TechSpot

Norton told me I have a Trojan and that they could fix it for $299

By SM1080
Aug 6, 2012
  1. Hi there.

    After having some issues with my laptop, I called Norton (I have Norton 360 as my A/V) and they gave me the bad news above. Based on another site's information, I downloaded Malwarebytes, Kapersky TDSS Killer and Comodo Security Solutions. Malwarebytes found a few files ("Hijacker" or something like that). Comodo won't update (stalls at 44%) so I'm not sure if that's working properly or something is blocking the update. Afterwards, I noticed that my Chrome browser ahd defaulted to a "babylon" search page, which I changed/deleted. I had to do the same with IE but I'm still getting messages that "Malwarebytes has blocked access to a possible malicious website" (66.150.14.112 and 66.150.14.111), so I'm pretty sure everything is not OK.

    I've completed the preliminary 5-step process outlined by Julio Franco and am now requesting your valuable help. Malwarebytes log below:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.06.13

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Shinji :: SHINJI-PC [administrator]

    Protection: Enabled

    8/6/2012 10:43:19 PM
    mbam-log-2012-08-06 (22-43-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 191759
    Time elapsed: 8 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-06 23:01:27
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS545025B9A300 rev.PB2OC64G
    Running: 36pq129h.exe; Driver: C:\Users\Shinji\AppData\Local\Temp\axriqpog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Shinji at 23:04:19 on 2012-08-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.707 [GMT -4:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
    C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
    C:\Users\Shinji\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.nbcnews.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.2.3\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - c:\users\shinji\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
    uRun: [Google Update] "c:\users\shinji\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [<NO NAME>]
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FCFA20B8-3ACE-4BA7-909D-AB04E0751919} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-11 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-11 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120803.001\BHDrvx86.sys [2012-8-6 821920]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120805.001\IDSvix86.sys [2012-8-6 382624]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-11 136312]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-6-11 299640]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-20 176128]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-1 655944]
    R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-1 22344]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-20 167936]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 19456]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-18 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
    S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-20 51512]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
    .
    =============== Created Last 30 ================
    .
    2012-08-03 02:19:28--------d-----w-c:\program files\Oracle
    2012-08-03 02:18:49772544----a-w-c:\windows\system32\npDeployJava1.dll
    2012-08-02 03:05:41--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-01 22:31:21--------d-----w-c:\users\shinji\appdata\roaming\Malwarebytes
    2012-08-01 22:30:01--------d-----w-c:\programdata\Malwarebytes
    2012-08-01 22:30:0022344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-01 22:30:00--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-08-01 19:58:41--------d-----w-c:\users\shinji\appdata\local\LogMeIn Rescue Applet
    2012-08-01 18:45:43--------d-----w-c:\program files\DefaultTab
    2012-08-01 18:45:36--------d-----w-c:\users\shinji\appdata\roaming\DefaultTab
    2012-08-01 18:45:31--------d-----w-c:\program files\PricePeep
    2012-08-01 18:45:27--------d-----w-c:\users\shinji\appdata\roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
    2012-08-01 18:45:16--------d-----w-c:\program files\Yontoo
    2012-08-01 18:45:13--------d-----w-c:\programdata\Tarma Installer
    2012-08-01 18:44:33--------d-----w-c:\programdata\Babylon
    2012-08-01 18:44:32--------d-----w-c:\users\shinji\appdata\roaming\Babylon
    2012-07-12 03:16:022345984----a-w-c:\windows\system32\win32k.sys
    2012-07-12 02:03:05369336----a-w-c:\windows\system32\drivers\cng.sys
    2012-07-12 02:03:05134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-07-12 02:03:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-12 02:03:04225280----a-w-c:\windows\system32\schannel.dll
    2012-07-12 02:03:04219136----a-w-c:\windows\system32\ncrypt.dll
    2012-07-12 02:03:011390080----a-w-c:\windows\system32\msxml6.dll
    2012-07-12 02:03:011236992----a-w-c:\windows\system32\msxml3.dll
    2012-07-12 02:03:002048----a-w-c:\windows\system32\msxml3r.dll
    2012-07-12 02:02:58805376----a-w-c:\windows\system32\cdosys.dll
    2012-07-12 02:02:5857344----a-w-c:\program files\common files\system\ado\msador15.dll
    2012-07-12 02:02:58352256----a-w-c:\program files\common files\system\ado\msadomd.dll
    2012-07-12 02:02:581019904----a-w-c:\program files\common files\system\ado\msado15.dll
    2012-07-12 02:02:57372736----a-w-c:\program files\common files\system\ado\msadox.dll
    2012-07-12 02:02:57212992----a-w-c:\program files\common files\system\msadc\msadco.dll
    2012-07-12 02:02:57143360----a-w-c:\program files\common files\system\ado\msjro.dll
    .
    ==================== Find3M ====================
    .
    2012-07-06 02:06:20687544----a-w-c:\windows\system32\deployJava1.dll
    2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
    2012-05-15 03:03:54981504----a-w-c:\windows\system32\wininet.dll
    .
    ============= FINISH: 23:05:53.58 ===============
     
  4. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    DDS text:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2010 10:14:18 PM
    System Uptime: 8/6/2012 9:26:48 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAE
    Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 179.792 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP96: 6/13/2012 11:42:50 PM - Windows Update
    RP97: 6/21/2012 9:33:07 AM - Windows Update
    RP98: 7/5/2012 1:40:33 PM - Scheduled Checkpoint
    RP99: 7/11/2012 11:11:24 PM - Windows Update
    RP100: 7/25/2012 12:38:45 PM - Scheduled Checkpoint
    RP101: 8/1/2012 3:16:05 PM - Removed BabylonObjectInstaller
    RP102: 8/1/2012 3:17:45 PM - Removed 7-Zip 9.21
    RP103: 8/2/2012 10:17:08 PM - Installed Java(TM) 7 Update 5
    RP104: 8/2/2012 10:18:58 PM - Installed JavaFX 2.1.1
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    Bing Bar
    Bing Bar Platform
    Bonjour
    Bucksbee Loyalty Plugin 100815.b for Chrome
    Canon MP Navigator 2.0
    Canon MP500
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    D3DX10
    DefaultTab
    DefaultTab Chrome
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.5.0.457
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Junk Mail filter update
    Label@Once 1.0
    LeapFrog Connect
    LeapFrog Leapster2 Plugin
    LeapFrog Tag Plugin
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyToshiba
    NetZero Launcher
    Norton 360
    Norton Internet Security
    PHOTOfunSTUDIO
    PlayReady PC Runtime x86
    PricePeep
    Quickbooks Financial Center
    Quicken 2009
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Launcher
    Smart Steps 1st Grade
    swMSM
    Synaptics Pointing Device Driver
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Online Backup
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    TurboTax 2010
    TurboTax 2010 wctiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wnyiper
    TurboTax 2010 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    Utility Common Driver
    VLC media player 1.1.5
    WildTangent Games
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! BrowserPlus 2.9.8
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/6/2012 9:27:08 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    8/6/2012 9:27:08 PM, Error: atikmdag [43029] - Display is not active
    8/6/2012 3:14:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    8/5/2012 11:15:38 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {93A7D0C2-F633-40A8-BA9E-67249610C669}. The error: "3" Happened while starting this command: "C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe" -Embedding
    8/1/2012 9:15:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
    8/1/2012 6:25:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
    8/1/2012 2:45:45 PM, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/30/2012 9:55:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    .
    ==== End Of File ===========================
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  6. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    ComboFix 12-08-07.03 - Shinji 08/07/2012 22:17:27.1.1 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.868 [GMT -4:00]
    Running from: c:\users\Shinji\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
    c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-08 02:32 . 2012-08-08 02:32--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-03 02:20 . 2012-08-03 02:20--------d-----w-c:\program files\Common Files\Java
    2012-08-03 02:19 . 2012-08-03 02:19--------d-----w-c:\program files\Oracle
    2012-08-03 02:18 . 2012-07-06 02:06772544----a-w-c:\windows\system32\npDeployJava1.dll
    2012-08-03 02:16 . 2012-08-03 02:16--------d-----w-c:\programdata\McAfee
    2012-08-02 03:05 . 2012-08-02 03:05--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-01 22:31 . 2012-08-01 22:31--------d-----w-c:\users\Shinji\AppData\Roaming\Malwarebytes
    2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\programdata\Malwarebytes
    2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-08-01 22:30 . 2012-07-03 17:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-01 19:58 . 2012-08-02 01:19--------d-----w-c:\users\Shinji\AppData\Local\LogMeIn Rescue Applet
    2012-08-01 18:45 . 2012-08-02 03:07--------d-----w-c:\program files\DefaultTab
    2012-08-01 18:45 . 2012-08-08 02:30--------d-----w-c:\users\Shinji\AppData\Roaming\DefaultTab
    2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\program files\PricePeep
    2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\users\Shinji\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
    2012-08-01 18:45 . 2012-08-03 01:52--------d-----w-c:\program files\Yontoo
    2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\programdata\Tarma Installer
    2012-08-01 18:45 . 2012-08-01 18:45319----a-w-C:\user.js
    2012-08-01 18:44 . 2012-08-01 18:44--------d-----w-c:\programdata\Babylon
    2012-08-01 18:44 . 2012-08-01 18:44--------d-----w-c:\users\Shinji\AppData\Roaming\Babylon
    2012-07-12 03:16 . 2012-06-12 02:402345984----a-w-c:\windows\system32\win32k.sys
    2012-07-12 02:03 . 2012-06-02 04:45134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-07-12 02:03 . 2012-06-02 04:40369336----a-w-c:\windows\system32\drivers\cng.sys
    2012-07-12 02:03 . 2012-06-02 04:4567440----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-12 02:03 . 2012-06-02 04:40225280----a-w-c:\windows\system32\schannel.dll
    2012-07-12 02:03 . 2012-06-02 04:39219136----a-w-c:\windows\system32\ncrypt.dll
    2012-07-12 02:03 . 2012-06-06 05:051390080----a-w-c:\windows\system32\msxml6.dll
    2012-07-12 02:03 . 2012-06-06 05:051236992----a-w-c:\windows\system32\msxml3.dll
    2012-07-12 02:03 . 2010-06-26 03:242048----a-w-c:\windows\system32\msxml3r.dll
    2012-07-12 02:02 . 2012-06-06 05:0557344----a-w-c:\program files\Common Files\System\ado\msador15.dll
    2012-07-12 02:02 . 2012-06-06 05:05352256----a-w-c:\program files\Common Files\System\ado\msadomd.dll
    2012-07-12 02:02 . 2012-06-06 05:051019904----a-w-c:\program files\Common Files\System\ado\msado15.dll
    2012-07-12 02:02 . 2012-06-06 05:03805376----a-w-c:\windows\system32\cdosys.dll
    2012-07-12 02:02 . 2012-06-06 05:05143360----a-w-c:\program files\Common Files\System\ado\msjro.dll
    2012-07-12 02:02 . 2012-06-06 05:05372736----a-w-c:\program files\Common Files\System\ado\msadox.dll
    2012-07-12 02:02 . 2012-06-06 05:05212992----a-w-c:\program files\Common Files\System\msadc\msadco.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 02:06 . 2011-06-07 16:45687544----a-w-c:\windows\system32\deployJava1.dll
    2012-06-02 22:19 . 2012-06-21 13:3453784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 13:3445080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 13:3435864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 13:34577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 13:341933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 13:342422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 13:3488576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 13:33171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-21 13:3333792----a-w-c:\windows\system32\wuapp.exe
    2012-05-15 03:03 . 2012-06-14 03:17981504----a-w-c:\windows\system32\wininet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
    2012-07-11 21:03483696----a-w-c:\program files\PricePeep\pricepeep.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2011-06-01 39816]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
    "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
    "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
    "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-12-12 44176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120803.001\BHDrvx86.sys [x]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120805.001\IDSvix86.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
    2009-08-06 16:15264048----a-w-c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
    .
    2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
    .
    2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000Core.job
    - c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
    .
    2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000UA.job
    - c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.nbcnews.com/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    Toolbar-Locked - (no file)
    SafeBoot-66840769.sys
    AddRemove-DefaultTab - c:\users\Shinji\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-07 22:38:58
    ComboFix-quarantined-files.txt 2012-08-08 02:38
    .
    Pre-Run: 194,737,954,816 bytes free
    Post-Run: 194,826,584,064 bytes free
    .
    - - End Of File - - C1F047B9DB15A2497764C5363ACC12DC
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  8. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.08.11

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    Shinji :: SHINJI-PC [administrator]

    Protection: Enabled

    8/8/2012 9:05:11 PM
    mbam-log-2012-08-08 (21-05-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194810
    Time elapsed: 14 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  10. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=40f53dd38fe28d4b9d72d667db35918e
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-08-10 03:57:06
    # local_time=2012-08-09 11:57:06 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=3589 16777213 100 84 1058614 95129690 0 0
    # compatibility_mode=5893 16776574 100 94 32098443 96098385 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=134326
    # found=1
    # cleaned=1
    # scan_time=17437
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllWin32/Adware.Yontoo.B application (cleaned by deleting - quarantined)00000000000000000000000000000000C
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  12. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    Situation hasn't really improved:

    - Malwarebytes pop-ups regarding blocked sites (66.150.14.111, .112 and .113)
    - Toshiba Service Station crashes upon startup
    - 81 processes in Task Manager - don't know if that's of concern or not
    - Laptop is extremely slow; general tasks (e.g., opening a program) or loading a webpage can take anywhere from 30 - 90 seconds (Toshiba Satellite laptop is about 1 year old - tasks above before the problems began took about 1 - 5 seconds, on average)
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
     
  14. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    Tried to install Version 11 but the process seems to be incomplete. Initially, I received a message that the installation had failed "due to reason (blank)." The scan screen came up but I then received a message that my version was out of date. I downloaded Version 11 again but as it's going through the extraction/installation process, the window just disappears and nothing happens.
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Let's work with this tool instead...

    Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

    Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click Yes to the Optional_Scan
    • Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
    • Close the program window, and delete the program from your Desktop.
     
  16. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Shinji at 11:04:02 on 2012-08-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.907 [GMT -4:00]
    .
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shinji\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\DllHost.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.nbcnews.com/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.2.3\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.2.3\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\shinji\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\shinji\appdata\local\temp\_uninst_56258661.bat
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FCFA20B8-3ACE-4BA7-909D-AB04E0751919} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 56258661;56258661;c:\windows\system32\drivers\56258661.sys [2012-8-11 133208]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-6-11 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-6-11 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120804.001\BHDrvx86.sys [2012-8-8 821920]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120810.001\IDSvix86.sys [2012-8-11 382624]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-6-11 136312]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502020.003\symnets.sys [2012-6-11 299640]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-20 176128]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-1 655944]
    R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-1 22344]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-20 167936]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-19 19456]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-18 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 135664]
    S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-20 51512]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-15 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-08-11 14:39:50133208----a-w-c:\windows\system32\drivers\56258661.sys
    2012-08-11 14:36:17--------d-----w-c:\programdata\Kaspersky Lab
    2012-08-09 23:00:11--------d-----w-c:\program files\ESET
    2012-08-08 02:50:09--------d-----w-c:\users\shinji\appdata\local\CrashDumps
    2012-08-08 02:39:18--------d-sh--w-C:\$RECYCLE.BIN
    2012-08-08 02:01:2898816----a-w-c:\windows\sed.exe
    2012-08-08 02:01:28518144----a-w-c:\windows\SWREG.exe
    2012-08-08 02:01:28256000----a-w-c:\windows\PEV.exe
    2012-08-08 02:01:28208896----a-w-c:\windows\MBR.exe
    2012-08-03 02:19:28--------d-----w-c:\program files\Oracle
    2012-08-03 02:18:49772544----a-w-c:\windows\system32\npDeployJava1.dll
    2012-08-02 03:05:41--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-01 22:31:21--------d-----w-c:\users\shinji\appdata\roaming\Malwarebytes
    2012-08-01 22:30:01--------d-----w-c:\programdata\Malwarebytes
    2012-08-01 22:30:0022344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-01 22:30:00--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-08-01 19:58:41--------d-----w-c:\users\shinji\appdata\local\LogMeIn Rescue Applet
    2012-08-01 18:45:43--------d-----w-c:\program files\DefaultTab
    2012-08-01 18:45:36--------d-----w-c:\users\shinji\appdata\roaming\DefaultTab
    2012-08-01 18:45:31--------d-----w-c:\program files\PricePeep
    2012-08-01 18:45:27--------d-----w-c:\users\shinji\appdata\roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
    2012-08-01 18:45:16--------d-----w-c:\program files\Yontoo
    2012-08-01 18:45:13--------d-----w-c:\programdata\Tarma Installer
    2012-08-01 18:44:33--------d-----w-c:\programdata\Babylon
    2012-08-01 18:44:32--------d-----w-c:\users\shinji\appdata\roaming\Babylon
    .
    ==================== Find3M ====================
    .
    2012-07-06 02:06:20687544----a-w-c:\windows\system32\deployJava1.dll
    2012-06-12 02:40:482345984----a-w-c:\windows\system32\win32k.sys
    2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
    2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:2033792----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
    2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
    2012-05-15 03:03:54981504----a-w-c:\windows\system32\wininet.dll
    .
    ============= FINISH: 11:05:53.98 ===============
     
  17. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2010 10:14:18 PM
    System Uptime: 8/12/2012 10:57:02 AM (1 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAE
    Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 179.619 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP97: 6/21/2012 9:33:07 AM - Windows Update
    RP98: 7/5/2012 1:40:33 PM - Scheduled Checkpoint
    RP99: 7/11/2012 11:11:24 PM - Windows Update
    RP100: 7/25/2012 12:38:45 PM - Scheduled Checkpoint
    RP101: 8/1/2012 3:16:05 PM - Removed BabylonObjectInstaller
    RP102: 8/1/2012 3:17:45 PM - Removed 7-Zip 9.21
    RP103: 8/2/2012 10:17:08 PM - Installed Java(TM) 7 Update 5
    RP104: 8/2/2012 10:18:58 PM - Installed JavaFX 2.1.1
    RP105: 8/7/2012 10:14:33 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    Bing Bar
    Bing Bar Platform
    Bonjour
    Bucksbee Loyalty Plugin 100815.b for Chrome
    Canon MP Navigator 2.0
    Canon MP500
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    D3DX10
    DefaultTab Chrome
    ESET Online Scanner v3
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.5.0.457
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Junk Mail filter update
    Label@Once 1.0
    LeapFrog Connect
    LeapFrog Leapster2 Plugin
    LeapFrog Tag Plugin
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyToshiba
    NetZero Launcher
    Norton 360
    Norton Internet Security
    PHOTOfunSTUDIO
    PlayReady PC Runtime x86
    PricePeep
    Quickbooks Financial Center
    Quicken 2009
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Launcher
    Smart Steps 1st Grade
    swMSM
    Synaptics Pointing Device Driver
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Online Backup
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    TurboTax 2010
    TurboTax 2010 wctiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wnyiper
    TurboTax 2010 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    Utility Common Driver
    VLC media player 1.1.5
    WildTangent Games
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! BrowserPlus 2.9.8
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2012 7:09:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    8/9/2012 10:13:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    8/7/2012 11:59:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
    8/7/2012 10:33:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/6/2012 3:14:41 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    8/12/2012 10:57:21 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    8/12/2012 10:57:21 AM, Error: atikmdag [43029] - Display is not active
    8/10/2012 7:12:59 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {93A7D0C2-F633-40A8-BA9E-67249610C669}. The error: "3" Happened while starting this command: "C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe" -Embedding
    .
    ==== End Of File ===========================
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  19. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    ComboFix 12-08-13.01 - Shinji 08/13/2012 19:40:20.2.1 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.936 [GMT -4:00]
    Running from: c:\users\Shinji\Desktop\ComboFix.exe
    Command switches used :: c:\users\Shinji\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Babylon
    c:\users\shinji\appdata\roaming\Babylon
    c:\users\shinji\appdata\roaming\Babylon\log_file.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-13 23:57 . 2012-08-13 23:57--------d-----w-c:\users\Shinji\AppData\Local\temp
    2012-08-13 23:57 . 2012-08-13 23:57--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-11 14:39 . 2012-08-08 15:11133208----a-w-c:\windows\system32\drivers\56258661.sys
    2012-08-11 14:36 . 2012-08-11 14:36--------d-----w-c:\programdata\Kaspersky Lab
    2012-08-09 23:00 . 2012-08-09 23:00--------d-----w-c:\program files\ESET
    2012-08-08 02:50 . 2012-08-08 02:50--------d-----w-c:\users\Shinji\AppData\Local\CrashDumps
    2012-08-03 02:20 . 2012-08-03 02:20--------d-----w-c:\program files\Common Files\Java
    2012-08-03 02:19 . 2012-08-03 02:19--------d-----w-c:\program files\Oracle
    2012-08-03 02:18 . 2012-07-06 02:06772544----a-w-c:\windows\system32\npDeployJava1.dll
    2012-08-03 02:16 . 2012-08-03 02:16--------d-----w-c:\programdata\McAfee
    2012-08-02 03:05 . 2012-08-02 03:05--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-01 22:31 . 2012-08-01 22:31--------d-----w-c:\users\Shinji\AppData\Roaming\Malwarebytes
    2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\programdata\Malwarebytes
    2012-08-01 22:30 . 2012-08-01 22:30--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-08-01 22:30 . 2012-07-03 17:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-01 19:58 . 2012-08-02 01:19--------d-----w-c:\users\Shinji\AppData\Local\LogMeIn Rescue Applet
    2012-08-01 18:45 . 2012-08-02 03:07--------d-----w-c:\program files\DefaultTab
    2012-08-01 18:45 . 2012-08-08 02:30--------d-----w-c:\users\Shinji\AppData\Roaming\DefaultTab
    2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\program files\PricePeep
    2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\users\Shinji\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
    2012-08-01 18:45 . 2012-08-03 01:52--------d-----w-c:\program files\Yontoo
    2012-08-01 18:45 . 2012-08-01 18:45--------d-----w-c:\programdata\Tarma Installer
    2012-08-01 18:45 . 2012-08-01 18:45319----a-w-C:\user.js
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 02:06 . 2011-06-07 16:45687544----a-w-c:\windows\system32\deployJava1.dll
    2012-06-12 02:40 . 2012-07-12 03:162345984----a-w-c:\windows\system32\win32k.sys
    2012-06-06 05:05 . 2012-07-12 02:031390080----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-12 02:031236992----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-12 02:02805376----a-w-c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 13:3453784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 13:3445080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 13:3435864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 13:34577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 13:341933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 13:342422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 13:3488576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 13:33171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-21 13:3333792----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 04:45 . 2012-07-12 02:0367440----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-12 02:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-12 02:03369336----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-12 02:03225280----a-w-c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-12 02:03219136----a-w-c:\windows\system32\ncrypt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2011-06-01 39816]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
    "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
    "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
    "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
    "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\users\Shinji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    _uninst_56258661.lnk - c:\users\Shinji\AppData\Local\Temp\_uninst_56258661.bat [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-12-12 44176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 56258661;56258661;c:\windows\system32\DRIVERS\56258661.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS [x]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120804.001\BHDrvx86.sys [x]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120810.001\IDSvix86.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
    2009-08-06 16:15264048----a-w-c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 03:00]
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000Core.job
    - c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000UA.job
    - c:\users\Shinji\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 02:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.nbcnews.com/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-13 20:02:33
    ComboFix-quarantined-files.txt 2012-08-14 00:02
    ComboFix2.txt 2012-08-08 02:38
    .
    Pre-Run: 193,156,841,472 bytes free
    Post-Run: 193,435,820,032 bytes free
    .
    - - End Of File - - E5B1EF9F7286344D264704638175692F
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  21. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=40f53dd38fe28d4b9d72d667db35918e
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-08-10 03:57:06
    # local_time=2012-08-09 11:57:06 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=3589 16777213 100 84 1058614 95129690 0 0
    # compatibility_mode=5893 16776574 100 94 32098443 96098385 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=134326
    # found=1
    # cleaned=1
    # scan_time=17437
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllWin32/Adware.Yontoo.B application (cleaned by deleting - quarantined)00000000000000000000000000000000C
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=40f53dd38fe28d4b9d72d667db35918e
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-15 03:04:01
    # local_time=2012-08-14 11:04:01 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=3589 16777213 100 84 1495474 95566550 0 0
    # compatibility_mode=5893 16776574 100 94 32535303 96535245 0 0
    # compatibility_mode=8192 67108863 100 0 350843 350843 0 0
    # scanned=132570
    # found=0
    # cleaned=0
    # scan_time=9387
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  23. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    Computer is still a little slow. In Task Manager, there are 78 processes. When I check "Show processes from all users," there are 80 processes; the 2 additional ones are svchost.exe at about 16,000 K each. I'm the only one on the network - who are the other users? Also, I keep getting an "ssvagent.exe is trying to make change to your hard drive" message. In IE, babylon was listed as the default search provider, even though I had changed it to google a few days ago. Not sure if any of these are concerns. Please advise.
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  25. SM1080

    SM1080 TS Rookie Topic Starter Posts: 26

    OTL.Txt Part 1 (had to break it up because it's > 5,000 characters)
    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/16 14:02:43 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Shinji\Desktop\OTL.exe
    [2012/08/14 20:25:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Shinji\Desktop\esetsmartinstaller_enu.exe
    [2012/08/14 00:12:31 | 000,000,000 | ---D | C] -- C:\windows\TEMP
    [2012/08/13 20:02:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/13 20:02:37 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Local\temp
    [2012/08/13 19:36:13 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/08/13 19:30:31 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\Shinji\Desktop\ComboFix.exe
    [2012/08/11 10:39:50 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\56258661.sys
    [2012/08/11 10:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/09 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/08/07 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Local\CrashDumps
    [2012/08/07 22:01:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/08/07 22:01:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/08/07 22:01:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/08/07 21:58:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/07 21:58:15 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/08/02 22:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/08/02 22:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/08/02 22:18:49 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
    [2012/08/02 22:18:49 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
    [2012/08/02 22:18:25 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
    [2012/08/02 22:18:25 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
    [2012/08/02 22:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/08/01 23:05:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/01 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Roaming\Malwarebytes
    [2012/08/01 18:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/01 18:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/01 18:30:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/08/01 18:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/01 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Local\LogMeIn Rescue Applet
    [2012/08/01 14:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
    [2012/08/01 14:45:36 | 000,000,000 | ---D | C] -- C:\Users\Shinji\AppData\Roaming\DefaultTab
    [2012/08/01 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
    [2012/08/01 14:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/08/01 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/08/01 14:18:41 | 000,000,000 | ---D | C] -- C:\Users\Shinji\Documents\New folder (2)
    [2012/07/23 15:19:29 | 000,000,000 | ---D | C] -- C:\Users\Shinji\Documents\New folder
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/16 14:02:59 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/16 14:02:59 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/16 14:02:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Shinji\Desktop\OTL.exe
    [2012/08/16 13:54:50 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/16 13:54:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/08/16 13:54:15 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/15 23:47:14 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/15 23:47:02 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000Core.job
    [2012/08/15 23:47:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1755257046-4205032674-3146734800-1000UA.job
    [2012/08/14 20:25:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Shinji\Desktop\esetsmartinstaller_enu.exe
    [2012/08/13 19:57:41 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/08/13 19:30:27 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\Shinji\Desktop\ComboFix.exe
    [2012/08/11 10:40:39 | 000,001,024 | ---- | M] () -- C:\Users\Shinji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56258661.lnk
    [2012/08/08 11:11:11 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\56258661.sys
    [2012/08/02 22:18:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
    [2012/08/02 22:18:11 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
    [2012/08/01 18:30:08 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/01 15:54:27 | 000,002,431 | ---- | M] () -- C:\Users\Shinji\Desktop\Chrome.lnk
    [2012/08/01 14:45:05 | 000,000,319 | ---- | M] () -- C:\user.js
    [2012/08/01 14:05:37 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/08/01 14:05:37 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/08/01 13:52:08 | 000,001,584 | ---- | M] () -- C:\Users\Shinji\Documents\StreetFood9780756642181.acsm
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/11 10:40:38 | 000,001,024 | ---- | C] () -- C:\Users\Shinji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_56258661.lnk
    [2012/08/07 22:01:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/08/07 22:01:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/08/07 22:01:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/08/07 22:01:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/08/07 22:01:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/08/01 18:30:08 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/01 14:45:03 | 000,000,319 | ---- | C] () -- C:\user.js
    [2012/08/01 14:31:04 | 000,001,584 | ---- | C] () -- C:\Users\Shinji\Documents\StreetFood9780756642181.acsm
    [2011/01/23 12:18:13 | 000,000,165 | ---- | C] () -- C:\windows\QUICKEN.INI
    [2010/12/12 23:41:19 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
    [2010/12/12 23:41:19 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
    [2010/12/12 23:41:19 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
    [2010/12/12 23:41:19 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
    [2010/12/12 23:41:19 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
    [2010/12/12 23:41:19 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
    [2010/12/12 23:41:19 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
    [2010/12/12 23:41:19 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
    [2010/12/12 23:41:19 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
    [2010/12/12 23:41:19 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
    [2010/12/12 23:41:19 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
    [2010/12/12 23:41:19 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
    [2010/12/12 23:41:19 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
    [2010/12/12 23:41:19 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
    [2010/12/12 23:41:19 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
    [2010/12/12 23:41:19 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
    [2010/12/12 23:41:19 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
    [2010/12/12 23:41:19 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
    [2010/12/12 23:41:19 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
    [2010/12/12 23:15:23 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...