Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: System32\service.exe infected


(!)

jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
27-Jul-2012, 05:47 PM #1
System32\service.exe infected
Rootkit detection was found by Malwarebytes. I am not savvy enough to clean this infection off by myself and I need help/advice on what to do. I have downloaded several tools to help me run logs, if you could please help.

Malwarebytes listed:
Trojan.0access
Rootkit.Zaccess
Trojean.Dropper.BCMiner

I've downloaded HiJackThis, aswMBR, OTL, erunt, and ComboFix. Just let me know where I need to start.

Thanks sooooo much,
Jen

Last edited by jvricker; 28-Jul-2012 at 02:44 PM.. Reason: Updating infection information
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
28-Jul-2012, 02:56 PM #2
Hi,

Thanks for the friend add. Do Not run ComboFix yet!!

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Oh.... go ahead and run aswMBR.exe as well.
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
28-Jul-2012, 03:12 PM #3
I'm so happy to hear from you, I'm dancing in my seat!!!!! Okay, the log files are below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jan at 15:01:00 on 2012-07-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1538 [GMT -5:00]
.
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Charter Security Suite 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - No File
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [hpqSRMon]
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{29971CE0-ED76-4A76-86C2-217595A139F4} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{A5C99F56-B3D7-4AA5-85F5-FAC5A2FB6429} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jan\appdata\roaming\mozilla\firefox\profiles\igvng1dw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\program files\epicplay\npEpicHost.dll
FF - plugin: c:\program files\gamingwonderlandei\installr\1.bin\NPgtEISb.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-27 113120]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-28 01:06:09 -------- d-----w- c:\programdata\036DFF850000F549004A1E292F3B707C
2012-07-28 01:05:21 56832 ---ha-w- c:\windows\system32\dfrgasrv.dll
2012-07-27 23:42:42 -------- d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2012-07-27 23:42:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:42:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-27 23:42:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 22:40:52 -------- d-----w- c:\users\jan\appdata\local\Productivity_3
2012-07-24 04:06:04 -------- d-----w- c:\program files\AVG
2012-07-24 04:03:53 -------- d--h--w- c:\programdata\Common Files
2012-07-24 04:03:53 -------- d-----w- c:\programdata\MFAData
2012-07-23 23:45:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-23 23:45:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-23 23:29:53 -------- d-----w- c:\programdata\GFI Software
2012-07-23 09:27:55 -------- d-----w- c:\program files\CCleaner
2012-07-23 02:39:24 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-23 02:39:05 -------- d-----w- c:\users\jan\appdata\local\Downloaded Installations
2012-07-23 02:38:09 -------- d-----w- c:\users\jan\appdata\roaming\Ad-Aware Antivirus
2012-07-14 02:44:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 21:24:22 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:14:32 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 03:14:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:14:28 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 03:14:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:14:24 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 03:14:24 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
==================== Find3M ====================
.
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 15:07:05.84 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2008 9:17:35 PM
System Uptime: 7/28/2012 2:14:03 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 1600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 290 GiB total, 211.46 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.21
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
ArcadeCandy
Bejeweled 3
Belkin Setup and Router Monitor
Big Fish Games: Game Manager
Bluetooth Stack for Windows by Toshiba
BufferChm
C4580
C4580_Help
Camera Assistant Software for Toshiba
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CD/DVD Drive Acoustic Silencer
CustomerResearchQFolder
CyberLink PowerCinema for TOSHIBA
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dogpile Bundle Toolbar
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
eSupportQFolder
Full Tilt Poker
GearDrvs
Geek Squad 24 Hour Computer Support
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
Java(TM) 6 Update 6
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCSetup
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 11.0
PanoStandAlone
Productivity 3 Toolbar
PS_AIO_04_C4580_ProductContext
PS_AIO_04_C4580_Software
PS_AIO_04_C4580_Software_Min
PSSWCORE
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Shop for HP Supplies
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vegas Penny Slots
VideoToolkit01
WebReg
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 2:16:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
7/28/2012 2:16:15 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/28/2012 2:14:53 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/28/2012 2:14:53 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/28/2012 2:14:53 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/27/2012 8:44:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE spldr Wanarpv6
7/27/2012 8:44:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/27/2012 8:44:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/27/2012 8:43:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/27/2012 8:43:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/27/2012 8:43:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/27/2012 8:43:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/27/2012 8:43:30 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
7/27/2012 8:43:04 PM, Error: EventLog [6008] - The previous system shutdown at 8:41:31 PM on 7/27/2012 was unexpected.
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The TOSHIBA SMART Log Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The TOSHIBA Power Saver service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The TOSHIBA Navi Support Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The TMachInfo service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7034] - The AffinegyService service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:41:07 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/27/2012 8:22:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:21:41 PM on 7/27/2012 was unexpected.
7/27/2012 8:20:49 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:20:49 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:17:57 PM, Error: EventLog [6008] - The previous system shutdown at 8:17:02 PM on 7/27/2012 was unexpected.
7/27/2012 8:09:02 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
7/27/2012 8:08:32 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/27/2012 8:08:02 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:08:02 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 8:08:02 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/24/2012 12:29:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 24.177.117.138 for the Network Card with network address 001E338E389D has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/23/2012 7:54:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/23/2012 7:51:10 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SQ004829V03.
7/23/2012 7:40:58 AM, Error: EventLog [6008] - The previous system shutdown at 7:38:30 AM on 7/23/2012 was unexpected.
7/23/2012 6:21:23 PM, Error: F-Secure Gatekeeper [1] -
7/23/2012 6:16:44 PM, Error: EventLog [6008] - The previous system shutdown at 6:10:52 PM on 7/23/2012 was unexpected.
7/23/2012 10:39:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: bfe. This service might not be installed.
7/23/2012 10:39:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: bfe. This service might not be installed.
7/22/2012 9:51:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
7/22/2012 9:51:30 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-28 15:11:34
-----------------------------
15:11:34.296 OS Version: Windows 6.0.6002 Service Pack 2
15:11:34.296 Number of processors: 2 586 0x170A
15:11:34.297 ComputerName: JAN-PC UserName: Jan
15:11:36.025 Initialize success
15:11:42.900 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:11:42.903 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:11:42.920 Disk 0 MBR read successfully
15:11:42.926 Disk 0 MBR scan
15:11:42.930 Disk 0 Windows VISTA default MBR code
15:11:42.945 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:11:42.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296479 MB offset 3074048
15:11:42.993 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7265 MB offset 610263040
15:11:43.001 Disk 0 scanning sectors +625141760
15:11:43.082 Disk 0 scanning C:\Windows\system32\drivers
15:11:48.351 Service scanning
15:12:00.327 Modules scanning
15:12:03.950 Disk 0 trace - called modules:
15:12:03.976 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:12:03.981 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863b0478]
15:12:03.986 3 CLASSPNP.SYS[8a30f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85475028]
15:12:03.991 Scan finished successfully
15:12:08.985 Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
15:12:08.990 The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
28-Jul-2012, 03:19 PM #4
Hi,

Quote:
I'm so happy to hear from you, I'm dancing in my seat!!!!!

--------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
28-Jul-2012, 04:18 PM #5
I was finally able to get ComboFix to scan and run the report. Here it is:


ComboFix 12-07-27.03 - Jan 07/28/2012 15:54:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1526 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Charter Security Suite 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Jan\AppData\Local\{d02e8adc-75a0-3ee2-0894-affbd6f74980}
c:\users\Jan\AppData\Local\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\@
c:\users\Jan\AppData\Local\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\n
c:\users\Jan\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\@
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\L\00000004.@
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\L\1afb2d56
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\L\201d3dde
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\00000004.$.uss_dis
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\00000004.@
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\00000008.@
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\000000cb.$.uss_dis
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\000000cb.@
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\80000000.@
c:\windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\80000032.@
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 03:03 . 2012-07-28 03:03 -------- d-----w- c:\program files\ERUNT
2012-07-28 01:06 . 2012-07-28 01:08 -------- d-----w- c:\programdata\036DFF850000F549004A1E292F3B707C
2012-07-28 01:05 . 2012-07-28 01:05 56832 ---ha-w- c:\windows\system32\dfrgasrv.dll
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 23:42 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 09:27 . 2012-07-23 09:28 -------- d-----w- c:\program files\CCleaner
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\programdata\Lavasoft
2012-07-23 02:39 . 2012-07-23 23:29 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\users\Jan\AppData\Local\Downloaded Installations
2012-07-23 02:38 . 2012-07-23 23:26 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-07-14 02:44 . 2012-07-14 02:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 21:24 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 03:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 03:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-21 05:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 05:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 05:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-16 03:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-27 23:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"= "c:\program files\Productivity_3\prxtbProd.dll" [2011-05-09 176936]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-10-01 361472]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Productivity_3\prxtbProd.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-10-01 01:34 1604096 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"= "c:\program files\Productivity_3\prxtbProd.dll" [2011-05-09 176936]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-10-01 1604096]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}"= "c:\program files\Productivity_3\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-07-31 23:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\igvng1dw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-hpqSRMon - (no file)
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-F-Secure Manager - c:\program files\Charter Security Suite\Common\FSM32.EXE
MSConfigStartUp-F-Secure TNB - c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe
MSConfigStartUp-SBRegRebootCleaner - c:\program files\Ad-Aware Antivirus\SBRC.exe
AddRemove-{6A2EF989-A524-48bf-985F-9D076B334980} - c:\users\Jan\AppData\Local\ArcadeCandy\candyRemove.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-28 16:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 21:08
.
Pre-Run: 227,587,530,752 bytes free
Post-Run: 227,615,805,440 bytes free
.
- - End Of File - - 51B78AFD94DA3889B1838F591F0DEFF6
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
28-Jul-2012, 10:36 PM #6
Hi there,

Good job getting that ran.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    File::
    c:\windows\system32\dfrgasrv.dll
    c:\program files\Productivity_3\prxtbProd.dll
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"=-
    "{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"=-
    [-HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
    [-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
    [-HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"=-
    "{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=-
    [-HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
    [-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
    [-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}"=-
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
29-Jul-2012, 11:49 AM #7
Hey again. While I was waiting to hear back, I ran Malwarebytes and ComboFix again. Sorry for my impatience. Maybe I shouldn't have done that, but here is the last report from ComboFix, in case that changes your instructions for me any:

ComboFix 12-07-29.02 - Jan 07/29/2012 11:29:49.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1766 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jan\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 16:34 . 2012-07-29 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 02:52 . 2012-07-29 16:27 -------- d-----w- c:\users\Jan\Jens Tools
2012-07-29 01:05 . 2012-05-08 23:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\program files\Application Updater
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\program files\IObit Toolbar
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\program files\Common Files\Spigot
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\users\Jan\AppData\Roaming\IObit
2012-07-29 01:05 . 2010-11-26 23:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\program files\IObit
2012-07-29 00:57 . 2012-07-29 00:57 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\users\Jan\AppData\Local\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\program files\AVG Secure Search
2012-07-29 00:55 . 2012-07-29 00:55 -------- d-----w- C:\$AVG
2012-07-29 00:55 . 2012-07-29 01:10 -------- d-----w- c:\programdata\AVG2012
2012-07-29 00:55 . 2012-07-29 00:59 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-28 03:03 . 2012-07-28 03:03 -------- d-----w- c:\program files\ERUNT
2012-07-28 01:06 . 2012-07-28 01:08 -------- d-----w- c:\programdata\036DFF850000F549004A1E292F3B707C
2012-07-28 01:05 . 2012-07-28 01:05 56832 ---ha-w- c:\windows\system32\dfrgasrv.dll
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 23:42 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 09:27 . 2012-07-23 09:28 -------- d-----w- c:\program files\CCleaner
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\programdata\Lavasoft
2012-07-23 02:39 . 2012-07-23 23:29 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\users\Jan\AppData\Local\Downloaded Installations
2012-07-23 02:38 . 2012-07-23 23:26 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-07-14 02:44 . 2012-07-14 02:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 21:24 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 03:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 03:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-21 05:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 05:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 05:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-16 03:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-27 23:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"= "c:\program files\Productivity_3\prxtbProd.dll" [2011-05-09 176936]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-10-01 361472]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Productivity_3\prxtbProd.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-29 00:56 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-10-01 01:34 1604096 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"= "c:\program files\Productivity_3\prxtbProd.dll" [2011-05-09 176936]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-10-01 1604096]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-29 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}"= "c:\program files\Productivity_3\prxtbProd.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-07-31 23:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-07-27 00:52 1095560 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-07-29 00:56 1147488 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\igvng1dw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 11:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-29 11:40:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 16:40
ComboFix2.txt 2012-07-29 02:51
ComboFix3.txt 2012-07-28 22:23
ComboFix4.txt 2012-07-28 21:08
.
Pre-Run: 225,963,782,144 bytes free
Post-Run: 225,692,704,768 bytes free
.
- - End Of File - - 9AB1BDEBFD48EB22BD153FC19D268D8B
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
29-Jul-2012, 12:53 PM #8
Hi,

Quote:
Maybe I shouldn't have done that
Yeah please don't do that. You may remove something that I needed to see and it may take longer to figure things out.
-------
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    DDS::
    uURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
    uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
    BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
    BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
    BHO: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - No File
    BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbProd.dll
    TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
    
    File::
    c:\windows\system32\dfrgasrv.dll
    c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    
    Folder::
    c:\program files\IObit Toolbar
    c:\users\Jan\AppData\Roaming\IObit
    c:\program files\IObit
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"=-
    "{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=-
    [-HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
    [-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
    [-HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}"=-
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
29-Jul-2012, 01:18 PM #9
I apologize for jumping the gun. I won't do anything else unless you instruct me to. Here is the latest report:

ComboFix 12-07-29.02 - Jan 07/29/2012 12:59:29.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1771 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
Command switches used :: c:\users\Jan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"c:\windows\system32\dfrgasrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\dogpile bundle toolbar\Toolbar.dll
c:\program files\IObit Toolbar
c:\program files\IObit Toolbar\FF\chrome.manifest
c:\program files\IObit Toolbar\FF\chrome\chrome.jar
c:\program files\IObit Toolbar\FF\install.rdf
c:\program files\IObit Toolbar\IE\6.2\config.ini
c:\program files\IObit Toolbar\IE\6.2\iobitToolbarIE.dll
c:\program files\IObit Toolbar\Res\amazon.gif
c:\program files\IObit Toolbar\Res\ebay.gif
c:\program files\IObit Toolbar\Res\facebook.gif
c:\program files\IObit Toolbar\Res\googleplus.gif
c:\program files\IObit Toolbar\Res\icon_settings.gif
c:\program files\IObit Toolbar\Res\iobit_logo.gif
c:\program files\IObit Toolbar\Res\iobit_logo_hover.gif
c:\program files\IObit Toolbar\Res\Lang\res1031.ini
c:\program files\IObit Toolbar\Res\Lang\res1033.ini
c:\program files\IObit Toolbar\Res\Lang\res1034.ini
c:\program files\IObit Toolbar\Res\Lang\res1036.ini
c:\program files\IObit Toolbar\Res\Lang\res1040.ini
c:\program files\IObit Toolbar\Res\radio-close.gif
c:\program files\IObit Toolbar\Res\radio-minimize.gif
c:\program files\IObit Toolbar\Res\radiobeta.gif
c:\program files\IObit Toolbar\Res\search-button-hover.gif
c:\program files\IObit Toolbar\Res\search-button.gif
c:\program files\IObit Toolbar\Res\search-chevron-hover.gif
c:\program files\IObit Toolbar\Res\search-chevron.gif
c:\program files\IObit Toolbar\Res\search_amazon.gif
c:\program files\IObit Toolbar\Res\search_baidu.gif
c:\program files\IObit Toolbar\Res\search_ebay.gif
c:\program files\IObit Toolbar\Res\search_yahoo.gif
c:\program files\IObit Toolbar\Res\search_yandex.gif
c:\program files\IObit Toolbar\Res\security.gif
c:\program files\IObit Toolbar\Res\system.gif
c:\program files\IObit Toolbar\Res\twitter.gif
c:\program files\IObit Toolbar\Res\widgets.xml
c:\program files\IObit Toolbar\WidgiHelper.exe
c:\program files\IObit
c:\program files\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\win8_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\win8_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\win8_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\win8_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragBootTime.exe
c:\program files\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragDriver.sys
c:\program files\IObit\Smart Defrag 2\EULA.rtf
c:\program files\IObit\Smart Defrag 2\fav.ico
c:\program files\IObit\Smart Defrag 2\Freeware\ASC_FreeSoftwareDownloader.exe
c:\program files\IObit\Smart Defrag 2\Freeware\Check.dll
c:\program files\IObit\Smart Defrag 2\Freeware\SD_FreeSoftwareDownloader.exe
c:\program files\IObit\Smart Defrag 2\Help\Images\001.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\002.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\003.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\004.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\005.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\006.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\007.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\008.jpg
c:\program files\IObit\Smart Defrag 2\Help\Images\009.jpg
c:\program files\IObit\Smart Defrag 2\Help\Index.html
c:\program files\IObit\Smart Defrag 2\Language\Albanian.lng
c:\program files\IObit\Smart Defrag 2\Language\Arabic.lng
c:\program files\IObit\Smart Defrag 2\Language\Bulgarian.lng
c:\program files\IObit\Smart Defrag 2\Language\ChineseSimp.lng
c:\program files\IObit\Smart Defrag 2\Language\ChineseTrad.lng
c:\program files\IObit\Smart Defrag 2\Language\Czech.lng
c:\program files\IObit\Smart Defrag 2\Language\Danish.lng
c:\program files\IObit\Smart Defrag 2\Language\Deutsch.lng
c:\program files\IObit\Smart Defrag 2\Language\Dutch.lng
c:\program files\IObit\Smart Defrag 2\Language\English.lng
c:\program files\IObit\Smart Defrag 2\Language\Finnish.lng
c:\program files\IObit\Smart Defrag 2\Language\Flemish.lng
c:\program files\IObit\Smart Defrag 2\Language\French.lng
c:\program files\IObit\Smart Defrag 2\Language\Georgian.lng
c:\program files\IObit\Smart Defrag 2\Language\German.lng
c:\program files\IObit\Smart Defrag 2\Language\Greek.lng
c:\program files\IObit\Smart Defrag 2\Language\Hebrew.lng
c:\program files\IObit\Smart Defrag 2\Language\Hungarian.lng
c:\program files\IObit\Smart Defrag 2\Language\Indonesia.lng
c:\program files\IObit\Smart Defrag 2\Language\Italian.lng
c:\program files\IObit\Smart Defrag 2\Language\Japanese.lng
c:\program files\IObit\Smart Defrag 2\Language\Kashubian.lng
c:\program files\IObit\Smart Defrag 2\Language\Korean.lng
c:\program files\IObit\Smart Defrag 2\Language\Kurdish.lng
c:\program files\IObit\Smart Defrag 2\Language\Malay.lng
c:\program files\IObit\Smart Defrag 2\Language\Malayalam.lng
c:\program files\IObit\Smart Defrag 2\Language\Norwegian.lng
c:\program files\IObit\Smart Defrag 2\Language\Polish.lng
c:\program files\IObit\Smart Defrag 2\Language\Portuguese(PT-BR).lng
c:\program files\IObit\Smart Defrag 2\Language\Portuguese(PT-PT).lng
c:\program files\IObit\Smart Defrag 2\Language\Romanian.lng
c:\program files\IObit\Smart Defrag 2\Language\Russian.lng
c:\program files\IObit\Smart Defrag 2\Language\Serbian.lng
c:\program files\IObit\Smart Defrag 2\Language\Slovak.lng
c:\program files\IObit\Smart Defrag 2\Language\Slovenian.lng
c:\program files\IObit\Smart Defrag 2\Language\Spanish.lng
c:\program files\IObit\Smart Defrag 2\Language\Swedish.lng
c:\program files\IObit\Smart Defrag 2\Language\Turkish.lng
c:\program files\IObit\Smart Defrag 2\Language\Vietnamese.lng
c:\program files\IObit\Smart Defrag 2\LatestNews\LatestNews.ini
c:\program files\IObit\Smart Defrag 2\NtfsData.dll
c:\program files\IObit\Smart Defrag 2\rtl120.bpl
c:\program files\IObit\Smart Defrag 2\SDDriverMgr.dll
c:\program files\IObit\Smart Defrag 2\SDInit.exe
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Add_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Analyze_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Center.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Checkbox_Checked.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Checkbox_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Checkbox_Unchecked.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Close_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Close_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\ColumnDivider.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\ColumnHeader.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Bottom_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Bottom_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Top_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Corner_Top_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Defrag_Option_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Bottom.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Left_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Right_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Frame_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Hide.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Item_Selected.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Layout.ini
c:\program files\IObit\Smart Defrag 2\Skins\Black\line.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Logo.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Maximize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Maximize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Minimize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Minimize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\News_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\News_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\News_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Page_Body.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Pause_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Bg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Bg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Bg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Fg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Fg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Progress_Fg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Restore_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Restore_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Setting_Text_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Show.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Statistics.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Stop_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Tab_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Tab_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Tab_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Title.png
c:\program files\IObit\Smart Defrag 2\Skins\Black\Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Add_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Analyze_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\center.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Checkbox_Checked.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Checkbox_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Checkbox_Unchecked.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Close_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Close_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\ColumnDivider.png
c:\program files\IObit\Smart Defrag 2\Skins\White\ColumnHeader.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Bottom_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Bottom_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Top_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Corner_Top_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Defrag_Option_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Bottom.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Left_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Right_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Frame_Top.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Hide.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Item_Selected.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Layout.ini
c:\program files\IObit\Smart Defrag 2\Skins\White\line.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Logo.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Maximize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Maximize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Minimize_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Minimize_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\News_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\News_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\News_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Page_Body.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Pause_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Bg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Bg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Bg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Fg_Left.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Fg_Middle.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Progress_Fg_Right.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Restore_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Restore_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Setting_Text_Shadow.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Show.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Statistics.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Disable.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Stop_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Tab_Focus.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Tab_Hot.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Tab_Normal.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Title.png
c:\program files\IObit\Smart Defrag 2\Skins\White\Top.png
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\IObit\Smart Defrag 2\taskMgr.dll
c:\program files\IObit\Smart Defrag 2\unins000.dat
c:\program files\IObit\Smart Defrag 2\unins000.exe
c:\program files\IObit\Smart Defrag 2\unins000.msg
c:\program files\IObit\Smart Defrag 2\vcl120.bpl
c:\program files\IObit\Smart Defrag 2\vclx120.bpl
c:\program files\productivity_3\prxtbProd.dll
c:\users\Jan\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Jan\AppData\Roaming\IObit
c:\users\Jan\AppData\Roaming\IObit\Smart Defrag 2\Config.ini
c:\windows\system32\dfrgasrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 18:03 . 2012-07-29 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 02:52 . 2012-07-29 16:42 -------- d-----w- c:\users\Jan\Jens Tools
2012-07-29 01:05 . 2012-05-08 23:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\program files\Application Updater
2012-07-29 01:05 . 2012-07-29 01:05 -------- d-----w- c:\program files\Common Files\Spigot
2012-07-29 01:05 . 2010-11-26 23:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-29 00:57 . 2012-07-29 00:57 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\users\Jan\AppData\Local\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\program files\AVG Secure Search
2012-07-29 00:55 . 2012-07-29 00:55 -------- d-----w- C:\$AVG
2012-07-29 00:55 . 2012-07-29 16:49 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-29 00:55 . 2012-07-29 01:10 -------- d-----w- c:\programdata\AVG2012
2012-07-28 03:03 . 2012-07-28 03:03 -------- d-----w- c:\program files\ERUNT
2012-07-28 01:06 . 2012-07-28 01:08 -------- d-----w- c:\programdata\036DFF850000F549004A1E292F3B707C
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 23:42 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 09:27 . 2012-07-23 09:28 -------- d-----w- c:\program files\CCleaner
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\programdata\Lavasoft
2012-07-23 02:39 . 2012-07-23 23:29 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\users\Jan\AppData\Local\Downloaded Installations
2012-07-23 02:38 . 2012-07-23 23:26 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-07-14 02:44 . 2012-07-14 02:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 21:24 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 03:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 03:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-21 05:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 05:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 05:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-16 03:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-27 23:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-10-01 361472]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-29 00:56 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-29 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-07-31 23:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-07-29 00:56 1147488 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\igvng1dw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-Smart Defrag 2_is1 - c:\program files\IObit\Smart Defrag 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 13:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-29 13:11:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 18:11
ComboFix2.txt 2012-07-29 16:40
ComboFix3.txt 2012-07-29 02:51
ComboFix4.txt 2012-07-28 22:23
ComboFix5.txt 2012-07-29 17:57
.
Pre-Run: 225,536,503,808 bytes free
Post-Run: 225,301,413,888 bytes free
.
- - End Of File - - 93806E1718AC250205D50EE26C8ED07E
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
29-Jul-2012, 04:24 PM #10
Hi,

Quote:
I apologize for jumping the gun.
No worries.
----------

I see that you had AdAware Antivirus on your system? Are you still using that? If not please go to Start >> Control Panel >> Programs and Features and uninstall it.
----------

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
  • Copy and paste/or attach that log as a reply to this topic
**Note** If not threats are found there will not be a log created.
----------

In your next reply please post the logs made by Malwarebytes and ESET as well as let me know if you have any problems removing AdAware antivirus.
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
29-Jul-2012, 05:52 PM #11
I guess we're not out of the woods yet. Adaware was not in the list of programs to uninstall in Programs and Features, but I did delete the folder manually out of the Program Files. Malwarebytes did not find any infected files. ESET, however did find threats. Here are the logs from both:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.27.11
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [administrator]
7/29/2012 4:35:31 PM
mbam-log-2012-07-29 (16-35-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202997
Time elapsed: 9 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

ESET log:

C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll Win32/Toolbar.MyWebSearch.Q application
C:\Program Files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files\IObit Toolbar\IE\6.2\iobitToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Users\Jan\AppData\Local\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d02e8adc-75a0-3ee2-0894-affbd6f74980}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\dfrgasrv.dll.vir Win32/PSW.Papras.CE trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win32/Sirefef.FB.Gen trojan
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
29-Jul-2012, 07:36 PM #12
Hi,

Looking better.

Some of the entries that ESET found are already quarantined by our tools and will be removed shortly.
----------
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    File::
    C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll 
    C:\Program Files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll 
    C:\Program Files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply please post the new ComboFix log and let me know how your system is running now?
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
29-Jul-2012, 08:14 PM #13
I haven't had any system problems after I started running ComboFix (none that I could tell anyways). Here is the latest report:

ComboFix 12-07-29.02 - Jan 07/29/2012 19:53:38.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1577 [GMT -5:00]
Running from: c:\users\Jan\Desktop\ComboFix.exe
Command switches used :: c:\users\Jan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll"
"c:\program files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll"
"c:\program files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll
c:\program files\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll
c:\program files\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll
c:\users\Jan\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 00:57 . 2012-07-30 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 21:51 . 2012-07-29 21:51 -------- d-----w- c:\program files\ESET
2012-07-29 02:52 . 2012-07-29 16:42 -------- d-----w- c:\users\Jan\Jens Tools
2012-07-29 01:05 . 2012-05-08 23:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-07-29 01:05 . 2010-11-26 23:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-29 00:57 . 2012-07-29 00:57 -------- d-----w- c:\users\Jan\AppData\Roaming\AVG2012
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\users\Jan\AppData\Local\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-29 00:56 . 2012-07-29 00:56 -------- d-----w- c:\program files\AVG Secure Search
2012-07-29 00:55 . 2012-07-29 00:55 -------- d-----w- C:\$AVG
2012-07-29 00:55 . 2012-07-29 22:20 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-29 00:55 . 2012-07-29 01:10 -------- d-----w- c:\programdata\AVG2012
2012-07-28 03:03 . 2012-07-28 03:03 -------- d-----w- c:\program files\ERUNT
2012-07-28 01:06 . 2012-07-28 01:08 -------- d-----w- c:\programdata\036DFF850000F549004A1E292F3B707C
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 23:42 . 2012-07-27 23:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-27 23:42 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 09:27 . 2012-07-23 09:28 -------- d-----w- c:\program files\CCleaner
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\programdata\Lavasoft
2012-07-23 02:39 . 2012-07-23 02:39 -------- d-----w- c:\users\Jan\AppData\Local\Downloaded Installations
2012-07-23 02:38 . 2012-07-23 23:26 -------- d-----w- c:\users\Jan\AppData\Roaming\Ad-Aware Antivirus
2012-07-14 02:44 . 2012-07-14 02:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-13 21:24 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 03:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 03:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 03:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 03:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 03:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-21 05:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:09 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:09 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 05:09 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-21 05:09 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-16 03:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-27 23:38 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-29 00:56 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-29 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-07-31 23:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-07-29 00:56 1147488 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\igvng1dw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 20:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2012-07-29 20:06:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 01:06
ComboFix2.txt 2012-07-29 18:11
ComboFix3.txt 2012-07-29 16:40
ComboFix4.txt 2012-07-29 02:51
ComboFix5.txt 2012-07-30 00:51
.
Pre-Run: 226,004,918,272 bytes free
Post-Run: 226,077,945,856 bytes free
.
- - End Of File - - 29F194E7DB12B387B77BA47BD552459E
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
29-Jul-2012, 08:19 PM #14
Hi,

Great! Glad to hear it's running better.
----------

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> delete all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp
-------------

Adobe Reader

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 8.1.3 first. Be sure to move any PDF documents to another folder first though.
----------

In your next reply let me know if you have any problems with the instructions and if you are having any more malware related problems.
jvricker's Avatar
jvricker jvricker is offline jvricker has a Profile Picture
Computer Specs
Member with 10 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
29-Jul-2012, 08:38 PM #15
I didn't have any trouble updating the Java software or the Adobe Reader, thanks for the extra tips. Things seem to be running smoothly. No complaints here!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑