Would someone mind having a look at these logs please ?

Somerset
Somerset Posts: 3,636 Forumite
Part of the Furniture Combo Breaker
in Techie Stuff
My aol e-mail was hacked. I assume it must be a problem from my end, so I've run the following :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3975
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
10/04/2010 20:09:53
mbam-log-2010-04-10 (20-09-53).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 215908
Time elapsed: 1 hour(s), 8 minute(s), 52 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
C:\Program Files\Common Files\microsoft shared\DAO\STAPLES-PC\svchost.exe (Trojan.Dropper) -> Failed to unload process.
Memory Modules Infected:
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sound card driver (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Microsoft Shared\DAO\STAPLES-PC\svchost.exe (Trojan.Dropper) -> Delete on reboot.
C:\Users\staples\Documents\Finance\IBM-3B85E0F88AF\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
«1

Comments

  • Somerset
    Somerset Posts: 3,636 Forumite
    Part of the Furniture Combo Breaker
    Hijack this :Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:17:14, on 10/04/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\Program Files\Toshiba\Utilities\KeNotify.exe
    C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\Toshiba\TECO\TEco.exe
    C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
    C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
    O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
    O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
    O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
    O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    --
    End of file - 12127 bytes
  • Avoriaz
    Avoriaz Posts: 39,110 Forumite
    While you are at it, would you look at my logs too please.

















    10moh82.jpg
  • Somerset
    Somerset Posts: 3,636 Forumite
    Part of the Furniture Combo Breaker
    Anyone else, apart from Avoriaz ?

    (Avoriaz, they are beautiful logs dear :p )
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Seems fine to me

    TICK and FIX these dead files ~
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
    O9 - Extra button: Amazon,co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon,co.uk/exec/obidos/...k-21&site=home (file missing)

    That said, with you having trojans its probably a good idea to look deeper ~


    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    :idea:
  • Somerset
    Somerset Posts: 3,636 Forumite
    Part of the Furniture Combo Breaker
    Thanks aliEnRIK

    First daft question - how do I do the click & fix on the two dead files you mention ?

    I'll run the Combofix after that.

    Many Thanks
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    re run hijack
    TICk them
    then click to FIX them
    :idea:
  • Somerset
    Somerset Posts: 3,636 Forumite
    Part of the Furniture Combo Breaker
    Combofix results :

    ComboFix 10-04-10.01 - staples 11/04/2010 20:48:13.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2908.1377 [GMT 1:00]
    Running from: c:\users\staples\Downloads\ComboFix.exe
    FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Common Files\Microsoft Shared\dao\svchost.exe
    c:\windows\system32\ijl11pro.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
    .
    2010-04-11 20:01 . 2010-04-11 20:01
    d
    w- c:\users\Public\AppData\Local\temp
    2010-04-11 20:01 . 2010-04-11 20:01
    d
    w- c:\users\Default\AppData\Local\temp
    2010-04-11 11:55 . 2010-04-11 11:55
    d
    w- c:\users\staples\Phone Browser
    2010-04-11 10:07 . 2010-04-11 10:07
    d
    w- c:\program files\Microsoft Security Essentials
    2010-04-11 10:03 . 2010-04-11 10:03
    d
    w- c:\users\Tony\AppData\Roaming\HP
    2010-04-11 10:03 . 2010-04-11 10:03
    d
    w- c:\users\Tony\AppData\Roaming\PC Suite
    2010-04-11 10:02 . 2010-04-11 10:02
    d
    w- c:\users\Tony\AppData\Local\Toshiba
    2010-04-11 10:02 . 2010-04-11 10:02 76136 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-10 20:48 . 2010-04-10 20:48 2778679 ----a-w- c:\programdata\TOSHIBA\TSS\Plugins\SwUpdates\Packages\f8c5a673-5ba4-499b-8a7e-0be647550001\230503_05.10.35.BIOS_V150_Win.exe
    2010-04-10 19:16 . 2010-04-10 19:16
    d
    w- c:\program files\Trend Micro
    2010-04-10 17:58 . 2010-04-10 17:58
    d
    w- c:\users\staples\AppData\Roaming\Malwarebytes
    2010-04-10 17:58 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-10 17:58 . 2010-04-10 17:58
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-10 17:58 . 2010-04-10 17:58
    d
    w- c:\programdata\Malwarebytes
    2010-04-10 17:58 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-10 17:44 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2010-04-10 17:44 . 2010-04-10 17:44
    d
    w- c:\program files\Sunbelt Software
    2010-04-07 16:57 . 2010-04-07 16:58
    d
    w- c:\users\staples\AppData\Local\Deployment
    2010-04-07 16:57 . 2010-04-07 16:57
    d
    w- c:\users\staples\AppData\Local\Apps
    2010-04-03 21:08 . 2010-04-03 21:08
    d
    w- c:\program files\Invadazoid
    2010-04-03 21:08 . 2010-04-03 21:08
    d
    w- c:\program files\bfgclient
    2010-04-03 21:07 . 2010-04-08 17:23
    d
    w- C:\BigFishGamesCache
    2010-04-02 12:08 . 2010-04-02 12:08
    d
    w- c:\users\staples\AppData\Roaming\Nokia Multimedia Player
    2010-04-02 12:01 . 2010-04-02 12:03
    d
    w- c:\programdata\PC Suite
    2010-04-02 12:00 . 2010-04-02 12:04
    d
    w- c:\users\staples\AppData\Roaming\Nokia
    2010-04-02 12:00 . 2010-04-02 12:00
    d
    w- c:\program files\Common Files\PCSuite
    2010-04-02 12:00 . 2010-04-02 12:00
    d
    w- c:\program files\Common Files\Nokia
    2010-04-02 12:00 . 2010-04-02 12:00
    d
    w- c:\program files\DIFX
    2010-04-02 11:59 . 2010-04-02 12:01
    d
    w- c:\users\staples\AppData\Roaming\PC Suite
    2010-04-02 11:59 . 2010-04-02 11:59
    d
    w- c:\program files\PC Connectivity Solution
    2010-04-02 11:58 . 2010-04-02 12:00
    d
    w- c:\program files\Nokia
    2010-04-02 11:58 . 2007-02-22 10:15 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
    2010-04-02 11:57 . 2010-04-02 11:57 8192 ----a-w- c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
    2010-04-02 11:57 . 2010-04-02 11:57 61440 ----a-w- c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
    2010-04-02 11:57 . 2010-04-02 11:57 10240 ----a-w- c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
    2010-04-02 11:57 . 2010-04-02 11:57
    d
    w- c:\programdata\Installations
    2010-04-01 14:01 . 2010-04-01 14:02
    d
    w- c:\users\staples\AppData\Roaming\HP
    2010-04-01 14:01 . 2010-04-01 14:01
    d
    w- c:\programdata\Hewlett-Packard
    2010-04-01 14:00 . 2007-08-17 20:27 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4x6.dll
    2010-04-01 13:46 . 2010-04-10 22:36
    d
    w- c:\programdata\HPSSUPPLY
    2010-04-01 13:43 . 2010-04-01 13:45
    d
    w- c:\program files\Common Files\HP
    2010-04-01 13:43 . 2010-04-01 13:43
    d
    w- c:\program files\Hewlett-Packard
    2010-04-01 13:43 . 2010-04-01 13:43
    d
    w- c:\program files\Common Files\Hewlett-Packard
    2010-04-01 13:41 . 2007-08-17 20:29 118272 ----a-w- c:\windows\system32\hpz3l4x6.dll
    2010-04-01 13:41 . 2010-04-01 13:41
    d
    w- c:\windows\marco
    2010-04-01 13:40 . 2010-04-01 14:01 136388 ----a-w- c:\windows\hpwins10.dat
    2010-04-01 13:26 . 2010-04-01 16:31
    d
    w- c:\programdata\HP
    2010-04-01 13:26 . 2007-07-10 09:01 258048 ----a-w- c:\windows\system32\hpzids01.dll
    2010-04-01 13:26 . 2007-07-10 08:23 364544 ----a-w- c:\windows\system32\hppldcoi.dll
    2010-04-01 13:26 . 2007-07-10 08:23 892928 ----a-w- c:\windows\system32\hpwtiop2.dll
    2010-04-01 13:26 . 2007-07-10 08:23 294912 ----a-w- c:\windows\system32\hpovst11.dll
    2010-04-01 13:26 . 2007-07-10 08:23 675840 ----a-w- c:\windows\system32\hpwwiax2.dll
    2010-04-01 13:26 . 2007-07-10 09:01 1269760 ----a-w- c:\windows\hpzshl01.exe
    2010-04-01 13:26 . 2007-07-10 09:01 1126400 ----a-w- c:\windows\hpzmsi01.exe
    2010-04-01 13:25 . 2007-09-17 08:48 10376 ----a-w- c:\windows\hpwscr10.dat
    2010-04-01 13:25 . 2007-09-17 08:45 1042 ----a-w- c:\windows\hpwmdl10.dat
    2010-04-01 13:14 . 2010-04-01 13:14 10134 ----a-r- c:\users\staples\AppData\Roaming\Microsoft\Installer\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}\ARPPRODUCTICON.exe
    2010-04-01 13:14 . 2010-04-01 13:46
    d
    w- c:\program files\Hp
    2010-03-28 13:04 . 2004-12-18 19:32 38229
    w- c:\windows\system32\drivers\StMp3Rec.sys
    2010-03-28 12:54 . 2010-04-11 12:06
    d
    w- c:\users\staples\AppData\Local\Apple Computer
    2010-03-28 12:54 . 2010-04-11 11:53
    d
    w- c:\users\staples\AppData\Roaming\Apple Computer
    2010-03-28 12:53 . 2010-03-28 12:53
    dc----w- c:\windows\system32\DRVSTORE
    2010-03-28 12:53 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-03-28 12:53 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-03-28 12:52 . 2010-03-28 13:28
    d
    w- c:\program files\iPod
    2010-03-28 12:52 . 2010-03-28 12:53
    d
    w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2010-03-28 12:52 . 2010-03-28 12:53
    d
    w- c:\program files\iTunes
    2010-03-28 12:52 . 2010-03-28 12:52
    d
    w- c:\program files\Bonjour
    2010-03-28 11:53 . 2010-03-28 12:52
    d
    w- c:\programdata\Apple Computer
    2010-03-28 11:51 . 2010-03-28 12:52
    d
    w- c:\program files\Common Files\Apple
    2010-03-28 11:51 . 2010-03-28 11:51
    d
    w- c:\users\staples\AppData\Local\Apple
    2010-03-28 11:51 . 2010-03-28 11:51
    d
    w- c:\program files\Apple Software Update
    2010-03-28 11:51 . 2010-03-28 11:51
    d
    w- c:\programdata\Apple
    2010-03-28 11:48 . 2010-03-28 11:53
    d
    w- c:\program files\QuickTime
    2010-03-26 20:30 . 2010-04-10 21:05 1 ----a-w- c:\users\staples\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-03-26 20:29 . 2010-03-26 20:29
    d
    w- c:\users\staples\AppData\Roaming\OpenOffice.org
    2010-03-26 15:09 . 2010-03-26 15:09
    d
    w- c:\users\staples\AppData\Local\Microsoft Help
    2010-03-26 10:51 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-03-21 14:09 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-03-21 14:09 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-03-21 14:09 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-03-21 14:09 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-03-21 14:09 . 2010-03-09 11:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-03-21 14:08 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-03-21 14:08 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-03-21 14:08 . 2010-03-21 14:08
    d
    w- c:\programdata\Alwil Software
    2010-03-21 14:08 . 2010-03-21 14:08
    d
    w- c:\program files\Alwil Software
    2010-03-21 13:31 . 2008-10-16 15:41 16384 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\sleep.exe
    2010-03-21 13:31 . 2007-01-08 08:34 6656 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\localXP.exe
    2010-03-21 13:31 . 2007-01-01 16:01 9728 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\localVista.exe
    2010-03-21 13:31 . 2006-12-21 11:16 614400 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\Iml32.dll
    2010-03-21 13:31 . 2006-12-21 11:16 21504 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\shellExecute.exe
    2010-03-21 13:31 . 2006-12-21 11:16 151552 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\Proj.dll
    2010-03-21 13:31 . 2006-12-21 11:16 343040 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\msvcrt.dll
    2010-03-21 13:31 . 2006-12-21 11:16 1499136 ----a-w- c:\users\staples\AppData\Roaming\myphotobook\xtras\Dirapi.dll
    2010-03-21 13:31 . 2010-03-21 13:31
    d
    w- c:\users\staples\AppData\Roaming\myphotobook
    2010-03-21 13:07 . 2010-03-21 13:07
    d
    w- c:\program files\OpenOffice.org 3
    2010-03-21 12:42 . 2010-03-21 12:42
    d
    w- c:\program files\Windows Portable Devices
    2010-03-21 12:25 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2010-03-21 12:25 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2010-03-21 12:25 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2010-03-21 12:25 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2010-03-21 12:25 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2010-03-21 12:25 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2010-03-21 12:25 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2010-03-21 12:25 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2010-03-21 12:25 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2010-03-21 12:25 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2010-03-21 12:25 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2010-03-21 12:25 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2010-03-21 12:23 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2010-03-21 12:23 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2010-03-21 12:23 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2010-03-18 14:51 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-03-18 14:51 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-03-18 14:51 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-03-13 11:02 . 2010-03-13 11:03
    d
    w- c:\windows\system32\ca-ES
    2010-03-13 11:02 . 2010-03-13 11:03
    d
    w- c:\windows\system32\eu-ES
    2010-03-13 11:02 . 2010-03-13 11:03
    d
    w- c:\windows\system32\vi-VN
    2010-03-13 10:16 . 2010-03-13 10:16
    d
    w- c:\windows\system32\EventProviders
    2010-03-13 10:04 . 2010-03-13 10:04
    d
    w- c:\programdata\Office Genuine Advantage
    2010-03-13 08:55 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-03-13 08:55 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-03-13 08:55 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-03-13 08:44 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-02 12:03 . 2010-04-02 12:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
    2010-03-30 17:44 . 2009-06-05 10:03
    d
    w- c:\program files\Google
    2010-03-30 17:44 . 2009-06-05 09:47
    d
    w- c:\program files\Java
    2010-03-28 13:28 . 2009-06-05 09:22
    d--h--w- c:\program files\InstallShield Installation Information
    2010-03-27 20:22 . 2009-06-05 10:11
    d
    w- c:\programdata\Microsoft Help
    2010-03-24 21:42 . 2009-06-05 10:05
    d
    w- c:\program files\TOSHIBA Games
    2010-03-24 21:38 . 2009-06-05 10:05
    d
    w- c:\programdata\WildTangent
    2010-03-24 21:31 . 2009-06-05 09:59
    d
    w- c:\programdata\McAfee
    2010-03-21 17:17 . 2009-09-09 13:05 76136 ----a-w- c:\users\staples\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-03-21 12:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-03-21 12:42 . 2010-03-21 12:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2010-03-13 11:03 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Calendar
    2010-03-13 11:03 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2010-03-13 11:03 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Sidebar
    2010-03-13 11:03 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Journal
    2010-03-13 11:03 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Collaboration
    2010-03-13 11:03 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Photo Gallery
    2010-03-13 11:03 . 2006-11-02 12:37
    d
    w- c:\program files\Windows Defender
    2010-03-09 03:28 . 2009-06-05 09:48 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-05 20:46 . 2009-06-05 09:56
    d
    w- c:\program files\Common Files\Adobe
    2010-02-24 09:16 . 2010-02-16 17:34 181632
    w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39 . 2010-03-31 07:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-03-31 07:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 06:33 . 2010-03-31 07:18 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 04:55 . 2010-03-31 07:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-17 08:54 . 2009-06-05 10:09
    d
    w- c:\program files\Microsoft Works
    2010-02-15 17:41 . 2010-02-15 17:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-01-25 12:00 . 2010-02-24 13:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-24 13:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-24 13:58 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-24 13:58 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-24 13:58 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-02-24 13:58 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-02-24 13:58 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-02-24 13:58 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21 . 2010-02-24 13:58 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-23 09:26 . 2010-02-24 13:59 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
    "Google Update"="c:\users\staples\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
    "TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-27 252288]
    "SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-03-24 163840]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
    "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1011712]
    "TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-16 2513472]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-06 468320]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-03-31 503808]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
    "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-24 1323008]
    "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
    "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-04-07 811008]
    "TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-15 570736]
    "NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
    "cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
    "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-03-23 1045904]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-03-04 96144]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
    c:\users\staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
    OneNote Table Of Contents.onetoc2 [2010-4-3 3656]
    c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):f1,6e,92,3f,a9,c6,ca,01
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-04-08 114528]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-03-25 30272]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 13336]
    S1 aswSP;aswSP; [x]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
    S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
    S2 camsvc;TOSHIBA Web Camera Service;c:\program files\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
    S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-03-23 116104]
    S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 176128]
    S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728]
    S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 656752]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-20 12920]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 22272]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
  • Somerset
    Somerset Posts: 3,636 Forumite
    Part of the Furniture Combo Breaker
    -- Other Services/Drivers In Memory ---
    *NewlyCreated* - MPFILTER
    *NewlyCreated* - MPNWMON
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    2010-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349968997-335335101-4224921396-1000Core.job
    - c:\users\staples\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-07 16:58]
    2010-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-349968997-335335101-4224921396-1000UA.job
    - c:\users\staples\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-07 16:58]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://aol.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
    IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-Sound Card Driver - c:\program files\Common Files\Microsoft Shared\DAO\007.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-11 21:01
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-04-11 21:06:12
    ComboFix-quarantined-files.txt 2010-04-11 20:06
    ComboFix2.txt 2010-04-10 19:43
    Pre-Run: 180,826,722,304 bytes free
    Post-Run: 180,834,963,456 bytes free
    Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
    - - End Of File - - 333A8BB8D3ACBBA9959E19FCA418BA19
  • Somerset
    Somerset Posts: 3,636 Forumite
    Part of the Furniture Combo Breaker
    aliEnRIK wrote: »
    re run hijack
    TICk them
    then click to FIX them

    I went back to Hijack, scanned again, ticked the two items and clicked fix. The items didn't disappear - so I went through the process again, but still there.

    I assumed they were 'fixed' even if still showing ?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Reset internet explorer

    1. Open Internet Explorer.
    2. Click Tools, and then click Internet Options.
    3. Click the Advanced tab.
    4. Under Reset Internet Explorer Settings, click Reset.

    ill check the combofix log laters
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.2K Banking & Borrowing
  • 252.8K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243.1K Work, Benefits & Business
  • 597.5K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture