10 10:50:08 ----AD---- C:\windows\System32
2011-02-10 10:50:04 ----D---- C:\windows\system32\drivers
2011-02-10 10:49:14 ----AD---- C:\Windows
2011-02-10 10:45:39 ----RD---- C:\Program Files
2011-02-10 10:43:33 ----D---- C:\windows\system32\Tasks
2011-02-10 10:27:09 ----A---- C:\windows\system32\MRT.exe
2011-02-10 10:25:13 ----SHD---- C:\System Volume Information
2011-02-10 01:09:07 ----D---- C:\windows\Vss
2011-02-09 21:32:45 ----D---- C:\windows\system32\catroot
2011-02-09 21:32:44 ----D---- C:\windows\system32\catroot2
2011-02-08 16:46:51 ----D---- C:\windows\inf
2011-02-08 16:46:51 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-07 20:45:22 ----HD---- C:\ProgramData
2011-01-29 18:53:05 ----D---- C:\windows\Prefetch
2011-01-29 18:52:17 ----SHD---- C:\windows\Installer
2011-01-29 18:52:16 ----HD---- C:\Config.msi
2011-01-29 18:51:52 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2011-01-14 18:00:50 ----D---- C:\windows\system32\DriverStore
2011-01-14 10:02:22 ----D---- C:\Program Files\Google
2011-01-13 21:37:01 ----D---- C:\Program Files\Common Files
2011-01-05 12:49:12 ----HD---- C:\windows\system32\GroupPolicyUsers
2010-12-31 18:55:19 ----D---- C:\windows\rescache
2010-12-24 12:06:23 ----D---- C:\windows\system32\wdi
2010-12-16 03:26:26 ----D---- C:\windows\system32\migration
2010-12-16 03:26:26 ----D---- C:\windows\system32\en-US
2010-12-16 03:26:26 ----D---- C:\Program Files\Windows Mail
2010-12-09 00:15:03 ----D---- C:\windows\system32\drivers\UMDF
2010-11-30 10:49:08 ----D---- C:\ProgramData\Microsoft Help
2010-11-30 10:48:56 ----RSD---- C:\windows\assembly
2010-11-30 10:37:41 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-30 10:37:05 ----D---- C:\Program Files\MSBuild
2010-11-30 10:35:53 ----D---- C:\Program Files\Microsoft Office
2010-11-30 10:32:02 ----RSD---- C:\windows\Fonts
2010-11-30 10:31:00 ----SD---- C:\ProgramData\Microsoft
2010-11-30 10:30:59 ----D---- C:\Program Files\Microsoft.NET
2010-11-30 10:22:55 ----A---- C:\windows\win.ini
2010-11-30 10:22:52 ----D---- C:\Program Files\Common Files\System
2010-11-26 15:39:53 ----D---- C:\windows\system32\NDF
2010-11-26 12:12:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-26 12:12:45 ----D---- C:\Program Files\TOSHIBA Corporation
2010-11-24 00:59:43 ----D---- C:\Program Files\Yahoo!
2010-11-17 20:26:43 ----D---- C:\windows\Downloaded Installations
2010-11-17 15:23:01 ----D---- C:\ProgramData\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KmxAMRT;KmxAMRT; C:\windows\system32\DRIVERS\KmxAMRT.sys [2010-09-17 135248]
R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 36208]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 KmxAgent;KmxAgent; C:\windows\System32\DRIVERS\kmxagent.sys [2010-03-22 79864]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-11-06 1227776]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-10-15 4805120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-10-28 2785568]
R3 KmxCfg;KmxCfg; C:\windows\System32\DRIVERS\kmxcfg.sys [2010-06-09 244304]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2009-07-13 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-10-15 231856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 KmxAMVet;KmxAMVet; \??\C:\WINDOWS\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
S3 RimUsb;BlackBerry Smartphone; C:\windows\System32\Drivers\RimUsb.sys [2010-06-16 75776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CAAMSvc;CAAMSvc; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-01-31 206152]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2010-11-06 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-01-31 206160]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-10-27 185712]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2009-10-21 518720]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 464224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 185712]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-08-24 740160]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-09-17 301648]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2011-01-31 251216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
R3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-10-30 677232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-24 136176]
S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-08-27 238328]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-24 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 1:09 pm

TDSSKILLER LOG



2011/02/10 11:07:11.0788 3296 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/10 11:07:12.0272 3296 ================================================================================
2011/02/10 11:07:12.0272 3296 SystemInfo:
2011/02/10 11:07:12.0272 3296
2011/02/10 11:07:12.0272 3296 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/10 11:07:12.0272 3296 Product type: Workstation
2011/02/10 11:07:12.0272 3296 ComputerName: OWNER-PC
2011/02/10 11:07:12.0272 3296 UserName: Owner
2011/02/10 11:07:12.0272 3296 Windows directory: C:\windows
2011/02/10 11:07:12.0272 3296 System windows directory: C:\windows
2011/02/10 11:07:12.0272 3296 Processor architecture: Intel x86
2011/02/10 11:07:12.0272 3296 Number of processors: 2
2011/02/10 11:07:12.0272 3296 Page size: 0x1000
2011/02/10 11:07:12.0272 3296 Boot type: Normal boot
2011/02/10 11:07:12.0272 3296 ================================================================================
2011/02/10 11:07:13.0254 3296 Initialize success
2011/02/10 11:07:29.0041 5036 ================================================================================
2011/02/10 11:07:29.0041 5036 Scan started
2011/02/10 11:07:29.0041 5036 Mode: Manual;
2011/02/10 11:07:29.0041 5036 ================================================================================
2011/02/10 11:07:30.0554 5036 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/02/10 11:07:30.0632 5036 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/02/10 11:07:30.0695 5036 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/02/10 11:07:30.0835 5036 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/02/10 11:07:30.0960 5036 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/02/10 11:07:31.0022 5036 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/02/10 11:07:31.0178 5036 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/02/10 11:07:31.0241 5036 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/02/10 11:07:31.0381 5036 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/02/10 11:07:31.0475 5036 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/02/10 11:07:31.0522 5036 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/02/10 11:07:31.0631 5036 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/02/10 11:07:31.0709 5036 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/02/10 11:07:31.0756 5036 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/02/10 11:07:31.0880 5036 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/02/10 11:07:31.0943 5036 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/02/10 11:07:31.0990 5036 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/02/10 11:07:32.0114 5036 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/02/10 11:07:32.0286 5036 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/02/10 11:07:32.0348 5036 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/02/10 11:07:32.0411 5036 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/02/10 11:07:32.0504 5036 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/02/10 11:07:32.0598 5036 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
2011/02/10 11:07:32.0801 5036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/02/10 11:07:32.0926 5036 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/02/10 11:07:33.0004 5036 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/02/10 11:07:33.0175 5036 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/02/10 11:07:33.0269 5036 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/02/10 11:07:33.0316 5036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/02/10 11:07:33.0425 5036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/02/10 11:07:33.0503 5036 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/02/10 11:07:33.0550 5036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/02/10 11:07:33.0643 5036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/02/10 11:07:33.0690 5036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/02/10 11:07:33.0752 5036 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/02/10 11:07:34.0002 5036 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/02/10 11:07:34.0080 5036 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/02/10 11:07:34.0220 5036 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/02/10 11:07:34.0283 5036 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/02/10 11:07:34.0423 5036 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/02/10 11:07:34.0470 5036 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/02/10 11:07:34.0532 5036 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/02/10 11:07:34.0657 5036 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/02/10 11:07:34.0704 5036 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/02/10 11:07:34.0844 5036 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/02/10 11:07:34.0969 5036 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/02/10 11:07:35.0078 5036 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/02/10 11:07:35.0172 5036 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/02/10 11:07:35.0344 5036 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/02/10 11:07:35.0422 5036 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/02/10 11:07:35.0656 5036 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/02/10 11:07:35.0874 5036 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/02/10 11:07:35.0936 5036 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/02/10 11:07:36.0092 5036 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/02/10 11:07:36.0186 5036 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/02/10 11:07:36.0264 5036 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/02/10 11:07:36.0404 5036 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/02/10 11:07:36.0467 5036 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/02/10 11:07:36.0514 5036 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/02/10 11:07:36.0638 5036 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/02/10 11:07:36.0716 5036 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/02/10 11:07:36.0763 5036 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/02/10 11:07:36.0919 5036 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/02/10 11:07:36.0997 5036 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/02/10 11:07:37.0138 5036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/10 11:07:37.0309 5036 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/02/10 11:07:37.0356 5036 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/02/10 11:07:37.0481 5036 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/02/10 11:07:37.0543 5036 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/02/10 11:07:37.0590 5036 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/02/10 11:07:37.0730 5036 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/02/10 11:07:37.0808 5036 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/02/10 11:07:37.0964 5036 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/02/10 11:07:38.0042 5036 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/02/10 11:07:38.0152 5036 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/02/10 11:07:38.0276 5036 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/02/10 11:07:38.0432 5036 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/02/10 11:07:38.0682 5036 igfx (e21a74a91f7aa3bb2e985c4cddca63f2) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/02/10 11:07:38.0916 5036 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/02/10 11:07:39.0103 5036 IntcAzAudAddService (0a0e3c041c20c4175e1cc6580138ca38) C:\windows\system32\drivers\RTKVHDA.sys
2011/02/10 11:07:39.0244 5036 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/02/10 11:07:39.0306 5036 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/02/10 11:07:39.0368 5036 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/02/10 11:07:39.0509 5036 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/02/10 11:07:39.0571 5036 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/02/10 11:07:39.0696 5036 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/02/10 11:07:39.0743 5036 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/02/10 11:07:39.0805 5036 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/02/10 11:07:39.0930 5036 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/02/10 11:07:40.0008 5036 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/02/10 11:07:40.0164 5036 KmxAgent (bf236f7a7a4b437dae22cf7665055e71) C:\windows\system32\DRIVERS\kmxagent.sys
2011/02/10 11:07:40.0226 5036 KmxAMRT (431f909c73deaf60522e0be5e81aa6ef) C:\windows\system32\DRIVERS\KmxAMRT.sys
2011/02/10 11:07:40.0320 5036 KmxAMVet (041b29c8e3bed6e833ade367ecfa51f9) C:\WINDOWS\system32\Drivers\KmxAMVet.sys
2011/02/10 11:07:40.0460 5036 KmxCfg (ebec5bc094f7127de83751deba0111c7) C:\windows\system32\DRIVERS\kmxcfg.sys
2011/02/10 11:07:40.0538 5036 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/02/10 11:07:40.0601 5036 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/02/10 11:07:40.0788 5036 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/02/10 11:07:40.0882 5036 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/02/10 11:07:41.0038 5036 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/02/10 11:07:41.0084 5036 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/02/10 11:07:41.0147 5036 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/02/10 11:07:41.0178 5036 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/02/10 11:07:41.0350 5036 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/02/10 11:07:41.0412 5036 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/02/10 11:07:41.0474 5036 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/02/10 11:07:41.0630 5036 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/02/10 11:07:41.0693 5036 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/02/10 11:07:41.0818 5036 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/02/10 11:07:41.0880 5036 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/02/10 11:07:41.0942 5036 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/02/10 11:07:42.0052 5036 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/02/10 11:07:42.0114 5036 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/02/10 11:07:42.0192 5036 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/02/10 11:07:42.0286 5036 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/02/10 11:07:42.0348 5036 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/02/10 11:07:42.0395 5036 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/02/10 11:07:42.0442 5036 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/02/10 11:07:42.0551 5036 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/02/10 11:07:42.0644 5036 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/02/10 11:07:42.0722 5036 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/02/10 11:07:42.0785 5036 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/02/10 11:07:42.0972 5036 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/02/10 11:07:43.0034 5036 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/02/10 11:07:43.0128 5036 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/02/10 11:07:43.0190 5036 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/02/10 11:07:43.0284 5036 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/02/10 11:07:43.0424 5036 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/02/10 11:07:43.0456 5036 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/02/10 11:07:43.0502 5036 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/02/10 11:07:43.0612 5036 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/02/10 11:07:43.0736 5036 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/02/10 11:07:43.0877 5036 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/02/10 11:07:43.0955 5036 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/02/10 11:07:44.0064 5036 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/02/10 11:07:44.0126 5036 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/02/10 11:07:44.0173 5036 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/02/10 11:07:44.0329 5036 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/02/10 11:07:44.0376 5036 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/02/10 11:07:44.0563 5036 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/02/10 11:07:44.0641 5036 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/02/10 11:07:44.0719 5036 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/02/10 11:07:44.0813 5036 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/02/10 11:07:44.0953 5036 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/02/10 11:07:45.0047 5036 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/02/10 11:07:45.0109 5036 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/02/10 11:07:45.0250 5036 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/02/10 11:07:45.0328 5036 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/02/10 11:07:45.0499 5036 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/02/10 11:07:45.0546 5036 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/02/10 11:07:45.0608 5036 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/02/10 11:07:45.0671 5036 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/02/10 11:07:45.0780 5036 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/02/10 11:07:45.0842 5036 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/02/10 11:07:45.0905 5036 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/02/10 11:07:45.0967 5036 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/02/10 11:07:46.0154 5036 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/02/10 11:07:46.0342 5036 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/02/10 11:07:46.0435 5036 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/02/10 11:07:46.0529 5036 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/02/10 11:07:46.0654 5036 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/02/10 11:07:46.0794 5036 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/02/10 11:07:46.0872 5036 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/02/10 11:07:46.0919 5036 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/02/10 11:07:47.0044 5036 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/02/10 11:07:47.0106 5036 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/02/10 11:07:47.0231 5036 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/02/10 11:07:47.0293 5036 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/02/10 11:07:47.0356 5036 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/02/10 11:07:47.0480 5036 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/02/10 11:07:47.0512 5036 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/02/10 11:07:47.0590 5036 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/02/10 11:07:47.0668 5036 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/02/10 11:07:47.0792 5036 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/02/10 11:07:47.0886 5036 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/02/10 11:07:48.0026 5036 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\windows\system32\Drivers\RimUsb.sys
2011/02/10 11:07:48.0089 5036 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2011/02/10 11:07:48.0214 5036 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
2011/02/10 11:07:48.0448 5036 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/02/10 11:07:48.0588 5036 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
2011/02/10 11:07:48.0650 5036 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/02/10 11:07:48.0822 5036 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/02/10 11:07:48.0900 5036 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/02/10 11:07:49.0056 5036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/02/10 11:07:49.0181 5036 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/02/10 11:07:49.0321 5036 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/02/10 11:07:49.0368 5036 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/02/10 11:07:49.0493 5036 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/02/10 11:07:49.0618 5036 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/02/10 11:07:49.0664 5036 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/02/10 11:07:49.0711 5036 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/02/10 11:07:49.0867 5036 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/02/10 11:07:49.0930 5036 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/02/10 11:07:49.0992 5036 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/02/10 11:07:50.0117 5036 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/02/10 11:07:50.0226 5036 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/02/10 11:07:50.0460 5036 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/02/10 11:07:50.0569 5036 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/02/10 11:07:50.0632 5036 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/02/10 11:07:50.0756 5036 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
2011/02/10 11:07:50.0803 5036 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\windows\system32\DRIVERS\sscdmdfl.sys
2011/02/10 11:07:50.0866 5036 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\windows\system32\DRIVERS\sscdmdm.sys
2011/02/10 11:07:50.0975 5036 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\windows\system32\DRIVERS\sscdserd.sys
2011/02/10 11:07:51.0053 5036 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/02/10 11:07:51.0162 5036 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/02/10 11:07:51.0302 5036 SynTP (6da97d6b6de6326eba8ab8291ab41a09) C:\windows\system32\DRIVERS\SynTP.sys
2011/02/10 11:07:51.0521 5036 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/02/10 11:07:51.0692 5036 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/02/10 11:07:51.0817 5036 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/02/10 11:07:51.0880 5036 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/02/10 11:07:51.0942 5036 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/02/10 11:07:52.0036 5036 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/02/10 11:07:52.0098 5036 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/02/10 11:07:52.0129 5036 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/02/10 11:07:52.0394 5036 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
2011/02/10 11:07:52.0519 5036 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/02/10 11:07:52.0816 5036 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/02/10 11:07:52.0894 5036 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/02/10 11:07:53.0003 5036 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/02/10 11:07:53.0081 5036 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/02/10 11:07:53.0190 5036 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/02/10 11:07:53.0284 5036 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/02/10 11:07:53.0471 5036 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/02/10 11:07:53.0533 5036 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/02/10 11:07:53.0642 5036 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/02/10 11:07:53.0767 5036 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2011/02/10 11:07:53.0830 5036 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/02/10 11:07:53.0986 5036 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/02/10 11:07:54.0048 5036 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/02/10 11:07:54.0173 5036 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/02/10 11:07:54.0235 5036 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/02/10 11:07:54.0282 5036 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/02/10 11:07:54.0407 5036 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/02/10 11:07:54.0469 5036 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/02/10 11:07:54.0532 5036 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/02/10 11:07:54.0672 5036 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/02/10 11:07:54.0766 5036 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/02/10 11:07:54.0890 5036 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/02/10 11:07:54.0937 5036 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/02/10 11:07:55.0000 5036 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/02/10 11:07:55.0140 5036 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/02/10 11:07:55.0187 5036 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/02/10 11:07:55.0249 5036 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/02/10 11:07:55.0358 5036 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/02/10 11:07:55.0405 5036 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/02/10 11:07:55.0468 5036 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/02/10 11:07:55.0592 5036 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/02/10 11:07:55.0670 5036 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/02/10 11:07:55.0826 5036 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/02/10 11:07:55.0889 5036 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/02/10 11:07:56.0014 5036 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/02/10 11:07:56.0076 5036 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/10 11:07:56.0123 5036 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/02/10 11:07:56.0232 5036 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/02/10 11:07:56.0310 5036 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/02/10 11:07:56.0513 5036 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/02/10 11:07:56.0575 5036 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/02/10 11:07:56.0825 5036 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/02/10 11:07:56.0918 5036 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/02/10 11:07:57.0074 5036 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/02/10 11:07:57.0293 5036 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/02/10 11:07:57.0449 5036 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/02/10 11:07:57.0605 5036 ================================================================================
2011/02/10 11:07:57.0605 5036 Scan finished
2011/02/10 11:07:57.0605 5036 ================================================================================
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm

Re: JS/Dursg.A Malware

Unread postby Cypher » February 10th, 2011, 1:19 pm

Hi blanval.
Good work so far.
How is your PC performing now are you having any problems?

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 23.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X.
    Note: Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable CA Anti-Virus 2010

  • Right-click on the CA icon in system tray (bottom right corner, just next to the clock).
  • Select My Computer and then click on Enable Snooze.
  • Enter the number of minutes you want to suspend real-time virus scanning.
  • Enter 999 minutes.
  • Click on Snooze.
  • Real-time virus scanning is suspended for the specified time period.
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: JS/Dursg.A Malware

Unread postby blanval » February 10th, 2011, 9:18 pm

Wow that ESET scan took forever! My computer seems to be running pretty good right now. Things are loading MUCH faster and I just checked Excel (where I really noticed the issues before), and I can now copy and paste and insert new columns quickly (normal speed), versus before, when I would go to paste a cell or insert a new column/row and it would literally take 15 seconds per copy and paste.

Can you tell where I got the malware from? I mean, if it was from one of my kid's game sites or a facebook app, or it could even be one of the sites I checked out-- Im in anatomy, so for exams, I download as many "games" or quizzes as possible in order to practice and review.

I know I keep saying it, but thank you so much for taking the time to help me!! I wish I knew more about computers so I could do it myself, but that is definitely not one of my areas of expertise!!!


ESET LOG

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=31955e7da73a5847bf1cd352306d6898
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-10 10:19:38
# local_time=2011-02-10 04:19:38 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 12105846 12105846 0 0
# compatibility_mode=5893 16776573 100 94 0 48919131 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=18078
# found=0
# cleaned=0
# scan_time=2039
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=31955e7da73a5847bf1cd352306d6898
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-11 12:23:42
# local_time=2011-02-10 06:23:42 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 12108278 12108278 0 0
# compatibility_mode=5893 16776573 100 94 0 48921563 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98651
# found=0
# cleaned=0
# scan_time=7050
blanval
Active Member
 
Posts: 11
Joined: January 29th, 2011, 9:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware