Solved Norton told me I have a Trojan and that they could fix it for $299

SM1080 · Aug 6, 2012

Hi there.

After having some issues with my laptop, I called Norton (I have Norton 360 as my A/V) and they gave me the bad news above. Based on another site's information, I downloaded Malwarebytes, Kapersky TDSS Killer and Comodo Security Solutions. Malwarebytes found a few files ("Hijacker" or something like that). Comodo won't update (stalls at 44%) so I'm not sure if that's working properly or something is blocking the update. Afterwards, I noticed that my Chrome browser ahd defaulted to a "babylon" search page, which I changed/deleted. I had to do the same with IE but I'm still getting messages that "Malwarebytes has blocked access to a possible malicious website" (66.150.14.112 and 66.150.14.111), so I'm pretty sure everything is not OK.

I've completed the preliminary 5-step process outlined by Julio Franco and am now requesting your valuable help. Malwarebytes log below:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Shinji :: SHINJI-PC [administrator]

Protection: Enabled

8/6/2012 10:43:19 PM
mbam-log-2012-08-06 (22-43-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191759
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SM1080 · Aug 6, 2012

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-06 23:01:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS545025B9A300 rev.PB2OC64G
Running: 36pq129h.exe; Driver: C:\Users\Shinji\AppData\Local\Temp\axriqpog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

SM1080 · Aug 6, 2012

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Shinji at 23:04:19 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.707 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Users\Shinji\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nbcnews.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - c:\users\shinji\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [Google Update] "c:\users\shinji\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FCFA20B8-3ACE-4BA7-909D-AB04E0751919} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120803.001\BHDrvx86.sys [2012-8-6 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120805.001\IDSvix86.sys [2012-8-6 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-11 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-6-11 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-20 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-1 655944]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-1 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-20 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 19456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-20 51512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
.
=============== Created Last 30 ================
.
2012-08-03 02:19:28--------d-----w-c:\program files\Oracle
2012-08-03 02:18:49772544----a-w-c:\windows\system32\npDeployJava1.dll
2012-08-02 03:05:41--------d-----w-C:\TDSSKiller_Quarantine
2012-08-01 22:31:21--------d-----w-c:\users\shinji\appdata\roaming\Malwarebytes
2012-08-01 22:30:01--------d-----w-c:\programdata\Malwarebytes
2012-08-01 22:30:0022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-01 22:30:00--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-01 19:58:41--------d-----w-c:\users\shinji\appdata\local\LogMeIn Rescue Applet
2012-08-01 18:45:43--------d-----w-c:\program files\DefaultTab
2012-08-01 18:45:36--------d-----w-c:\users\shinji\appdata\roaming\DefaultTab
2012-08-01 18:45:31--------d-----w-c:\program files\PricePeep
2012-08-01 18:45:27--------d-----w-c:\users\shinji\appdata\roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-08-01 18:45:16--------d-----w-c:\program files\Yontoo
2012-08-01 18:45:13--------d-----w-c:\programdata\Tarma Installer
2012-08-01 18:44:33--------d-----w-c:\programdata\Babylon
2012-08-01 18:44:32--------d-----w-c:\users\shinji\appdata\roaming\Babylon
2012-07-12 03:16:022345984----a-w-c:\windows\system32\win32k.sys
2012-07-12 02:03:05369336----a-w-c:\windows\system32\drivers\cng.sys
2012-07-12 02:03:05134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 02:03:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-12 02:03:04225280----a-w-c:\windows\system32\schannel.dll
2012-07-12 02:03:04219136----a-w-c:\windows\system32\ncrypt.dll
2012-07-12 02:03:011390080----a-w-c:\windows\system32\msxml6.dll
2012-07-12 02:03:011236992----a-w-c:\windows\system32\msxml3.dll
2012-07-12 02:03:002048----a-w-c:\windows\system32\msxml3r.dll
2012-07-12 02:02:58805376----a-w-c:\windows\system32\cdosys.dll
2012-07-12 02:02:5857344----a-w-c:\program files\common files\system\ado\msador15.dll
2012-07-12 02:02:58352256----a-w-c:\program files\common files\system\ado\msadomd.dll
2012-07-12 02:02:581019904----a-w-c:\program files\common files\system\ado\msado15.dll
2012-07-12 02:02:57372736----a-w-c:\program files\common files\system\ado\msadox.dll
2012-07-12 02:02:57212992----a-w-c:\program files\common files\system\msadc\msadco.dll
2012-07-12 02:02:57143360----a-w-c:\program files\common files\system\ado\msjro.dll
.
==================== Find3M ====================
.
2012-07-06 02:06:20687544----a-w-c:\windows\system32\deployJava1.dll
2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
2012-05-15 03:03:54981504----a-w-c:\windows\system32\wininet.dll
.
============= FINISH: 23:05:53.58 ===============

SM1080 · Aug 6, 2012

DDS text:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2010 10:14:18 PM
System Uptime: 8/6/2012 9:26:48 PM (2 hours ago)
.
Motherboard: TOSHIBA | | NBWAE
Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 179.792 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 6/13/2012 11:42:50 PM - Windows Update
RP97: 6/21/2012 9:33:07 AM - Windows Update
RP98: 7/5/2012 1:40:33 PM - Scheduled Checkpoint
RP99: 7/11/2012 11:11:24 PM - Windows Update
RP100: 7/25/2012 12:38:45 PM - Scheduled Checkpoint
RP101: 8/1/2012 3:16:05 PM - Removed BabylonObjectInstaller
RP102: 8/1/2012 3:17:45 PM - Removed 7-Zip 9.21
RP103: 8/2/2012 10:17:08 PM - Installed Java(TM) 7 Update 5
RP104: 8/2/2012 10:18:58 PM - Installed JavaFX 2.1.1
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bing Bar
Bing Bar Platform
Bonjour
Bucksbee Loyalty Plugin 100815.b for Chrome
Canon MP Navigator 2.0
Canon MP500
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
DefaultTab
DefaultTab Chrome
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Label@Once 1.0
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
NetZero Launcher
Norton 360
Norton Internet Security
PHOTOfunSTUDIO
PlayReady PC Runtime x86
PricePeep
Quickbooks Financial Center
Quicken 2009
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Launcher
Smart Steps 1st Grade
swMSM
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Utility Common Driver
VLC media player 1.1.5
WildTangent Games
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 9:27:08 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
8/6/2012 9:27:08 PM, Error: atikmdag [43029] - Display is not active
8/6/2012 3:14:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
8/5/2012 11:15:38 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {93A7D0C2-F633-40A8-BA9E-67249610C669}. The error: "3" Happened while starting this command: "C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe" -Embedding
8/1/2012 9:15:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
8/1/2012 6:25:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
8/1/2012 2:45:45 PM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/30/2012 9:55:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
.
==== End Of File ===========================

Jay Pfoutz · Aug 7, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

SM1080 · Aug 7, 2012

ComboFix 12-08-07.03 - Shinji 08/07/2012 22:17:27.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.868 [GMT -4:00]
Running from: c:\users\Shinji\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 02:32 . 2012-08-08 02:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-03 02:20 . 2012-08-03 02:20--------d-----w-c:\program files\Common Files\Java
2012-08-03 02:19 . 2012-08-03 02:19--------d-----w-c:\program files\Oracle
2012-08-03 02:18 . 2012-07-06 02:06772544----a-w-c:\windows\system32\npDeployJava1.dll
2012-08-03 02:16 . 2012-08-03 02:16--------d-----w-c:\programdata\McAfee
2012-08-02 03:05 . 2012-08-02 03:05--------d-----w-C:\TDSSKiller_Quarantine
2012-08-01 22:31 . 2012-08-01 22:31--------d-----w-c:\users\Shinji\AppData\Roaming\Malwarebytes
2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\programdata\Malwarebytes
2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-01 22:30 . 2012-07-03 17:4622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-01 19:58 . 2012-08-02 01:19--------d-----w-c:\users\Shinji\AppData\Local\LogMeIn Rescue Applet
2012-08-01 18:45 . 2012-08-02 03:07--------d-----w-c:\program files\DefaultTab
2012-08-01 18:45 . 2012-08-08 02:30--------d-----w-c:\users\Shinji\AppData\Roaming\DefaultTab
2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\program files\PricePeep
2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\users\Shinji\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-08-01 18:45 . 2012-08-03 01:52--------d-----w-c:\program files\Yontoo
2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\programdata\Tarma Installer
2012-08-01 18:45 . 2012-08-01 18:45319----a-w-C:\user.js
2012-08-01 18:44 . 2012-08-01 18:44--------d-----w-c:\programdata\Babylon
2012-08-01 18:44 . 2012-08-01 18:44--------d-----w-c:\users\Shinji\AppData\Roaming\Babylon
2012-07-12 03:16 . 2012-06-12 02:402345984----a-w-c:\windows\system32\win32k.sys
2012-07-12 02:03 . 2012-06-02 04:45134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 02:03 . 2012-06-02 04:40369336----a-w-c:\windows\system32\drivers\cng.sys
2012-07-12 02:03 . 2012-06-02 04:4567440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-12 02:03 . 2012-06-02 04:40225280----a-w-c:\windows\system32\schannel.dll
2012-07-12 02:03 . 2012-06-02 04:39219136----a-w-c:\windows\system32\ncrypt.dll
2012-07-12 02:03 . 2012-06-06 05:051390080----a-w-c:\windows\system32\msxml6.dll
2012-07-12 02:03 . 2012-06-06 05:051236992----a-w-c:\windows\system32\msxml3.dll
2012-07-12 02:03 . 2010-06-26 03:242048----a-w-c:\windows\system32\msxml3r.dll
2012-07-12 02:02 . 2012-06-06 05:0557344----a-w-c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 02:02 . 2012-06-06 05:05352256----a-w-c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 02:02 . 2012-06-06 05:051019904----a-w-c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 02:02 . 2012-06-06 05:03805376----a-w-c:\windows\system32\cdosys.dll
2012-07-12 02:02 . 2012-06-06 05:05143360----a-w-c:\program files\Common Files\System\ado\msjro.dll
2012-07-12 02:02 . 2012-06-06 05:05372736----a-w-c:\program files\Common Files\System\ado\msadox.dll
2012-07-12 02:02 . 2012-06-06 05:05212992----a-w-c:\program files\Common Files\System\msadc\msadco.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 02:06 . 2011-06-07 16:45687544----a-w-c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 13:3453784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:3445080----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:3435864----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:34577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 13:341933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 13:342422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 13:3488576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 13:33171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 13:3333792----a-w-c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-14 03:17981504----a-w-c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
2012-07-11 21:03483696----a-w-c:\program files\PricePeep\pricepeep.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2011-06-01 39816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-12-12 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120803.001\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120805.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15264048----a-w-c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000Core.job
- c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000UA.job
- c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nbcnews.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
SafeBoot-66840769.sys
AddRemove-DefaultTab - c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-07 22:38:58
ComboFix-quarantined-files.txt 2012-08-08 02:38
.
Pre-Run: 194,737,954,816 bytes free
Post-Run: 194,826,584,064 bytes free
.
- - End Of File - - C1F047B9DB15A2497764C5363ACC12DC

Jay Pfoutz · Aug 8, 2012

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

SM1080 · Aug 8, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Shinji :: SHINJI-PC [administrator]

Protection: Enabled

8/8/2012 9:05:11 PM
mbam-log-2012-08-08 (21-05-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194810
Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Jay Pfoutz · Aug 9, 2012

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

SM1080 · Aug 10, 2012

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40f53dd38fe28d4b9d72d667db35918e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-10 03:57:06
# local_time=2012-08-09 11:57:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 84 1058614 95129690 0 0
# compatibility_mode=5893 16776574 100 94 32098443 96098385 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134326
# found=1
# cleaned=1
# scan_time=17437
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllWin32/Adware.Yontoo.B application (cleaned by deleting - quarantined)00000000000000000000000000000000C

Jay Pfoutz · Aug 10, 2012

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

SM1080 · Aug 10, 2012

Situation hasn't really improved:

- Malwarebytes pop-ups regarding blocked sites (66.150.14.111, .112 and .113)
- Toshiba Service Station crashes upon startup
- 81 processes in Task Manager - don't know if that's of concern or not
- Laptop is extremely slow; general tasks (e.g., opening a program) or loading a webpage can take anywhere from 30 - 90 seconds (Toshiba Satellite laptop is about 1 year old - tasks above before the problems began took about 1 - 5 seconds, on average)

Jay Pfoutz · Aug 11, 2012

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

Double-click the Setup file to install it on your computer.
Once it has installed, review and accept the agreement and press the Start button.
You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
Then, choose Save. Also, in the Automatic Report tab, select Save:
Please post the reports in your next reply.
Once you exit, the tool should uninstall automatically.

SM1080 · Aug 11, 2012

Tried to install Version 11 but the process seems to be incomplete. Initially, I received a message that the installation had failed "due to reason (blank)." The scan screen came up but I then received a message that my version was out of date. I downloaded Version 11 again but as it's going through the extraction/installation process, the window just disappears and nothing happens.

Jay Pfoutz · Aug 12, 2012

Let's work with this tool instead...

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
Close the program window, and delete the program from your Desktop.

SM1080 · Aug 12, 2012

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Shinji at 11:04:02 on 2012-08-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.907 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nbcnews.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\shinji\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\shinji\appdata\local\temp\_uninst_56258661.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FCFA20B8-3ACE-4BA7-909D-AB04E0751919} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 56258661;56258661;c:\windows\system32\drivers\56258661.sys [2012-8-11 133208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120804.001\BHDrvx86.sys [2012-8-8 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120810.001\IDSvix86.sys [2012-8-11 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-11 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-6-11 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-20 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-1 655944]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-1 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-20 167936]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 19456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-20 51512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-15 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-11 14:39:50133208----a-w-c:\windows\system32\drivers\56258661.sys
2012-08-11 14:36:17--------d-----w-c:\programdata\Kaspersky Lab
2012-08-09 23:00:11--------d-----w-c:\program files\ESET
2012-08-08 02:50:09--------d-----w-c:\users\shinji\appdata\local\CrashDumps
2012-08-08 02:39:18--------d-sh--w-C:\$RECYCLE.BIN
2012-08-08 02:01:2898816----a-w-c:\windows\sed.exe
2012-08-08 02:01:28518144----a-w-c:\windows\SWREG.exe
2012-08-08 02:01:28256000----a-w-c:\windows\PEV.exe
2012-08-08 02:01:28208896----a-w-c:\windows\MBR.exe
2012-08-03 02:19:28--------d-----w-c:\program files\Oracle
2012-08-03 02:18:49772544----a-w-c:\windows\system32\npDeployJava1.dll
2012-08-02 03:05:41--------d-----w-C:\TDSSKiller_Quarantine
2012-08-01 22:31:21--------d-----w-c:\users\shinji\appdata\roaming\Malwarebytes
2012-08-01 22:30:01--------d-----w-c:\programdata\Malwarebytes
2012-08-01 22:30:0022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-01 22:30:00--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-01 19:58:41--------d-----w-c:\users\shinji\appdata\local\LogMeIn Rescue Applet
2012-08-01 18:45:43--------d-----w-c:\program files\DefaultTab
2012-08-01 18:45:36--------d-----w-c:\users\shinji\appdata\roaming\DefaultTab
2012-08-01 18:45:31--------d-----w-c:\program files\PricePeep
2012-08-01 18:45:27--------d-----w-c:\users\shinji\appdata\roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-08-01 18:45:16--------d-----w-c:\program files\Yontoo
2012-08-01 18:45:13--------d-----w-c:\programdata\Tarma Installer
2012-08-01 18:44:33--------d-----w-c:\programdata\Babylon
2012-08-01 18:44:32--------d-----w-c:\users\shinji\appdata\roaming\Babylon
.
==================== Find3M ====================
.
2012-07-06 02:06:20687544----a-w-c:\windows\system32\deployJava1.dll
2012-06-12 02:40:482345984----a-w-c:\windows\system32\win32k.sys
2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
2012-05-15 03:03:54981504----a-w-c:\windows\system32\wininet.dll
.
============= FINISH: 11:05:53.98 ===============

SM1080 · Aug 12, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2010 10:14:18 PM
System Uptime: 8/12/2012 10:57:02 AM (1 hours ago)
.
Motherboard: TOSHIBA | | NBWAE
Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 179.619 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 6/21/2012 9:33:07 AM - Windows Update
RP98: 7/5/2012 1:40:33 PM - Scheduled Checkpoint
RP99: 7/11/2012 11:11:24 PM - Windows Update
RP100: 7/25/2012 12:38:45 PM - Scheduled Checkpoint
RP101: 8/1/2012 3:16:05 PM - Removed BabylonObjectInstaller
RP102: 8/1/2012 3:17:45 PM - Removed 7-Zip 9.21
RP103: 8/2/2012 10:17:08 PM - Installed Java(TM) 7 Update 5
RP104: 8/2/2012 10:18:58 PM - Installed JavaFX 2.1.1
RP105: 8/7/2012 10:14:33 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bing Bar
Bing Bar Platform
Bonjour
Bucksbee Loyalty Plugin 100815.b for Chrome
Canon MP Navigator 2.0
Canon MP500
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
DefaultTab Chrome
ESET Online Scanner v3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Label@Once 1.0
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
NetZero Launcher
Norton 360
Norton Internet Security
PHOTOfunSTUDIO
PlayReady PC Runtime x86
PricePeep
Quickbooks Financial Center
Quicken 2009
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Launcher
Smart Steps 1st Grade
swMSM
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Utility Common Driver
VLC media player 1.1.5
WildTangent Games
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 7:09:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/9/2012 10:13:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/7/2012 11:59:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
8/7/2012 10:33:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/6/2012 3:14:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
8/12/2012 10:57:21 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
8/12/2012 10:57:21 AM, Error: atikmdag [43029] - Display is not active
8/10/2012 7:12:59 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {93A7D0C2-F633-40A8-BA9E-67249610C669}. The error: "3" Happened while starting this command: "C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe" -Embedding
.
==== End Of File ===========================

Jay Pfoutz · Aug 13, 2012

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:

DDS::
BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

Folder::
c:\programdata\Babylon
c:\users\shinji\appdata\roaming\Babylon
c:\program files\Yontoo 1.10.02

clearjavacache::

Click to expand...
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

SM1080 · Aug 13, 2012

ComboFix 12-08-13.01 - Shinji 08/13/2012 19:40:20.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.936 [GMT -4:00]
Running from: c:\users\Shinji\Desktop\ComboFix.exe
Command switches used :: c:\users\Shinji\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\shinji\appdata\roaming\Babylon
c:\users\shinji\appdata\roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 23:57 . 2012-08-13 23:57--------d-----w-c:\users\Shinji\AppData\Local\temp
2012-08-13 23:57 . 2012-08-13 23:57--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-11 14:39 . 2012-08-08 15:11133208----a-w-c:\windows\system32\drivers\56258661.sys
2012-08-11 14:36 . 2012-08-11 14:36--------d-----w-c:\programdata\Kaspersky Lab
2012-08-09 23:00 . 2012-08-09 23:00--------d-----w-c:\program files\ESET
2012-08-08 02:50 . 2012-08-08 02:50--------d-----w-c:\users\Shinji\AppData\Local\CrashDumps
2012-08-03 02:20 . 2012-08-03 02:20--------d-----w-c:\program files\Common Files\Java
2012-08-03 02:19 . 2012-08-03 02:19--------d-----w-c:\program files\Oracle
2012-08-03 02:18 . 2012-07-06 02:06772544----a-w-c:\windows\system32\npDeployJava1.dll
2012-08-03 02:16 . 2012-08-03 02:16--------d-----w-c:\programdata\McAfee
2012-08-02 03:05 . 2012-08-02 03:05--------d-----w-C:\TDSSKiller_Quarantine
2012-08-01 22:31 . 2012-08-01 22:31--------d-----w-c:\users\Shinji\AppData\Roaming\Malwarebytes
2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\programdata\Malwarebytes
2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-01 22:30 . 2012-07-03 17:4622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-01 19:58 . 2012-08-02 01:19--------d-----w-c:\users\Shinji\AppData\Local\LogMeIn Rescue Applet
2012-08-01 18:45 . 2012-08-02 03:07--------d-----w-c:\program files\DefaultTab
2012-08-01 18:45 . 2012-08-08 02:30--------d-----w-c:\users\Shinji\AppData\Roaming\DefaultTab
2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\program files\PricePeep
2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\users\Shinji\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
2012-08-01 18:45 . 2012-08-03 01:52--------d-----w-c:\program files\Yontoo
2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\programdata\Tarma Installer
2012-08-01 18:45 . 2012-08-01 18:45319----a-w-C:\user.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 02:06 . 2011-06-07 16:45687544----a-w-c:\windows\system32\deployJava1.dll
2012-06-12 02:40 . 2012-07-12 03:162345984----a-w-c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-12 02:031390080----a-w-c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-12 02:031236992----a-w-c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-12 02:02805376----a-w-c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 13:3453784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:3445080----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:3435864----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:34577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 13:341933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 13:342422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 13:3488576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 13:33171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 13:3333792----a-w-c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-12 02:0367440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-12 02:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-12 02:03369336----a-w-c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-12 02:03225280----a-w-c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-12 02:03219136----a-w-c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2011-06-01 39816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Shinji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_56258661.lnk - c:\users\Shinji\AppData\Local\Temp\_uninst_56258661.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-12-12 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 56258661;56258661;c:\windows\system32\DRIVERS\56258661.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120804.001\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120810.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15264048----a-w-c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000Core.job
- c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000UA.job
- c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nbcnews.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 20:02:33
ComboFix-quarantined-files.txt 2012-08-14 00:02
ComboFix2.txt 2012-08-08 02:38
.
Pre-Run: 193,156,841,472 bytes free
Post-Run: 193,435,820,032 bytes free
.
- - End Of File - - E5B1EF9F7286344D264704638175692F

Jay Pfoutz · Aug 14, 2012

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

SM1080 · Aug 14, 2012

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40f53dd38fe28d4b9d72d667db35918e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-10 03:57:06
# local_time=2012-08-09 11:57:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 84 1058614 95129690 0 0
# compatibility_mode=5893 16776574 100 94 32098443 96098385 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134326
# found=1
# cleaned=1
# scan_time=17437
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllWin32/Adware.Yontoo.B application (cleaned by deleting - quarantined)00000000000000000000000000000000C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40f53dd38fe28d4b9d72d667db35918e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-15 03:04:01
# local_time=2012-08-14 11:04:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 84 1495474 95566550 0 0
# compatibility_mode=5893 16776574 100 94 32535303 96535245 0 0
# compatibility_mode=8192 67108863 100 0 350843 350843 0 0
# scanned=132570
# found=0
# cleaned=0
# scan_time=9387

Jay Pfoutz · Aug 15, 2012

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

SM1080 · Aug 15, 2012

Computer is still a little slow. In Task Manager, there are 78 processes. When I check "Show processes from all users," there are 80 processes; the 2 additional ones are svchost.exe at about 16,000 K each. I'm the only one on the network - who are the other users? Also, I keep getting an "ssvagent.exe is trying to make change to your hard drive" message. In IE, babylon was listed as the default search provider, even though I had changed it to google a few days ago. Not sure if any of these are concerns. Please advise.

Jay Pfoutz · Aug 16, 2012

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop
Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

SM1080 · Aug 16, 2012

OTL.Txt Part 1 (had to break it up because it's > 5,000 characters)
[FONT=Arial]========== Files/Folders - Created Within 30 Days ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][2012/08/16 14:02:43 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Shinji\Desktop\OTL.exe[/FONT]
[FONT=Arial][2012/08/14 20:25:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Shinji\Desktop\esetsmartinstaller_enu.exe[/FONT]
[FONT=Arial][2012/08/14 00:12:31 | 000,000,000 | ---D | C] -- C:\windows\TEMP[/FONT]
[FONT=Arial][2012/08/13 20:02:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[/FONT]
[FONT=Arial][2012/08/13 20:02:37 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Local\temp[/FONT]
[FONT=Arial][2012/08/13 19:36:13 | 000,000,000 | ---D | C] -- C:\ComboFix[/FONT]
[FONT=Arial][2012/08/13 19:30:31 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\Shinji\Desktop\ComboFix.exe[/FONT]
[FONT=Arial][2012/08/11 10:39:50 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\56258661.sys[/FONT]
[FONT=Arial][2012/08/11 10:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab[/FONT]
[FONT=Arial][2012/08/09 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET[/FONT]
[FONT=Arial][2012/08/07 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Local\CrashDumps[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[/FONT]
[FONT=Arial][2012/08/07 21:58:59 | 000,000,000 | ---D | C] -- C:\Qoobox[/FONT]
[FONT=Arial][2012/08/07 21:58:15 | 000,000,000 | ---D | C] -- C:\windows\erdnt[/FONT]
[FONT=Arial][2012/08/02 22:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[/FONT]
[FONT=Arial][2012/08/02 22:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle[/FONT]
[FONT=Arial][2012/08/02 22:18:49 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll[/FONT]
[FONT=Arial][2012/08/02 22:18:49 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe[/FONT]
[FONT=Arial][2012/08/02 22:18:25 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe[/FONT]
[FONT=Arial][2012/08/02 22:18:25 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe[/FONT]
[FONT=Arial][2012/08/02 22:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee[/FONT]
[FONT=Arial][2012/08/01 23:05:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[/FONT]
[FONT=Arial][2012/08/01 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Roaming\Malwarebytes[/FONT]
[FONT=Arial][2012/08/01 18:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[/FONT]
[FONT=Arial][2012/08/01 18:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[/FONT]
[FONT=Arial][2012/08/01 18:30:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys[/FONT]
[FONT=Arial][2012/08/01 18:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[/FONT]
[FONT=Arial][2012/08/01 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Local\LogMeIn Rescue Applet[/FONT]
[FONT=Arial][2012/08/01 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab[/FONT]
[FONT=Arial][2012/08/01 14:45:36 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Roaming\DefaultTab[/FONT]
[FONT=Arial][2012/08/01 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo[/FONT]
[FONT=Arial][2012/08/01 14:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer[/FONT]
[FONT=Arial][2012/08/01 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[/FONT]
[FONT=Arial][2012/08/01 14:18:41 | 000,000,000 | ---D | C] -- C:\Users\Shinji\Documents\New folder (2)[/FONT]
[FONT=Arial][2012/07/23 15:19:29 | 000,000,000 | ---D | C] -- C:\Users\Shinji\Documents\New folder[/FONT]
[FONT=Arial][1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ][/FONT]
[FONT=Arial][1 C:\*.tmp files -> C:\*.tmp -> ][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Files - Modified Within 30 Days ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][2012/08/16 14:02:59 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]
[FONT=Arial][2012/08/16 14:02:59 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]
[FONT=Arial][2012/08/16 14:02:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Shinji\Desktop\OTL.exe[/FONT]
[FONT=Arial][2012/08/16 13:54:50 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[/FONT]
[FONT=Arial][2012/08/16 13:54:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[/FONT]
[FONT=Arial][2012/08/16 13:54:15 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys[/FONT]
[FONT=Arial][2012/08/15 23:47:14 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[/FONT]
[FONT=Arial][2012/08/15 23:47:02 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000Core.job[/FONT]
[FONT=Arial][2012/08/15 23:47:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000UA.job[/FONT]
[FONT=Arial][2012/08/14 20:25:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Shinji\Desktop\esetsmartinstaller_enu.exe[/FONT]
[FONT=Arial][2012/08/13 19:57:41 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts[/FONT]
[FONT=Arial][2012/08/13 19:30:27 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\Shinji\Desktop\ComboFix.exe[/FONT]
[FONT=Arial][2012/08/11 10:40:39 | 000,001,024 | ---- | M] () -- C:\Users\Shinji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56258661.lnk[/FONT]
[FONT=Arial][2012/08/08 11:11:11 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\56258661.sys[/FONT]
[FONT=Arial][2012/08/02 22:18:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe[/FONT]
[FONT=Arial][2012/08/02 22:18:11 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe[/FONT]
[FONT=Arial][2012/08/01 18:30:08 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]
[FONT=Arial][2012/08/01 15:54:27 | 000,002,431 | ---- | M] () -- C:\Users\Shinji\Desktop\Chrome.lnk[/FONT]
[FONT=Arial][2012/08/01 14:45:05 | 000,000,319 | ---- | M] () -- C:\user.js[/FONT]
[FONT=Arial][2012/08/01 14:05:37 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat[/FONT]
[FONT=Arial][2012/08/01 14:05:37 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat[/FONT]
[FONT=Arial][2012/08/01 13:52:08 | 000,001,584 | ---- | M] () -- C:\Users\Shinji\Documents\StreetFood9780756642181.acsm[/FONT]
[FONT=Arial][1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ][/FONT]
[FONT=Arial][1 C:\*.tmp files -> C:\*.tmp -> ][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Files Created - No Company Name ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][2012/08/11 10:40:38 | 000,001,024 | ---- | C] () -- C:\Users\Shinji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56258661.lnk[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[/FONT]
[FONT=Arial][2012/08/07 22:01:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[/FONT]
[FONT=Arial][2012/08/01 18:30:08 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]
[FONT=Arial][2012/08/01 14:45:03 | 000,000,319 | ---- | C] () -- C:\user.js[/FONT]
[FONT=Arial][2012/08/01 14:31:04 | 000,001,584 | ---- | C] () -- C:\Users\Shinji\Documents\StreetFood9780756642181.acsm[/FONT]
[FONT=Arial][2011/01/23 12:18:13 | 000,000,165 | ---- | C] () -- C:\windows\QUICKEN.INI[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat[/FONT]
[FONT=Arial][2010/12/12 23:41:19 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini[/FONT]
[FONT=Arial][2010/12/12 23:15:23 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]========== Custom Scans ==========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %AppData%\Local\ >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\system32\sysprep >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< *.xpi /md5 >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< %systemroot%\Downloaded Program Files\ >[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >[/FONT]
[FONT=Arial]"DisableNotifications" = 0[/FONT]
[FONT=Arial]"EnableFirewall" = 1[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts][/FONT]

Solved Norton told me I have a Trojan and that they could fix it for $299

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Posts: 4,279 +49

Posts: 26 +0

Similar threads