Hello,
I just booted up my laptop and something came up called "Security Suite". It keeps running scans and won't allow me to use Malwarebytes or Super Antispyware. How do I get rid of this please. I am running Vista. Thank you.
Hello,
I just booted up my laptop and something came up called "Security Suite". It keeps running scans and won't allow me to use Malwarebytes or Super Antispyware. How do I get rid of this please. I am running Vista. Thank you.
Hello,
I cannot use the "assistance" help section because this infection will not permit me to open any programs at all.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.
Now download and run exeHelper.
exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
=================================================================
Now try and do it.
Hi, I was able to run the first one Rkill.com successfully. However, this infection did not allow me to download exeHelper. I used a different computer to burn it on a disk and copied it into the infected computer. Still won't allow me to run it this way either.
Once you have all the tools together, is that when you ran them?
Download Itty Bitty Process Manager (IBProcMan.zip)(direct download) http://majorgeeks.com/Itty_Bitty_Process_Manager_d4690.html
Run the process manager. Near the top right there are a couple of icons. Select the one to the left to copy to the clipboard. Paste the results back here.
Hello,
Once I had all the tools together, that is when I ran them.
Here are the results you requested:
Process list saved on 11:25:02 AM, on 8/23/2010
Platform: WinNT 6.00.1905 SP1
[pid] [full path to filename] [file version] [company name]
632 C:\Windows\Explorer.EXE 6.0.6001.18164 Microsoft Corporation
700 C:\Windows\system32\Dwm.exe 6.0.6001.18000 Microsoft Corporation
2108 C:\Windows\system32\taskeng.exe 6.0.6001.18000 Microsoft Corporation
3824 C:\Windows\System32\hkcmd.exe 7.14.10.1280 Intel Corporation
3848 C:\Windows\System32\igfxpers.exe 7.14.10.1280 Intel Corporation
3864 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe 1.5.4002.79 Chicony
3936 C:\Windows\RtHDVCpl.exe 1.0.0.55 Realtek Semiconductor
2556 C:\Program Files\Synaptics\SynTP\SynToshiba.exe 9.2.4.0 Synaptics, Inc.
2672 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe 7.0.1.7 TOSHIBA CORPORATION
2732 C:\Program Files\Common Files\aol\1198601796\ee\aolsoftware.exe 16.0.2.1 AOL LLC
424 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2.0.2.1 Sun Microsystems, Inc.
2740 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 5.0.594.0 AVAST Software
3072 C:\Windows\ehome\ehtray.exe 6.0.6001.18000 Microsoft Corporation
480 C:\Program Files\Windows Sidebar\sidebar.exe 6.0.6001.18000 Microsoft Corporation
1176 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 4.1.509.1944 Google Inc.
3720 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe 1.7.8000.182
876 C:\Windows\system32\igfxsrvc.exe 7.14.10.1280 Intel Corporation
3952 C:\Windows\ehome\ehmsas.exe 6.0.6001.18000 Microsoft Corporation
2584 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe 7.0.1.7 TOSHIBA CORPORATION
3920 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 8.0.0.0 Lavasoft
5156 C:\Windows\system32\wuauclt.exe 7.4.7600.226 Microsoft Corporation
4244 C:\Program Files\AOL 9.1\waol.exe 9.5.0.1 AOL, LLC.
4552 C:\Program Files\AOL 9.1\shellmon.exe 9.5.0.1 AOL, LLC.
3876 C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe 3.0.0.4 AOL LLC
5680 C:\Program Files\Mozilla Firefox\firefox.exe 1.9.0.3526 Mozilla Corporation
5656 C:\Users\broomflyer\Desktop\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.
5040 C:\Users\broomflyer\Desktop\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.
5748 C:\Windows\system32\NOTEPAD.EXE 6.0.6001.18000 Microsoft Corporation
5184 C:\Users\broomflyer\Desktop\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.
5044 C:\Users\broomflyer\Desktop\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.
Not seeing anything there that looks bad.
Can you try running safe mode with networking to run those tools?
Hello,
I booted up in safe mode and was able to run all three items you suggest. Below are the logs from Rkill, Exehelper, and Ibprocman.
exeHelper by Raktor
Build 20100414
Run at 12:14:21 on 08/24/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Process list saved on 12:26:32 PM, on 8/24/2010
Platform: WinNT 6.00.1905 SP1
[pid] [full path to filename] [file version] [company name]
1664 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 8.0.0.0 Lavasoft
264 C:\Windows\Explorer.exe 6.0.6001.18164 Microsoft Corporation
2016 C:\Windows\system32\NOTEPAD.EXE 6.0.6001.18000 Microsoft Corporation
1992 C:\Program Files\Mozilla Firefox\firefox.exe 1.9.0.3526 Mozilla Corporation
1980 C:\Windows\System32\notepad.exe 6.0.6001.18000 Microsoft Corporation
1372 C:\Users\broomflyer\Desktop\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as broomflyer on 08/24/2010 at 12:13:31.
Processes terminated by Rkill or while it was running:
C:\Users\broomflyer\Desktop\rkill.com
Rkill completed on 08/24/2010 at 12:13:33.
You also need to run the tools suggested in the sticky immediately after running those above :).
The idea of running rkill and exehelper are so that you can run the othes.
I'm sorry, I'm not understanding this. Do mean to run what is suggested in the "assistance" area?
Yes.
Just wanted to update you. I have begun running the scans and will hopefully report back to you this evening.
No worries :)
Hello,
I ran Microsoft Windows Malicious Software Removal Tool and the scan came up clean.
Also Ran ATF-Cleaner.exe. and followed all directions.
I could not get GMER Rootkit Scanner to run. It froze up my computer.
Ran Malwarebytes, updated it and scanned the entire computer. Results below.
Ran DDS ScanLog. Results below.
Malwarebytes Results:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4476
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
8/25/2010 5:12:07 PM
mbam-log-2010-08-25 (17-12-07).txt
Scan type: Full scan (C:\|)
Objects scanned: 305405
Time elapsed: 2 hour(s), 30 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS Attach.txt Scan Results
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2007 11:19:32 AM
System Uptime: 8/25/2010 2:37:22 PM (4 hours ago)
Motherboard: Intel Corporation | | SANTA ROSA CRB
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 185 GiB total, 52.596 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1172: 8/19/2010 7:54:15 AM - Scheduled Checkpoint
RP1173: 8/20/2010 7:08:11 AM - Windows Update
RP1174: 8/20/2010 7:12:58 AM - Windows Update
RP1175: 8/21/2010 9:33:04 AM - Scheduled Checkpoint
RP1176: 8/22/2010 2:24:31 PM - Removed AVG 8.5
RP1178: 8/22/2010 2:36:57 PM - avast! Free Antivirus Setup
RP1179: 8/23/2010 10:16:39 AM - Windows Update
RP1180: 8/24/2010 7:27:18 AM - Windows Update
RP1181: 8/25/2010 6:00:53 PM - Scheduled Checkpoint
==== Installed Programs ======================
Leawo Free DVD to AVI Converter version 2.2.1.0
7-Zip 4.65
AC3Filter 1.63b
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AnyDVD
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AutoUpdate
avast! Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Blaze Media Pro
Bluetooth Stack for Windows by Toshiba
Bookworm Deluxe 1.13
Broadcom High Definition Video Decoder
Camera Assistant Software for Toshiba
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
CDex extraction audio
Chicktionary
ConvertXtoDVD 3.3.4.106e
Corel Paint Shop Pro Photo X2
Coupon Printer for Windows
Dell Photo Printer 720
Desktop Dialer
Diner Dash - Flo on the Go
DivX Codec
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
DVD Shrink 3.2
FATE
Flip Words
Free Mp3 Wma Converter V 1.81
Free YouTube Download 2.2
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hangman Pro
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Offers
IrfanView (remove only)
Jasc Animation Shop 3
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
Mah Jong Quest
Malwarebytes' Anti-Malware
Marvell Miniport Driver
mCore
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Microsoft XML Parser
mMHouse
Mozilla Firefox (3.0.14)
mPfMgr
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Nero 8
neroxml
Netflix Movie Viewer
oggcodecs 0.71.0946
OpenOffice.org 3.2
Panda ActiveScan 2.0
Penguins!
Picasa 3
Polar Bowler
Polar Golfer
puzzle.watype.net/jigsawlite
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RTC Client API v1.2
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype Toolbars
Skype™ 4.2
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA HD DVD PLAYER
TOSHIBA Media Center Game Console
TOSHIBA Music
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uninstall 1.0.0.1
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
Word Whomp To Go
WordPerfect Lightning
WordPerfect Lightning - EN
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM T EN
WordPerfect Office X4 - MAIL
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
Xvid 1.1.3 final uninstall
Yahoo! Music Jukebox
==== End Of File ===========================
DDS.Text Scan Results:
DDS (Ver_10-03-17.01) - NTFSx86
Run by broomflyer at 18:26:41.39 on Wed 08/25/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1027 [GMT -4:00]
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dlbccoms.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\aol\1198601796\ee\aolsoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Users\broomflyer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe.e
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.1; AOLBuild 4334.34; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.johnnyrivers.com/jr/soulcity.html"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HostManager] c:\program files\common files\aol\1198601796\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: blogspot.com\yooray
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: smartsource.com\www
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\broomf~1\appdata\roaming\mozilla\firefox\profiles\v5qks7yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ab&query=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\broomflyer\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\broomflyer\appdata\roaming\mozilla\firefox\profiles\v5qks7yc.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\broomflyer\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\broomflyer\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-17 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-24 28544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-22 165456]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-22 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-22 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 DXSOFTIO;DXSOFTIO;c:\windows\system32\drivers\DXSOFTIO.SYS [2010-2-7 3824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-6-12 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-2 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-08-24 21:24:44 0 d-----w- c:\program files\SpywareBlaster
2010-08-22 18:40:01 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-22 18:38:03 38848 ----a-w- c:\windows\avastSS.scr
2010-08-22 18:37:44 0 d-----w- c:\programdata\Alwil Software
2010-08-22 13:55:22 0 d--h--w- c:\windows\PIF
2010-08-22 13:43:13 0 d-----w- c:\users\broomflyer\exehelper
2010-08-12 11:54:57 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 11:54:55 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 11:54:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 11:54:46 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 11:54:42 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 11:54:37 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 11:54:33 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 11:54:32 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-07 16:59:42 0 d-----w- c:\users\broomf~1\appdata\roaming\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1
2010-08-07 16:58:16 0 d-----w- c:\program files\puzzle.watype.net
==================== Find3M ====================
2010-08-24 19:16:14 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2010-06-28 16:17:26 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-23 18:57:39 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-11 15:31:42 274432 ----a-w- c:\windows\system32\schannel.dll
2010-05-23 11:39:38 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-23 11:39:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-07-05 12:42:47 86016 ----a-w- c:\windows\inf\infstor.dat
2008-06-29 22:51:53 174 --sha-w- c:\program files\desktop.ini
2008-06-29 22:35:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-30 01:24:08 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-11-30 01:24:08 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-11-30 01:24:08 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-08 19:49:23 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-01-08 19:49:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009010820090109\index.dat
============= FINISH: 18:27:51.72 ===============
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
I followed the directions for combofix. Now I cannot open any programs on that computer. I receive the following message:
Illegal operation attempted on a registry key that has been marked for deletion.
Can you help me with this please?
I also cannot send you the log from combox fix.
Can you boot into safe mode and then do a system restore back a couple of weeks, then boot normally.
Hello,
My apologies for not replying back sooner. My Internet has been out. Finally got it back.
I rebooted my computer and everything is back to normal. I didn't have to use safe mode and system restore to access anything on the computer.
Here is the combofix log:
ComboFix 10-08-24.0C - broomflyer 08/26/2010 12:05:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1077 [GMT -4:00]
Running from: c:\users\broomflyer\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\broomflyer\AppData\Roaming\inst.exe
c:\users\broomflyer\AppData\Roaming\Microsoft\~DFKd9c1ad.tmp
c:\users\broomflyer\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\bass.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\peaadje.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\broomflyer\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\wininit.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-24 21:24 . 2010-08-24 21:26 -------- d-----w- c:\program files\SpywareBlaster
2010-08-22 18:40 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-22 18:40 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-22 18:40 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-22 18:40 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-22 18:40 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-22 18:38 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-22 18:38 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-22 18:37 . 2010-08-22 18:37 -------- d-----w- c:\programdata\Alwil Software
2010-08-22 18:37 . 2010-08-22 18:37 -------- d-----w- c:\program files\Alwil Software
2010-08-22 13:55 . 2010-08-22 13:55 -------- d--h--w- c:\windows\PIF
2010-08-22 13:43 . 2010-08-22 13:44 -------- d-----w- c:\users\broomflyer\exehelper
2010-08-22 00:00 . 2010-08-22 18:10 -------- d-----w- c:\users\broomflyer\AppData\Local\qanhjdnge
2010-08-12 11:54 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 11:54 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 11:54 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 11:54 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 11:54 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 11:54 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 11:54 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 11:54 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-07 16:59 . 2010-08-07 16:59 -------- d-----w- c:\users\broomflyer\AppData\Roaming\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1
2010-08-07 16:58 . 2010-08-07 16:58 -------- d-----w- c:\program files\puzzle.watype.net
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 16:01 . 2009-01-06 22:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-24 19:16 . 2008-10-20 18:47 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2010-08-23 23:01 . 2007-12-25 19:01 -------- d-----w- c:\program files\Rhapsody
2010-08-23 20:06 . 2008-03-17 19:58 -------- d-----w- c:\program files\Coupons
2010-08-22 18:25 . 2008-09-28 23:28 -------- d-----w- c:\programdata\avg8
2010-08-22 13:52 . 2009-10-06 01:44 1356 ----a-w- c:\users\broomflyer\AppData\Local\d3d9caps.dat
2010-08-13 11:19 . 2007-08-29 15:29 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 17:01 . 2010-03-19 20:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 18:46 . 2010-06-23 18:55 -------- d-----w- c:\users\broomflyer\AppData\Roaming\Skype
2010-07-30 16:07 . 2010-06-23 18:57 -------- d-----w- c:\users\broomflyer\AppData\Roaming\skypePM
2010-06-28 16:17 . 2010-08-12 11:55 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 11:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-23 18:57 . 2010-06-23 18:57 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-21 22:53 . 2007-12-25 16:24 98584 ----a-w- c:\users\broomflyer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 15:31 . 2010-08-12 11:55 274432 ----a-w- c:\windows\system32\schannel.dll
2008-07-05 18:36 . 2008-07-05 18:31 24 --sh--w- c:\windows\S76461ECB.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-04 865840]
"NDSTray.exe"="NDSTray.exe" [BU]
"HostManager"="c:\program files\Common Files\AOL\1198601796\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^broomflyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\broomflyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^broomflyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\broomflyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-02 01:25 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-09-09 19:12 89024 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 19:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 20:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-18 20:53 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-06-12 18:03 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-18 18:31 133104 ----atw- c:\users\broomflyer\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 13:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2008-03-21 05:36 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-13 22:36 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-01 23:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-19 07:36 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-18 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
S2 DXSOFTIO;DXSOFTIO; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:25]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 23:43]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 23:43]
2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819412295-2399782739-3496327266-1000Core.job
- c:\users\broomflyer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 18:31]
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819412295-2399782739-3496327266-1000UA.job
- c:\users\broomflyer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: blogspot.com\yooray
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: smartsource.com\www
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
FF - ProfilePath - c:\users\broomflyer\AppData\Roaming\Mozilla\Firefox\Profiles\v5qks7yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ab&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\broomflyer\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\broomflyer\AppData\Roaming\Mozilla\Firefox\Profiles\v5qks7yc.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\broomflyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\broomflyer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 12:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\AOL 9.1\waol.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-08-26 12:42:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 16:42
Pre-Run: 54,246,383,616 bytes free
Post-Run: 57,111,056,384 bytes free
- - End Of File - - 0200A8F611D41884C557F796F39607AC
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Folder::
c:\users\broomflyer\AppData\Local\qanhjdnge
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
============
Let me know how the PC is now please.
Hello,
My computer seems to running fine now. Here is the log you requested from Combofix.
ComboFix 10-08-24.0C - broomflyer 08/29/2010 17:52:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1213 [GMT -4:00]
Running from: c:\users\broomflyer\Desktop\ComboFix.exe
Command switches used :: c:\users\broomflyer\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\broomflyer\AppData\Local\qanhjdnge
Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\wininit.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.
2010-08-29 22:03 . 2010-08-29 22:17 -------- d-----w- c:\users\broomflyer\AppData\Local\temp
2010-08-29 22:03 . 2010-08-29 22:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-29 22:03 . 2010-08-29 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-28 14:07 . 2010-08-28 14:56 -------- d-----w- c:\users\broomflyer\AppData\Local\Adobe
2010-08-24 21:24 . 2010-08-24 21:26 -------- d-----w- c:\program files\SpywareBlaster
2010-08-22 18:40 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-22 18:40 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-22 18:40 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-22 18:40 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-22 18:40 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-22 18:38 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-22 18:38 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-22 18:37 . 2010-08-22 18:37 -------- d-----w- c:\programdata\Alwil Software
2010-08-22 18:37 . 2010-08-22 18:37 -------- d-----w- c:\program files\Alwil Software
2010-08-22 13:55 . 2010-08-22 13:55 -------- d--h--w- c:\windows\PIF
2010-08-22 13:43 . 2010-08-22 13:44 -------- d-----w- c:\users\broomflyer\exehelper
2010-08-12 11:54 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 11:54 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 11:54 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 11:54 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 11:54 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 11:54 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 11:54 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 11:54 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-07 16:59 . 2010-08-07 16:59 -------- d-----w- c:\users\broomflyer\AppData\Roaming\net.watype.puzzle.jigsawlite.59CF40312C069B2E5F3F9C70D453B8E2C77D2E60.1
2010-08-07 16:58 . 2010-08-07 16:58 -------- d-----w- c:\program files\puzzle.watype.net
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 14:35 . 2007-06-12 18:27 -------- d-----w- c:\program files\Java
2010-08-28 01:36 . 2008-03-17 19:58 -------- d-----w- c:\program files\Coupons
2010-08-26 16:01 . 2009-01-06 22:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-24 19:16 . 2008-10-20 18:47 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2010-08-23 23:01 . 2007-12-25 19:01 -------- d-----w- c:\program files\Rhapsody
2010-08-22 18:25 . 2008-09-28 23:28 -------- d-----w- c:\programdata\avg8
2010-08-22 13:52 . 2009-10-06 01:44 1356 ----a-w- c:\users\broomflyer\AppData\Local\d3d9caps.dat
2010-08-13 11:19 . 2007-08-29 15:29 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 11:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 17:01 . 2010-03-19 20:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-30 18:46 . 2010-06-23 18:55 -------- d-----w- c:\users\broomflyer\AppData\Roaming\Skype
2010-07-30 16:07 . 2010-06-23 18:57 -------- d-----w- c:\users\broomflyer\AppData\Roaming\skypePM
2010-07-17 09:00 . 2010-04-23 23:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-28 16:17 . 2010-08-12 11:55 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 11:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-23 18:57 . 2010-06-23 18:57 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-21 22:53 . 2007-12-25 16:24 98584 ----a-w- c:\users\broomflyer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 15:31 . 2010-08-12 11:55 274432 ----a-w- c:\windows\system32\schannel.dll
2008-07-05 18:36 . 2008-07-05 18:31 24 --sh--w- c:\windows\S76461ECB.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-19 1233920]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-04 865840]
"NDSTray.exe"="NDSTray.exe" [BU]
"HostManager"="c:\program files\Common Files\AOL\1198601796\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^broomflyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\broomflyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^broomflyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\broomflyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-05-22 23:32 538744 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-02 01:25 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-09-09 19:12 89024 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 19:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 20:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-18 20:53 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-06-12 18:03 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-18 18:31 133104 ----atw- c:\users\broomflyer\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-07 23:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 13:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2008-03-21 05:36 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-13 22:36 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-03-22 18:46 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-01 23:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2007-03-29 17:39 411192 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-19 07:36 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-18 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
S2 DXSOFTIO;DXSOFTIO; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:25]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 23:43]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 23:43]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819412295-2399782739-3496327266-1000Core.job
- c:\users\broomflyer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 18:31]
2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-819412295-2399782739-3496327266-1000UA.job
- c:\users\broomflyer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: blogspot.com\yooray
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: smartsource.com\www
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
FF - ProfilePath - c:\users\broomflyer\AppData\Roaming\Mozilla\Firefox\Profiles\v5qks7yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ab&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\broomflyer\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\broomflyer\AppData\Roaming\Mozilla\Firefox\Profiles\v5qks7yc.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\broomflyer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\broomflyer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-08-29 18:29:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 22:29
ComboFix2.txt 2010-08-26 16:42
Pre-Run: 61,406,105,600 bytes free
Post-Run: 61,065,441,280 bytes free
- - End Of File - - 86A88B534AAA761929513C05CD3EEE7F
Ok. Lets just run an on-line scan to check for any leftovers.
Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
NOTE: If you are unable to complete the ESET scan, please try another from the list below:
• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner
Hello,
I ran ESET and here are the scan results:
C:\Users\broomflyer\Documents\nero\NERO 8.1.1.4\Nero-8.1.1.4_eng_trial.exe Win32/Toolbar.AskSBar application
C:\Users\broomflyer\software\nero 7\Nero 7.8.5.0\Nero-7.8.5.0 eng.exe Win32/Toolbar.AskSBar application
C:\Users\broomflyer\software\nero desktop\NERO 8.1.1.4\Nero-8.1.1.4_eng_trial.exe Win32/Toolbar.AskSBar application
You should delete those files and then then you are good to go.
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
crunchie,
I finished the last two items, deleting those files and using OTC.exe. I would like to thank you so very much for your help, expertise, time and patience with me. My computer is running great now.
You are welcome :).
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.