|
| ||
| frmwrk32.exe? Okay, so I've been having issues with my computer. First, my Windows Automatic Updates weren't working, but I think I've got that fixed. Now, my background is a solid light blue, and I can't change it in the Display menu. I'd really appreciate some help. I have AVG, Malwarebytes, and Ad-Aware, but none of them have found anything. (Earlier, Malwarebyes got rid of a bunch of stuff, see first two logs below). I also have ZoneAlarm, now set on the high levels. When I thought I had everything under control, the background changed colors and I got a strange virus notification in my tray. ZoneAlarm told me that frmwrk32.exe was trying to access the internet. I looked it up on the internet and clicked 'deny' and then killed the process through the task manager....but my background is still stuck. So, first, are the logs from earlier today, and then a log from hijackthis from a few minutes ago. A merry chirstmas indeed. Malwarebytes log 1: Malwarebytes' Anti-Malware 1.31 Database version: 1540 Windows 5.1.2600 Service Pack 3 12/24/2008 10:58:17 AM mbam-log-2008-12-24 (10-58-17).txt Scan type: Quick Scan Objects scanned: 66181 Time elapsed: 5 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 7 Registry Keys Infected: 10 Registry Values Infected: 6 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\vuvubuyo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kunuzavi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\zabelidu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\mugorazi.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\gehumuro.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tupurevo.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\dodohovo.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcaf33df-bf00-49e9-96f5-4aa8a49077f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dcaf33df-bf00-49e9-96f5-4aa8a49077f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dcaf33df-bf00-49e9-96f5-4aa8a49077f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tosbtnp (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e028bf8a (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zudalaniku (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme31b8c16 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\TosBtNP.dll (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kunuzavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kunuzavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kunuzavi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zabelidu.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zabelidu.dll -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\renawevu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uvewaner.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vuvubuyo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\oyubuvuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gehumuro.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\zabelidu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tupurevo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kunuzavi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\mugorazi.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\dodohovo.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\zoripuzo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TosBtNP.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyyayYp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Malwarebytes log 2: Malwarebytes' Anti-Malware 1.31 Database version: 1540 Windows 5.1.2600 Service Pack 3 12/24/2008 1:38:11 PM mbam-log-2008-12-24 (13-38-11).txt Scan type: Full Scan (C:\|) Objects scanned: 163403 Time elapsed: 1 hour(s), 14 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\urqPhfcC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{54B45C65-99B6-4E80-9C3F-EFA62303F8BB}\RP589\A0113617.dll (Trojan.Vundo) -> Quarantined and deleted successfully. HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:36 PM, on 12/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\keyacc32.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\kass.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\toshiba\ivp\ism\ivpsvmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Protector Suite QL\ctlcntr.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amherst.edu/intranet/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [Kraidman] c:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KeyAccess] kass.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [zudalaniku] Rundll32.exe "C:\WINDOWS\system32\gehumuro.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [zudalaniku] Rundll32.exe "C:\WINDOWS\system32\gehumuro.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.antispyexpert.com (HKLM) O15 - Trusted Zone: *.spyguardpro.com (HKLM) O15 - Trusted Zone: *.virusremover2008.com (HKLM) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230041995859 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/j...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.85.106.41/activex/AMC.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: KATRACK.DLL O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KeyAccess - Sassafras Software Inc. - C:\WINDOWS\keyacc32.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E} -- End of file - 17073 bytes Oh, also, before all of this happened, my task manager was really wierd (as in, since I got the computer a year and a half ago), in that it had no menus at the top, and I could only view applications. But it's normal now. Strange. Thanks so much for your help. : ) ETA: I have a fingerprint scanner, too, and while it works to start the computer, I get a logon error at the user screen, and I have to type in the password, whereas it usually goes right through with my previous fingerprint. Don't know if that's important. |
| ||
| Re: frmwrk32.exe? Hi and welcome to the Daniweb forums :). ========== Do you know what C:\WINDOWS\kass.exe is? If not, please go to Jotti's or to virustotal and have it scanned. Post the results back here. ==== Can you please do the following. =============== Go to Add/Remove programs and uninstall the following, if present: Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar The above could appear anywhere within the entry. Be careful not to remove any personal or system software. =============== Scan with HijackThis and then place a check next to all the following, if present: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKUS\S-1-5-19\..\Run: [zudalaniku] Rundll32.exe "C:\WINDOWS\system32\gehumuro.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [zudalaniku] Rundll32.exe "C:\WINDOWS\system32\gehumuro.dll",s (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.antispyexpert.com (HKLM) O15 - Trusted Zone: *.spyguardpro.com (HKLM) O15 - Trusted Zone: *.virusremover2008.com (HKLM) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E} Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked". =============== Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders: folders... C:\Program Files\Viewpoint files... C:\WINDOWS\system32\gehumuro.dll - Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Reboot. =============== After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now. |
| ||
| Re: frmwrk32.exe? Thanks for the welcome. : ) Though I don't know what C:\WINDOWS\kass.exe is, Jotti's didn't have a problem with it. I uninstalled Viewpoint Media Player. I also 'fixed' all of the things you told me to, except for O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe because it wasn't there anymore when I scanned again, I assume because I uninstalled the program. Although viewing hidden files/folders, neither of the two were present. Upon rebooting my computer, the fingerprint thing didn't work, I got the bogus security warning, and my task manager said that it was disabled by the administrator. Sad. So I reran hijackthis, and here's the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18:07 AM, on 12/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\keyacc32.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\kass.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\frmwrk32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amherst.edu/intranet/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [Kraidman] c:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KeyAccess] kass.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230041995859 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/j...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.85.106.41/activex/AMC.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: KATRACK.DLL O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KeyAccess - Sassafras Software Inc. - C:\WINDOWS\keyacc32.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 15707 bytes Could it be O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) ? It seemed to go along with the no name/no file theme of before. Thanks again for your help. |
| ||
| Re: frmwrk32.exe? Try this for now; Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm |
| ||
| Re: frmwrk32.exe? Here it is. I have no idea what it's saying, enjoy. SmitFraudFix v2.387 Scan done at 0:52:48.31, Thu 12/25/2008 Run from C:\Documents and Settings\Kimberly Maize\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\keyacc32.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\kass.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\frmwrk32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kimberly Maize »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kimberly Maize\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KIMBER~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" KATRACK.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{780DEA52-A49A-49F5-87A1-35E25218C3A4}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{780DEA52-A49A-49F5-87A1-35E25218C3A4}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{780DEA52-A49A-49F5-87A1-35E25218C3A4}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CFA0CD9-8F92-4954-BCE9-23634CC6BEA2}: DhcpNameServer=148.85.1.1 148.85.1.3 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=148.85.1.1 148.85.1.3 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
| ||
| Re: frmwrk32.exe? Also, in the interim, I got antsy, so I ran another malwayrebytes scan. Here's the log: Malwarebytes' Anti-Malware 1.31 Database version: 1540 Windows 5.1.2600 Service Pack 3 12/25/2008 1:29:37 AM mbam-log-2008-12-25 (01-29-37).txt Scan type: Quick Scan Objects scanned: 67714 Time elapsed: 6 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot. ....and now I can change my background and get to my task manager, though the logon bit still doesn't work. I can deal with that though. Thanks for your help, and if you have any more advice, I'd love to hear it. |
| ||
| Re: frmwrk32.exe? I thought that Smitfraufix would have picked up what MBAM just found :(. I would run the following if you are still having problems. Please download ComboFix by sUBs from HERE or HERE
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. |
| ||
| Re: frmwrk32.exe? Here's the combofix log: ComboFix 08-12-23.01 - Kimberly Maize 2008-12-25 8:45:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1689 [GMT -5:00] Running from: c:\documents and settings\Kimberly Maize\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\404Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\uniq.tll c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe ----- BITS: Possible infected sites ----- hxxp://childhe.com . ((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))))) . 2008-12-25 00:52 . 2008-12-25 00:50 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-24 22:52 . 2008-12-24 22:52 <DIR> d-------- c:\program files\Trend Micro 2008-12-24 21:54 . 2008-12-24 21:55 <DIR> d-------- c:\program files\RogueRemover FREE 2008-12-24 17:19 . 2008-12-24 17:27 <DIR> d-------- c:\program files\StumbleUpon 2008-12-24 10:50 . 2008-12-24 10:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 10:50 . 2008-12-24 10:50 <DIR> d-------- c:\documents and settings\Kimberly Maize\Application Data\Malwarebytes 2008-12-24 10:50 . 2008-12-24 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-24 10:50 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-24 10:50 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-23 16:22 . 2008-12-23 16:22 <DIR> d--h----- c:\windows\system32\GroupPolicy 2008-12-23 08:53 . 2008-12-24 14:25 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-23 01:25 . 2008-12-23 09:33 <DIR> d-------- c:\documents and settings\Kimberly Maize\.housecall6.6 2008-12-22 20:01 . 2008-12-22 20:01 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\StumbleUpon 2008-12-10 16:38 . 2008-12-25 08:44 <DIR> d-------- c:\documents and settings\Kimberly Maize\Application Data\StumbleUpon 2008-12-10 15:35 . 2008-12-10 15:35 <DIR> d-------- c:\program files\Common 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\system32\scripting 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\system32\en 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\system32\bits 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\l2schemas 2008-12-09 15:09 . 2008-12-09 15:14 <DIR> d-------- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-25 13:57 196,429,856 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-25 13:52 2,302,820 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-25 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-12-23 21:48 15,973,456 ----a-w c:\windows\Internet Logs\tvDebug.zip 2008-12-23 16:29 2,286,080 ----a-w c:\windows\Internet Logs\xDB2D.tmp 2008-12-23 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-23 15:46 --------- d-----w c:\program files\Lavasoft 2008-12-23 15:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-23 06:10 2,257,408 ----a-w c:\windows\Internet Logs\xDB2C.tmp 2008-12-23 00:38 2,255,872 ----a-w c:\windows\Internet Logs\xDB2B.tmp 2008-12-23 00:15 2,267,136 ----a-w c:\windows\Internet Logs\xDB2A.tmp 2008-12-19 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\KeyAccess 2008-12-17 15:05 --------- d-----w c:\documents and settings\Kimberly Maize\Application Data\EndNote 2008-12-09 20:14 --------- d-----w c:\program files\Windows Journal 2008-12-03 16:08 --------- d-----w c:\program files\Java 2008-12-02 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-11 17:41 2,162,688 ----a-w c:\windows\Internet Logs\xDB29.tmp 2008-11-08 02:56 2,154,496 ----a-w c:\windows\Internet Logs\xDB28.tmp 2008-11-08 02:56 1,408,000 ----a-w c:\windows\Internet Logs\xDB27.tmp 2008-11-07 18:31 2,968,576 ----a-w c:\windows\Internet Logs\xDB25.tmp 2008-11-07 18:30 2,153,984 ----a-w c:\windows\Internet Logs\xDB26.tmp 2008-11-06 03:11 --------- d-----w c:\program files\DivX 2008-10-29 02:57 2,927,104 ----a-w c:\windows\Internet Logs\xDB24.tmp 2008-10-28 15:32 2,122,752 ----a-w c:\windows\Internet Logs\xDB23.tmp 2008-10-22 15:47 2,116,608 ----a-w c:\windows\Internet Logs\xDB22.tmp 2008-10-19 18:42 2,814,976 ----a-w c:\windows\Internet Logs\xDB20.tmp 2008-10-19 18:42 2,118,656 ----a-w c:\windows\Internet Logs\xDB21.tmp 2008-10-15 07:20 4,215,296 ----a-w c:\windows\Internet Logs\xDB1E.tmp 2008-10-15 07:20 2,120,192 ----a-w c:\windows\Internet Logs\xDB1F.tmp . ((((((((((((((((((((((((((((( snapshot@2008-12-23_16.57.59.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-23 01:00:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-23 22:00:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-23 01:00:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-23 22:00:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-12-23 01:01:28 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-23 22:00:32 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-25 05:51:13 40,960 ----a-w c:\windows\system32\swsc.exe + 2008-12-25 13:53:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_10c.dat + 2008-12-25 13:54:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_dd4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="thpsrv" [X] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-01-17 18:20 258048] "CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2005-09-20 798720] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-10-05 344144] "TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 90112] "TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-22 86016] "Kraidman"="c:\program files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2006-03-19 1130578] "TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-11-29 266240] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-23 122880] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-28 126976] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-29 155648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe] "000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe] "NDSTray.exe"="NDSTray.exe" [BU] "TFncKy"="TFncKy.exe" [BU] "TFNF5"="TFNF5.exe" [2005-11-10 c:\windows\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2006-03-10 c:\windows\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2006-03-10 c:\windows\system32\TPSODDCtl.exe] "CFSServ.exe"="CFSServ.exe" [BU] "KeyAccess"="kass.exe" [2008-03-02 c:\windows\kass.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528] c:\documents and settings\Kimberly Maize\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-09-11 155648] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-05-05 19:48 40448 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP] 2006-03-02 16:51 53248 c:\windows\system32\TSigNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= KATRACK.DLL "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\keyacc32.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\QuickTime\\qttask.exe"= "c:\\WINDOWS\\system32\\searchprotocolhost.exe"= R0 KR10I2K;KR10I2K;c:\windows\system32\drivers\KR10I2K.sys [2006-09-11 215552] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2004-12-28 16384] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2006-09-11 6144] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-23 97928] R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2006-09-11 5888] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 231704] R2 FdRedir;FdRedir;\??\c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;\??\c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 33024] R2 KeyAccess;KeyAccess;c:\windows\keyacc32.exe [2008-03-02 1028800] R2 smihlp;SMI helper driver;\??\c:\program files\Protector Suite QL\smihlp.sys [2006-05-05 3456] R2 Tmesrv;Tmesrv3;"c:\program files\TOSHIBA\TME3\Tmesrv31.exe" /Service [2006-09-11 126976] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-10-05 13592] R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-11 35968] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\DRIVERS\TBtnKey.sys [2006-09-11 8832] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2006-09-11 595072] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-09-11 14208] S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\StumbleUpon\StumbleUponUpdateService.exe" [2008-12-18 120168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{575762e3-9512-11dc-a7c5-001b774803bc}] \Shell\AutoRun\command - E:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2008-12-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11] 2008-12-25 c:\windows\Tasks\pecnicca.job - c:\windows\system32\rundll32.exe [2008-04-13 19:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.amherst.edu/intranet/index.php uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.85.106.41/activex/AMC.cab c:\windows\Downloaded Program Files\setup.inf FF - ProfilePath - c:\documents and settings\Kimberly Maize\Application Data\Mozilla\Firefox\Profiles\yeugomrv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.amherst.edu/intranet/index.php FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-25 08:54:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\windows\system32\TSigNP.dll c:\program files\Protector Suite QL\crypto.dll c:\program files\Protector Suite QL\biokmd.dll c:\program files\Protector Suite QL\basegui.dll c:\program files\Protector Suite QL\mysafe.dll - - - - - - - > 'lsass.exe'(992) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\wisptis.exe c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\tabbtnu.exe c:\program files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\windows\system32\ThpSrv.exe c:\program files\Toshiba\TOSHIBA RAID\Service\krdevctl.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\system32\searchindexer.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe c:\windows\system32\ThpSrv.exe c:\program files\Protector Suite QL\psqltray.exe c:\windows\system32\wscntfy.exe c:\program files\Toshiba\TME3\TMETEMnu.exe c:\program files\Toshiba\ConfigFree\CFSServ.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\TPSBattM.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2008-12-25 9:01:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-25 14:01:07 ComboFix2.txt 2008-12-23 21:58:58 Pre-Run: 17,132,933,120 bytes free Post-Run: 17,186,889,728 bytes free 306 --- E O F --- 2008-12-22 15:34:49 And the new hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:12:27 AM, on 12/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\keyacc32.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\kass.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amherst.edu/intranet/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [Kraidman] c:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KeyAccess] kass.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230041995859 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/j...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.85.106.41/activex/AMC.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: KATRACK.DLL O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KeyAccess - Sassafras Software Inc. - C:\WINDOWS\keyacc32.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 15653 bytes I don't have any more serious problems, but my fingerprint scanner won't log me on to windows. But as I said before, I can deal with that. Thanks for all the help. You rock. |
| ||
| Re: frmwrk32.exe? 1 Attachment(s) I am not seeing anything else untoward in your log, other than that kass.exe file you uploaded to Jottis. Let's see if we can get some info on it. 1. Please open Notepad
FileLook:: Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Save the above as CFScript.txt 4. Physically disconnect from the internet. 5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. 6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. Attachment 8655 7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. |
| ||
| Re: frmwrk32.exe? Aha! After reading the log of the combofix on the kass.exe, I figured out what was going on. The program's something I need in order to access certain programs on my school's network, that only a certain number of people can use at a time. But here's the log: ComboFix 08-12-23.01 - Kimberly Maize 2008-12-25 19:27:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1714 [GMT -5:00] Running from: c:\documents and settings\Kimberly Maize\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kimberly Maize\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 ))))))))))))))))))))))))))))))) . 2008-12-25 00:52 . 2008-12-25 00:50 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-24 22:52 . 2008-12-24 22:52 <DIR> d-------- c:\program files\Trend Micro 2008-12-24 21:54 . 2008-12-24 21:55 <DIR> d-------- c:\program files\RogueRemover FREE 2008-12-24 17:19 . 2008-12-24 17:27 <DIR> d-------- c:\program files\StumbleUpon 2008-12-24 10:50 . 2008-12-24 10:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 10:50 . 2008-12-24 10:50 <DIR> d-------- c:\documents and settings\Kimberly Maize\Application Data\Malwarebytes 2008-12-24 10:50 . 2008-12-24 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-24 10:50 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-24 10:50 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-23 16:22 . 2008-12-23 16:22 <DIR> d--h----- c:\windows\system32\GroupPolicy 2008-12-23 08:53 . 2008-12-24 14:25 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-23 01:25 . 2008-12-23 09:33 <DIR> d-------- c:\documents and settings\Kimberly Maize\.housecall6.6 2008-12-22 20:01 . 2008-12-22 20:01 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\StumbleUpon 2008-12-10 16:38 . 2008-12-25 19:25 <DIR> d-------- c:\documents and settings\Kimberly Maize\Application Data\StumbleUpon 2008-12-10 15:35 . 2008-12-10 15:35 <DIR> d-------- c:\program files\Common 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\system32\scripting 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\system32\en 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\system32\bits 2008-12-09 15:13 . 2008-12-09 15:13 <DIR> d-------- c:\windows\l2schemas 2008-12-09 15:09 . 2008-12-09 15:14 <DIR> d-------- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-26 00:37 196,640,800 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-26 00:33 16,651,154 ----a-w c:\windows\Internet Logs\tvDebug.zip 2008-12-26 00:31 2,305,268 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-25 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-12-23 16:29 2,286,080 ----a-w c:\windows\Internet Logs\xDB2D.tmp 2008-12-23 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-23 15:46 --------- d-----w c:\program files\Lavasoft 2008-12-23 15:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-23 06:10 2,257,408 ----a-w c:\windows\Internet Logs\xDB2C.tmp 2008-12-23 00:38 2,255,872 ----a-w c:\windows\Internet Logs\xDB2B.tmp 2008-12-23 00:15 2,267,136 ----a-w c:\windows\Internet Logs\xDB2A.tmp 2008-12-19 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\KeyAccess 2008-12-17 15:05 --------- d-----w c:\documents and settings\Kimberly Maize\Application Data\EndNote 2008-12-09 20:14 --------- d-----w c:\program files\Windows Journal 2008-12-03 16:08 --------- d-----w c:\program files\Java 2008-12-02 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-11 17:41 2,162,688 ----a-w c:\windows\Internet Logs\xDB29.tmp 2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-08 02:56 2,154,496 ----a-w c:\windows\Internet Logs\xDB28.tmp 2008-11-08 02:56 1,408,000 ----a-w c:\windows\Internet Logs\xDB27.tmp 2008-11-07 18:31 2,968,576 ----a-w c:\windows\Internet Logs\xDB25.tmp 2008-11-07 18:30 2,153,984 ----a-w c:\windows\Internet Logs\xDB26.tmp 2008-11-06 03:11 --------- d-----w c:\program files\DivX 2008-10-29 02:57 2,927,104 ----a-w c:\windows\Internet Logs\xDB24.tmp 2008-10-28 15:32 2,122,752 ----a-w c:\windows\Internet Logs\xDB23.tmp 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 15:47 2,116,608 ----a-w c:\windows\Internet Logs\xDB22.tmp 2008-10-19 18:42 2,814,976 ----a-w c:\windows\Internet Logs\xDB20.tmp 2008-10-19 18:42 2,118,656 ----a-w c:\windows\Internet Logs\xDB21.tmp 2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 07:20 4,215,296 ----a-w c:\windows\Internet Logs\xDB1E.tmp 2008-10-15 07:20 2,120,192 ----a-w c:\windows\Internet Logs\xDB1F.tmp 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- c:\windows\kass.exe ---- Company: Sassafras Software Inc. File Description: KeyAccess Messager for Windows File Version: 6.1.4 Product Name: Sassafras K2 Copyright: (c)1993-2008 Sassafras Software Inc. Original file name: KASS.EXE MD5: 1cdf38b3125ba7ffc7539b3fb1839b8b ((((((((((((((((((((((((((((( snapshot@2008-12-23_16.57.59.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-23 01:00:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-23 22:00:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-23 01:00:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-23 22:00:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-12-23 01:01:28 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-23 22:00:32 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-26 00:33:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="thpsrv" [X] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-01-17 18:20 258048] "CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2005-09-20 798720] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-10-05 344144] "TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 90112] "TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-22 86016] "Kraidman"="c:\program files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2006-03-19 1130578] "TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-11-29 266240] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-23 122880] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-28 126976] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-29 155648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe] "000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe] "NDSTray.exe"="NDSTray.exe" [BU] "TFncKy"="TFncKy.exe" [BU] "TFNF5"="TFNF5.exe" [2005-11-10 c:\windows\system32\TFNF5.exe] "TPSMain"="TPSMain.exe" [2006-03-10 c:\windows\system32\TPSMain.exe] "TPSODDCtl"="TPSODDCtl.exe" [2006-03-10 c:\windows\system32\TPSODDCtl.exe] "CFSServ.exe"="CFSServ.exe" [BU] "KeyAccess"="kass.exe" [2008-03-02 c:\windows\kass.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528] c:\documents and settings\Kimberly Maize\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-09-11 155648] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-05-05 19:48 40448 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP] 2006-03-02 16:51 53248 c:\windows\system32\TSigNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= KATRACK.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\keyacc32.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\QuickTime\\qttask.exe"= "c:\\WINDOWS\\system32\\searchprotocolhost.exe"= R0 KR10I2K;KR10I2K;c:\windows\system32\drivers\KR10I2K.sys [2006-09-11 215552] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2004-12-28 16384] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2006-09-11 6144] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-23 97928] R1 TMEI3E;TMEI3E;c:\windows\system32\Drivers\TMEI3E.SYS [2006-09-11 5888] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 231704] R2 FdRedir;FdRedir;\??\c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;\??\c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 33024] R2 KeyAccess;KeyAccess;c:\windows\keyacc32.exe [2008-03-02 1028800] R2 smihlp;SMI helper driver;\??\c:\program files\Protector Suite QL\smihlp.sys [2006-05-05 3456] R2 Tmesrv;Tmesrv3;"c:\program files\TOSHIBA\TME3\Tmesrv31.exe" /Service [2006-09-11 126976] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-10-05 13592] R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-09-11 35968] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\DRIVERS\TBtnKey.sys [2006-09-11 8832] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\DRIVERS\TEchoCan.sys [2006-09-11 595072] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-09-11 14208] S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\StumbleUpon\StumbleUponUpdateService.exe" [2008-12-18 120168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{575762e3-9512-11dc-a7c5-001b774803bc}] \Shell\AutoRun\command - E:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2008-12-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-10-05 21:11] 2008-12-26 c:\windows\Tasks\pecnicca.job - c:\windows\system32\rundll32.exe [2008-04-13 19:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.amherst.edu/intranet/index.php uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.85.106.41/activex/AMC.cab c:\windows\Downloaded Program Files\setup.inf FF - ProfilePath - c:\documents and settings\Kimberly Maize\Application Data\Mozilla\Firefox\Profiles\yeugomrv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.amherst.edu/intranet/index.php FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-25 19:34:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\windows\system32\TSigNP.dll c:\program files\Protector Suite QL\crypto.dll c:\program files\Protector Suite QL\biokmd.dll c:\program files\Protector Suite QL\basegui.dll c:\program files\Protector Suite QL\mysafe.dll - - - - - - - > 'lsass.exe'(992) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\wisptis.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\tabbtnu.exe c:\program files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\windows\system32\ThpSrv.exe c:\program files\Toshiba\TOSHIBA RAID\Service\krdevctl.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\system32\searchindexer.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe c:\windows\system32\wscntfy.exe c:\program files\Apoint2K\ApntEx.exe c:\windows\system32\ThpSrv.exe c:\windows\system32\searchprotocolhost.exe c:\program files\Toshiba\TME3\TMETEMnu.exe c:\program files\Protector Suite QL\psqltray.exe c:\windows\system32\TPSBattM.exe c:\program files\Toshiba\ConfigFree\CFSServ.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2008-12-25 19:42:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-26 00:42:37 ComboFix2.txt 2008-12-25 14:01:15 ComboFix3.txt 2008-12-23 21:58:58 Pre-Run: 17,151,832,064 bytes free Post-Run: 17,143,382,016 bytes free 310 --- E O F --- 2008-12-22 15:34:49 And the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:49:15 PM, on 12/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\keyacc32.exe C:\WINDOWS\System32\tabbtnu.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\krdevctl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\Program Files\Protector Suite QL\psqltray.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\kass.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amherst.edu/intranet/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [Kraidman] c:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe O4 - HKLM\..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KeyAccess] kass.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230041995859 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/j...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.85.106.41/activex/AMC.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: KATRACK.DLL O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KeyAccess - Sassafras Software Inc. - C:\WINDOWS\keyacc32.exe O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 15567 bytes |
| All times are GMT -4. The time now is 12:40 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC