theboy
New Member
My girlfriends laptop has been freezing up at random times. I have ran chkdsk & chkdsk/f a few times. Also, I have ran MBAM in safe mode but found nothing. Lastly, I ran ComboFix and I think it found and corrected a few entries that may be possible causes.
Can you give a look?
Many thanks in advance.
ComboFix 10-05-05.04 - Ace 05/05/2010 18:36:33.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1466 [GMT -7:00]
Running from: C:\Users\Ace\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-2734677411-1145241183-1731341934-500
C:\$RECYCLE.BIN\S-1-5-21-3969566641-39007500-1738613080-500
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-06 01:35:04 . 2010-05-06 01:35:24 -------- d-----w- C:\32788R22FWJFW
2010-05-06 01:11:52 . 2010-05-06 01:40:41 680 ----a-w- C:\Users\Ace\AppData\Local\d3d9caps.dat
2010-05-05 21:07:13 . 2010-04-29 22:39:38 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-05-05 21:07:12 . 2010-05-05 21:07:17 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-05 21:07:12 . 2010-04-29 22:39:26 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-05-05 20:29:09 . 2010-05-05 20:29:09 -------- d-----w- C:\found.000
2010-04-30 01:23:40 . 2010-04-30 01:23:40 -------- d-----w- C:\Program Files\iPod
2010-04-30 01:23:38 . 2010-04-30 01:24:27 -------- d-----w- C:\Program Files\iTunes
2010-04-30 01:21:07 . 2010-04-30 01:21:07 -------- d-----w- C:\Program Files\Bonjour
2010-04-30 01:17:52 . 2010-04-30 01:17:52 73000 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-14 20:02:45 . 2010-02-23 11:10:19 212992 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:02:45 . 2010-02-23 11:10:13 79360 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:02:45 . 2010-02-23 11:10:13 106496 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-04-14 20:02:38 . 2010-02-18 14:07:05 3548040 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-04-14 20:02:37 . 2010-02-18 14:07:05 3600776 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 20:02:34 . 2010-03-05 14:01:02 420352 ----a-w- C:\Windows\system32\vbscript.dll
2010-04-14 20:02:27 . 2010-02-18 14:07:16 904576 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2010-04-14 20:02:27 . 2010-02-18 11:28:13 25088 ----a-w- C:\Windows\system32\drivers\tunnel.sys
2010-04-14 20:02:26 . 2010-02-18 13:30:03 200704 ----a-w- C:\Windows\system32\iphlpsvc.dll
2010-04-13 22:17:47 . 2009-12-23 11:33:29 172032 ----a-w- C:\Windows\system32\wintrust.dll
2010-04-13 22:17:45 . 2010-01-13 17:34:11 98304 ----a-w- C:\Windows\system32\cabview.dll
2010-04-09 04:19:05 . 2010-04-09 04:19:36 -------- d-----w- C:\Program Files\OpenOffice.org 3
2010-04-08 20:20:02 . 2010-04-08 20:20:02 91424 ----a-w- C:\Windows\system32\dnssd.dll
2010-04-08 20:20:02 . 2010-04-08 20:20:02 107808 ----a-w- C:\Windows\system32\dns-sd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 01:23:39 . 2009-06-30 20:22:51 -------- d-----w- C:\Program Files\Common Files\Apple
2010-04-27 03:04:45 . 2009-06-29 22:01:23 -------- d-----w- C:\Program Files\CCleaner
2010-04-15 00:06:20 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-04-14 19:54:42 . 2009-11-14 03:33:35 -------- d-----w- C:\ProgramData\Yahoo! Companion
2010-04-14 16:47:23 . 2009-12-23 08:07:20 38848 ----a-w- C:\Windows\system32\avastSS.scr
2010-04-14 16:47:03 . 2009-12-23 08:07:02 153184 ----a-w- C:\Windows\system32\aswBoot.exe
2010-04-14 16:35:47 . 2009-12-23 08:07:20 46672 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2010-04-14 16:35:25 . 2009-12-23 08:07:20 162768 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2010-04-14 16:31:39 . 2009-12-23 08:07:21 23376 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2010-04-14 16:31:23 . 2009-12-23 08:07:02 51792 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2010-04-14 16:31:01 . 2009-12-23 08:07:20 19024 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2010-04-14 00:07:08 . 2009-06-30 00:40:03 -------- d-----w- C:\Users\Ace\AppData\Roaming\Yahoo!
2010-04-13 23:53:10 . 2009-06-30 00:38:55 -------- d-----w- C:\Program Files\Yahoo!
2010-04-09 23:25:47 . 2009-06-29 21:43:35 88680 ----a-w- C:\Users\Ace\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 02:49:56 . 2010-04-02 02:49:00 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 02:46:44 . 2010-04-02 02:46:19 -------- d-----w- C:\Program Files\QuickTime
2010-03-30 23:27:27 . 2009-07-08 21:32:50 -------- d-----w- C:\Users\Ace\AppData\Roaming\IObit
2010-03-12 20:41:42 . 2009-07-01 06:04:20 -------- d-----w- C:\Program Files\Safari
2010-03-12 20:38:43 . 2010-03-12 20:38:43 79144 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-23 06:39:13 . 2010-03-31 20:12:10 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-02-23 06:33:45 . 2010-03-31 20:12:09 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-02-23 06:33:45 . 2010-03-31 20:12:05 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-02-23 04:55:36 . 2010-03-31 20:12:09 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2010-02-20 23:06:41 . 2010-03-10 06:50:37 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2010-02-20 23:05:14 . 2010-03-10 06:50:31 30720 ----a-w- C:\Windows\system32\httpapi.dll
2010-02-20 20:53:34 . 2010-03-10 06:50:32 411648 ----a-w- C:\Windows\system32\drivers\http.sys
2009-06-29 21:42:53 . 2009-06-29 21:42:53 13 --sh--r- C:\Windows\System32\drivers\fbd.sys
2009-06-29 21:42:50 . 2009-06-29 21:42:50 4 --sh--r- C:\Windows\System32\drivers\taishop.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "C:\Program Files\IObitCom\tbIOb1.dll" [2010-03-04 04:02:29 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-03-04 04:02:29 2349080 ----a-w- C:\Program Files\IObitCom\tbIOb1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "C:\Program Files\IObitCom\tbIOb1.dll" [2010-03-04 04:02:29 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 20:03:12 430080]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-25 23:06:10 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-25 23:05:50 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-25 23:06:02 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 23:14:50 6037504]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 01:54:40 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 17:40:36 1348904]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 21:52:52 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 06:01:12 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 21:26:48 505720]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 19:49:30 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 17:35:50 2780432]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 04:58:34 47392]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 23:21:52 246504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Ace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17:47 952768 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06:30 142120 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05:34 111856 ----a-w- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05:34 111856 ----a-w- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,29,45,ff,d4,f9,c9,01
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2010-04-14 16:31:23 51792]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 07:19:48 40960]
R2 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 21:46:22 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 01:03:52 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 21:38:08 24652]
R3 IO_Memory;IO_Memory;C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 23:53:00 954368]
R3 SVRPEDRV;SVRPEDRV;C:\Windows\System32\sysprep\PEDrv.sys [2008-01-18 16:22:00 9216]
S1 jswpslwf;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 00:59:18 20384]
S3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 21:11:14 7168]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-04-26 C:\Windows\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-06 23:04:44 . 2010-03-26 23:48:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\ty335yi2.default\
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Ace\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 18:41:36
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
Can you give a look?
Many thanks in advance.
ComboFix 10-05-05.04 - Ace 05/05/2010 18:36:33.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.1466 [GMT -7:00]
Running from: C:\Users\Ace\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-2734677411-1145241183-1731341934-500
C:\$RECYCLE.BIN\S-1-5-21-3969566641-39007500-1738613080-500
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-06 01:35:04 . 2010-05-06 01:35:24 -------- d-----w- C:\32788R22FWJFW
2010-05-06 01:11:52 . 2010-05-06 01:40:41 680 ----a-w- C:\Users\Ace\AppData\Local\d3d9caps.dat
2010-05-05 21:07:13 . 2010-04-29 22:39:38 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-05-05 21:07:12 . 2010-05-05 21:07:17 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-05 21:07:12 . 2010-04-29 22:39:26 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-05-05 20:29:09 . 2010-05-05 20:29:09 -------- d-----w- C:\found.000
2010-04-30 01:23:40 . 2010-04-30 01:23:40 -------- d-----w- C:\Program Files\iPod
2010-04-30 01:23:38 . 2010-04-30 01:24:27 -------- d-----w- C:\Program Files\iTunes
2010-04-30 01:21:07 . 2010-04-30 01:21:07 -------- d-----w- C:\Program Files\Bonjour
2010-04-30 01:17:52 . 2010-04-30 01:17:52 73000 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-14 20:02:45 . 2010-02-23 11:10:19 212992 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:02:45 . 2010-02-23 11:10:13 79360 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:02:45 . 2010-02-23 11:10:13 106496 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-04-14 20:02:38 . 2010-02-18 14:07:05 3548040 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-04-14 20:02:37 . 2010-02-18 14:07:05 3600776 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 20:02:34 . 2010-03-05 14:01:02 420352 ----a-w- C:\Windows\system32\vbscript.dll
2010-04-14 20:02:27 . 2010-02-18 14:07:16 904576 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2010-04-14 20:02:27 . 2010-02-18 11:28:13 25088 ----a-w- C:\Windows\system32\drivers\tunnel.sys
2010-04-14 20:02:26 . 2010-02-18 13:30:03 200704 ----a-w- C:\Windows\system32\iphlpsvc.dll
2010-04-13 22:17:47 . 2009-12-23 11:33:29 172032 ----a-w- C:\Windows\system32\wintrust.dll
2010-04-13 22:17:45 . 2010-01-13 17:34:11 98304 ----a-w- C:\Windows\system32\cabview.dll
2010-04-09 04:19:05 . 2010-04-09 04:19:36 -------- d-----w- C:\Program Files\OpenOffice.org 3
2010-04-08 20:20:02 . 2010-04-08 20:20:02 91424 ----a-w- C:\Windows\system32\dnssd.dll
2010-04-08 20:20:02 . 2010-04-08 20:20:02 107808 ----a-w- C:\Windows\system32\dns-sd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 01:23:39 . 2009-06-30 20:22:51 -------- d-----w- C:\Program Files\Common Files\Apple
2010-04-27 03:04:45 . 2009-06-29 22:01:23 -------- d-----w- C:\Program Files\CCleaner
2010-04-15 00:06:20 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-04-14 19:54:42 . 2009-11-14 03:33:35 -------- d-----w- C:\ProgramData\Yahoo! Companion
2010-04-14 16:47:23 . 2009-12-23 08:07:20 38848 ----a-w- C:\Windows\system32\avastSS.scr
2010-04-14 16:47:03 . 2009-12-23 08:07:02 153184 ----a-w- C:\Windows\system32\aswBoot.exe
2010-04-14 16:35:47 . 2009-12-23 08:07:20 46672 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2010-04-14 16:35:25 . 2009-12-23 08:07:20 162768 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2010-04-14 16:31:39 . 2009-12-23 08:07:21 23376 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2010-04-14 16:31:23 . 2009-12-23 08:07:02 51792 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2010-04-14 16:31:01 . 2009-12-23 08:07:20 19024 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2010-04-14 00:07:08 . 2009-06-30 00:40:03 -------- d-----w- C:\Users\Ace\AppData\Roaming\Yahoo!
2010-04-13 23:53:10 . 2009-06-30 00:38:55 -------- d-----w- C:\Program Files\Yahoo!
2010-04-09 23:25:47 . 2009-06-29 21:43:35 88680 ----a-w- C:\Users\Ace\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 02:49:56 . 2010-04-02 02:49:00 -------- d-----w- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 02:46:44 . 2010-04-02 02:46:19 -------- d-----w- C:\Program Files\QuickTime
2010-03-30 23:27:27 . 2009-07-08 21:32:50 -------- d-----w- C:\Users\Ace\AppData\Roaming\IObit
2010-03-12 20:41:42 . 2009-07-01 06:04:20 -------- d-----w- C:\Program Files\Safari
2010-03-12 20:38:43 . 2010-03-12 20:38:43 79144 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-23 06:39:13 . 2010-03-31 20:12:10 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-02-23 06:33:45 . 2010-03-31 20:12:09 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-02-23 06:33:45 . 2010-03-31 20:12:05 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-02-23 04:55:36 . 2010-03-31 20:12:09 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2010-02-20 23:06:41 . 2010-03-10 06:50:37 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2010-02-20 23:05:14 . 2010-03-10 06:50:31 30720 ----a-w- C:\Windows\system32\httpapi.dll
2010-02-20 20:53:34 . 2010-03-10 06:50:32 411648 ----a-w- C:\Windows\system32\drivers\http.sys
2009-06-29 21:42:53 . 2009-06-29 21:42:53 13 --sh--r- C:\Windows\System32\drivers\fbd.sys
2009-06-29 21:42:50 . 2009-06-29 21:42:50 4 --sh--r- C:\Windows\System32\drivers\taishop.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "C:\Program Files\IObitCom\tbIOb1.dll" [2010-03-04 04:02:29 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-03-04 04:02:29 2349080 ----a-w- C:\Program Files\IObitCom\tbIOb1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "C:\Program Files\IObitCom\tbIOb1.dll" [2010-03-04 04:02:29 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 20:03:12 430080]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-25 23:06:10 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-25 23:05:50 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-25 23:06:02 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 23:14:50 6037504]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 01:54:40 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 17:40:36 1348904]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 21:52:52 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 06:01:12 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 21:26:48 505720]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 19:49:30 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 17:35:50 2780432]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 04:58:34 47392]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 23:21:52 246504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Ace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17:47 952768 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06:30 142120 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05:34 111856 ----a-w- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05:34 111856 ----a-w- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,29,45,ff,d4,f9,c9,01
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2010-04-14 16:31:23 51792]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 07:19:48 40960]
R2 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 21:46:22 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 01:03:52 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 21:38:08 24652]
R3 IO_Memory;IO_Memory;C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 23:53:00 954368]
R3 SVRPEDRV;SVRPEDRV;C:\Windows\System32\sysprep\PEDrv.sys [2008-01-18 16:22:00 9216]
S1 jswpslwf;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 00:59:18 20384]
S3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 21:11:14 7168]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-04-26 C:\Windows\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-06 23:04:44 . 2010-03-26 23:48:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Ace\AppData\Roaming\Mozilla\Firefox\Profiles\ty335yi2.default\
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Ace\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 18:41:36
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...