Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

win 7 total security infection

Started by coffeemetalcode , Jun 03 2011 08:23 PM

  • This topic is locked This topic is locked
20 replies to this topic

#1 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 03 June 2011 - 08:23 PM

I'm working on my mom's laptop which has a "Win 7 Total Security" infection. I'm comfortable following technical instructions, but I'm a GNU/Linux user and haven't used Windows for a couple of versions now (since XP).

Attempting to be proactive, I've already done a HJT scan and a D.D.S. scan. I'll post the results below.

Thanks in advance.

HTJ:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:04 PM, on 6/3/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iBryte\playbryte\iBryteDesktop.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Users\Laura\AppData\Local\twu.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Laura\AppData\Local\twu.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Laura\Desktop\malware\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CA Anti-Phishing Toolbar Helper - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
O3 - Toolbar: CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
O3 - Toolbar: PlayBryte Toolbar - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - mscoree.dll (file missing)
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WinSock Extention Manager (WinExtManager) - Unknown owner - C:\Windows\SysWOW64\mdmcls32.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\Windows\SysWOW64\svcprs32.exe
O23 - Service: WinSvchostManagerSrv - Unknown owner - C:\windows\SysWOW64\cfgmig32.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11387 bytes


D.D.S.:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Laura at 22:09:12.65 on Fri 06/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.550 [GMT -4:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2}
FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\SysWOW64\mdmcls32.exe
C:\Windows\SysWOW64\svcprs32.exe
C:\windows\SysWOW64\cfgmig32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iBryte\playbryte\iBryteDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Users\Laura\AppData\Local\twu.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\Laura\AppData\Local\twu.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\consent.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Users\Laura\Desktop\malware\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: PlayBryte Toolbar: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - mscoree.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: winsflt.dll
LSP: C:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
BHO-X64: CA Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: CA Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun-x64: [(Default)]
mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
AppInit_DLLs-X64: UmxSbxExA64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://home.alot.com/?src_id=12133&client_id=4cebb2de33a6054d18222894&camp_id=2341&install_time=2011-05-14T15:12:34Z&tb_version=2.4.4000%28F%29
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox\components\CAFxToolBar.dll
FF - component: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\extensions\toolbar@alot.com\components\AlotXpcom.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Radio TV 1.1 Community Toolbar: {060a0a36-13dc-407d-b055-5a9accd8e083} - %profile%\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083}
FF - Ext: PlayBryte: playbryte@playbryte.com - %profile%\extensions\playbryte@playbryte.com
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;C:\Windows\System32\drivers\KmxAMRT.sys [2010-9-17 143952]
R0 KmxFw;KmxFw;C:\Windows\System32\drivers\KmxFw.sys [2010-9-24 154448]
R1 KmxAgent;KmxAgent;C:\Windows\System32\drivers\KmxAgent.sys [2010-3-22 108024]
R1 KmxCfg;KmxCfg;C:\Windows\System32\drivers\KmxCfg.sys [2010-6-9 337744]
R1 KmxFile;KmxFile;C:\Windows\System32\drivers\KmxFile.sys [2010-9-24 85072]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\System32\drivers\KmxFilter.sys [2010-9-24 88144]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-10 202752]
R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2010-10-20 292168]
R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2010-10-20 301568]
R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-5-17 285520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 KmxCF;KmxCF;C:\Windows\System32\drivers\KmxCF.sys [2010-9-24 199760]
R2 KmxSbx;KmxSbx;C:\Windows\System32\drivers\KmxSbx.sys [2010-9-24 71248]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-8-10 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-8-10 126392]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-8-4 1479160]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-8-24 740160]
R2 UmxPol;HIPS Policy Manager;C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-9-17 301648]
R2 WinExtManager;WinSock Extention Manager;C:\Windows\SysWOW64\mdmcls32.exe [2010-8-30 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;C:\Windows\SysWOW64\svcprs32.exe [2010-8-30 1377008]
R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2010-10-20 259408]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-8-10 6403072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-10 188928]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-8-10 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-10 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 232992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-30 23:03:49 -------- d-----w- C:\windows\en
2011-05-30 23:00:13 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2011-05-30 22:58:24 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-05-30 22:57:50 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-05-30 22:57:37 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-05-30 22:57:36 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-05-30 22:57:35 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-05-30 22:57:35 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-05-30 22:48:36 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b50929b11cc1f1b23\InstallManager_WLE_WLE.exe
2011-05-30 22:48:01 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a0a9c2bd1cc1f1b1a\MeshBetaRemover.exe
2011-05-30 22:47:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DSETUP.dll
2011-05-30 22:47:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DXSETUP.exe
2011-05-30 22:47:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\dsetup32.dll
2011-05-30 22:47:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DSETUP.dll
2011-05-30 22:47:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DXSETUP.exe
2011-05-30 22:47:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\dsetup32.dll
2011-05-30 20:22:24 327680 --sha-w- C:\Users\Laura\AppData\Local\twu.exe
2011-05-30 20:22:02 327680 --sha-w- C:\Users\Laura\AppData\Local\jrj.exe
2011-05-28 11:11:26 8718160 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E9CD098F-04DF-4C55-909B-A10536BE4991}\mpengine.dll
2011-05-25 01:17:20 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-05-20 14:27:34 8718160 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-05-19 11:46:43 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-05-19 11:46:42 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-05-14 15:08:57 -------- d-----w- C:\Program Files (x86)\iBryte
2011-05-14 15:08:19 -------- d-----w- C:\Program Files (x86)\Yontoo Layers
2011-05-14 15:08:18 -------- d-----w- C:\PROGRA~3\Tarma Installer
2011-05-11 17:26:57 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-05-11 17:26:56 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:26:56 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-05-06 23:03:00 53248 ----a-r- C:\Users\Laura\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
==================== Find3M ====================
.
2011-04-01 05:10:46 539232 ----a-w- C:\windows\SysWow64\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- C:\windows\SysWow64\LVUI2.dll
2011-04-01 05:08:36 301664 ----a-w- C:\windows\SysWow64\lvcodec2.dll
2011-04-01 05:07:54 4184672 ----a-w- C:\windows\System32\drivers\lvuvc64.sys
2011-04-01 05:07:30 559712 ----a-w- C:\windows\System32\LVUIRC64.dll
2011-04-01 05:07:08 767584 ----a-w- C:\windows\System32\LVUI64.dll
2011-04-01 05:07:02 10877272 ----a-w- C:\windows\SysWow64\LogiDPP.dll
2011-04-01 05:07:02 10877272 ----a-w- C:\windows\System32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- C:\windows\SysWow64\LogiDPPApp.exe
2011-04-01 05:07:02 102744 ----a-w- C:\windows\System32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- C:\windows\SysWow64\DevManagerCore.dll
2011-04-01 05:06:56 331608 ----a-w- C:\windows\System32\DevManagerCore.dll
2011-04-01 05:06:22 341856 ----a-w- C:\windows\System32\drivers\lvrs64.sys
2011-04-01 05:05:38 261728 ----a-w- C:\windows\System32\lvco13251014.dll
2011-04-01 05:05:16 172128 ----a-w- C:\windows\System32\lvcod64.dll
2011-04-01 04:56:20 39318 ----a-w- C:\windows\System32\Repository.reg
2011-03-23 04:02:22 15192 ----a-w- C:\windows\System32\drivers\iKeyLFT264.dll
2011-03-12 12:03:46 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
.
============= FINISH: 22:11:21.46 ===============

    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 05 June 2011 - 10:30 PM

Hi notesetter,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 06 June 2011 - 06:55 AM

Hi Tomk, Thanks for the reply. I'll read your post and follow all instructions today, probably this afternoon.

#4 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 06 June 2011 - 08:36 PM

Hi Tomk, I had some issues turning off CA Securituy Suite - it seems to consist only of a firewall. ComboFix complained that I hadn't turned off "CA Anti-spyware" and "CA Anti-virus," which don't appear in the system tray, program menu or anywhere in the CA Security panel. So I disabled the "firewall" and that seems to have done the trick - ComboFix completed a scan and produced a log, which I've posted below. I'll wait to hear for further instructions. Thanks, David ComboFix 11-06-06.02 - Laura 06/06/2011 21:51:44.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.525 [GMT -4:00] Running from: c:\users\Laura\Desktop\ComboFix.exe AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F} FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591} SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico . . ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 ))))))))))))))))))))))))))))))) . . 2011-06-07 02:10 . 2011-06-07 02:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-07 02:10 . 2011-06-07 02:10 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-06-07 02:10 . 2011-06-07 02:10 -------- d-----w- c:\users\Bruce\AppData\Local\temp 2011-06-07 01:35 . 2011-06-07 01:42 -------- d-----w- C:\32788R22FWJFW 2011-05-30 23:03 . 2011-05-30 23:03 -------- d-----w- c:\windows\en 2011-05-30 23:00 . 2011-05-30 23:00 -------- dc----w- c:\windows\system32\DRVSTORE 2011-05-30 23:00 . 2010-09-23 04:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-05-30 22:59 . 2011-05-30 23:00 -------- d-----w- c:\program files\Windows Live 2011-05-30 22:58 . 2011-05-30 22:58 -------- d-----w- c:\program files (x86)\MSN Toolbar 2011-05-30 22:57 . 2011-05-30 22:58 -------- d-----w- c:\program files (x86)\Bing Bar Installer 2011-05-30 22:57 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-05-30 22:57 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-05-30 22:57 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-05-30 22:57 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-05-30 22:48 . 2011-05-30 22:48 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b50929b11cc1f1b23\InstallManager_WLE_WLE.exe 2011-05-30 22:48 . 2011-05-30 22:48 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a0a9c2bd1cc1f1b1a\MeshBetaRemover.exe 2011-05-30 22:47 . 2011-05-30 22:47 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DSETUP.dll 2011-05-30 22:47 . 2011-05-30 22:47 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DXSETUP.exe 2011-05-30 22:47 . 2011-05-30 22:47 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\dsetup32.dll 2011-05-30 22:47 . 2011-05-30 22:47 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DSETUP.dll 2011-05-30 22:47 . 2011-05-30 22:47 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DXSETUP.exe 2011-05-30 22:47 . 2011-05-30 22:47 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\dsetup32.dll 2011-05-28 11:11 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9CD098F-04DF-4C55-909B-A10536BE4991}\mpengine.dll 2011-05-25 01:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-19 11:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-19 11:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-05-14 15:08 . 2011-05-14 15:08 -------- d-----w- c:\program files (x86)\iBryte 2011-05-14 15:08 . 2011-05-14 15:08 -------- d-----w- c:\program files (x86)\Yontoo Layers 2011-05-14 13:48 . 2011-05-14 13:50 -------- d-----w- c:\users\Bruce\AppData\Local\Adobe 2011-05-11 17:26 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-11 17:26 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-05-11 17:26 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-30 23:00 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 23:03 . 2011-05-06 23:03 53248 ----a-r- c:\users\Laura\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-04-01 05:10 . 2011-04-01 05:10 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll 2011-04-01 05:10 . 2011-04-01 05:10 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll 2011-04-01 05:08 . 2011-04-01 05:08 301664 ----a-w- c:\windows\SysWow64\lvcodec2.dll 2011-04-01 05:07 . 2011-04-01 05:07 4184672 ----a-w- c:\windows\system32\drivers\lvuvc64.sys 2011-04-01 05:07 . 2011-04-01 05:07 559712 ----a-w- c:\windows\system32\LVUIRC64.dll 2011-04-01 05:07 . 2011-04-01 05:07 767584 ----a-w- c:\windows\system32\LVUI64.dll 2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\SysWow64\LogiDPP.dll 2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll 2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe 2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe 2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\SysWow64\DevManagerCore.dll 2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll 2011-04-01 05:06 . 2011-04-01 05:06 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys 2011-04-01 05:05 . 2011-04-01 05:05 261728 ----a-w- c:\windows\system32\lvco13251014.dll 2011-04-01 05:05 . 2011-04-01 05:05 172128 ----a-w- c:\windows\system32\lvcod64.dll 2011-04-01 04:56 . 2011-04-01 04:56 39318 ----a-w- c:\windows\system32\Repository.reg 2011-03-23 04:02 . 2011-03-23 04:02 15192 ----a-w- c:\windows\system32\drivers\iKeyLFT264.dll 2011-03-12 12:03 . 2011-04-27 00:10 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-03-12 11:31 . 2011-04-27 00:10 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-03-11 06:23 . 2011-04-27 00:08 187264 ----a-w- c:\windows\system32\drivers\storport.sys 2011-03-11 06:23 . 2011-04-27 00:08 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-03-11 06:23 . 2011-04-27 00:08 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-03-11 06:23 . 2011-04-27 00:08 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-03-11 06:23 . 2011-04-27 00:08 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-03-11 06:22 . 2011-04-27 00:08 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-03-11 06:22 . 2011-04-27 00:08 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-03-11 06:19 . 2011-04-14 21:02 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-03-11 06:19 . 2011-04-14 21:02 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 06:18 . 2011-04-27 00:08 2566144 ----a-w- c:\windows\system32\esent.dll 2011-03-11 06:15 . 2011-04-27 00:08 96768 ----a-w- c:\windows\system32\fsutil.exe 2011-03-11 05:40 . 2011-04-14 21:02 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-03-11 05:40 . 2011-04-14 21:02 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-03-11 05:39 . 2011-04-27 00:08 1686016 ----a-w- c:\windows\SysWow64\esent.dll 2011-03-11 05:37 . 2011-04-27 00:08 74240 ----a-w- c:\windows\SysWow64\fsutil.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}] 2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-02-28 22:11 191488 ------w- c:\program files (x86)\Yontoo Layers\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{b278d9f8-0fa9-465e-9938-0c392605d8e3}"= "mscoree.dll" [2009-11-25 297808] . [HKEY_CLASSES_ROOT\clsid\{b278d9f8-0fa9-465e-9938-0c392605d8e3}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808] "iBryte playbryte Desktop"="c:\program files (x86)\iBryte\playbryte\ibrytedesktop.exe" [2011-05-14 167936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2009-03-27 19:27 79368 ----a-w- c:\windows\System32\UmxWNP.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x] S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x] S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x] S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x] S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x] S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-02-02 292168] S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-05-17 285520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x] S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-11-01 115056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 1479160] S2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-08-24 740160] S2 UmxPol;HIPS Policy Manager;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-09-17 301648] S2 WinExtManager;WinSock Extention Manager;c:\windows\SysWOW64\mdmcls32.exe [2010-02-28 2347760] S2 WinSvchostManager;WinSock Svchost Manager;c:\windows\SysWOW64\svcprs32.exe [2010-02-28 1377008] S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2010-10-20 259408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . Contents of the 'Scheduled Tasks' folder . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 21:08] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 21:08] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-05-17 2952016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm LSP: winsflt.dll LSP: c:\windows\system32\VetRedir.dll TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://home.alot.com/?src_id=12133&client_id=4cebb2de33a6054d18222894&camp_id=2341&install_time=2011-05-14T15:12Z&tb_version=2.4.4000%28F%29 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Radio TV 1.1 Community Toolbar: {060a0a36-13dc-407d-b055-5a9accd8e083} - %profile%\extensions\{060a0a36-13dc-407d-b055-5a9accd8e083} FF - Ext: PlayBryte: playbryte@playbryte.com - %profile%\extensions\playbryte@playbryte.com FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com FF - Ext: ALOT Toolbar: toolbar@alot.com - %profile%\extensions\toolbar@alot.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1990302578-417509972-701531922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1990302578-417509972-701531922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-06-06 22:18:42 ComboFix-quarantined-files.txt 2011-06-07 02:18 . Pre-Run: 189,740,888,064 bytes free Post-Run: 200,281,796,608 bytes free . - - End Of File - - 6883D2D23E6C5071F18C44B74F205DE6

#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 June 2011 - 10:11 PM

notesetter,

I'm not seeing the classic signs of the Windows 7 total security virus.

Let' get a couple other scans.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Then

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 07 June 2011 - 04:05 PM

Hi Tomk, Thanks for your help thus far. When I first started working with this machine, there were all varieties of pop-up "warnings" from "win 7 total security" prompting me to "activate" the product in order to get rid of the "virus" that was infecting the computer. Also, Firefox and Internet Explorer both were crippled, not being able to navigate away from a page prompting me again to "activate" "win 7 total security." Since then I've been hopping back and forth between Windows 7 and a Linux Mint live CD (to read this forum and download the necessary repair utilities). When I booted back in to Windows 7 to carry out the ComboFix step, I was no longer getting the pop-ups. (I hypothesize that after a few days of running a GNU/Linux kernel, a computer just "feels" better :P ) That said, I've never known a rogue anti-virus ware to uninstall itself. At any rate, there are a lot of "toolbars" in the web browsers on this machine and so I've gotten rid of most of them and now the machine seems to be performing better. I'd like to make sure it's totally clean before I return it so that mums will have a better time of it. Here is the MalwareBytes report. I'll post the Eset results in a separate reply below. Thanks. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6795 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 6/7/2011 5:34:30 AM mbam-log-2011-06-07 (05-34-30).txt Scan type: Quick scan Objects scanned: 187793 Time elapsed: 16 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#7 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 07 June 2011 - 04:07 PM

...and here's the Eset log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=4f1a49245ac79d4a83d6c0202dc064c1 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-06-07 12:48:33 # local_time=2011-06-07 08:48:33 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=4864 16777215 100 0 24149180 24149180 0 0 # compatibility_mode=5893 16776574 66 94 0 58988292 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=151950 # found=2 # cleaned=0 # scan_time=6072 C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Laura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\29a7a457-1e324c9d a variant of Win32/Kryptik.OIU trojan (unable to clean) 00000000000000000000000000000000 I

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 June 2011 - 07:06 PM

notesetter,

I don't doubt that you were infected. I think your onboard security - or something- took care of it before I got involved. :thumbup:

Just a little touch up....

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 25

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon. Posted Image
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.


Then

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 08 June 2011 - 06:16 AM

Hi Tomk, Even though I've removed toolbars from Firefox and IE, I'm getting obnoxious ads interleaved with text on websites where they don't belong. I'd like to get rid of those if possible. Two of the toolbars that I uninstalled/disabled (that I consider to be 'suckware' - because the suck system resources and provide no benefit) are probably still lurking around. They were probably included as part of a free software installation. The outfits that promulgate these things are rather unscrupulous and likely direct users to sites where they can pick up malware of the "win 7 total security" and "ultimate defender" variety. I've attached a screen grab that illustrates what I'm talking about. Thanks again. Here's the latest ComboFix log: ComboFix 11-06-06.02 - Laura 06/07/2011 22:08:43.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.728 [GMT -4:00] Running from: c:\users\Laura\Desktop\ComboFix.exe Command switches used :: c:\users\Laura\Desktop\CFScript.txt AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F} FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591} SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\Yontoo Layers\YontooIEClient.dll" . . ((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))) . . 2011-06-08 02:22 . 2011-06-08 02:22 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-06-08 02:22 . 2011-06-08 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-08 02:22 . 2011-06-08 02:22 -------- d-----w- c:\users\Bruce\AppData\Local\temp 2011-06-08 01:52 . 2011-06-08 01:52 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-08 01:52 . 2011-06-08 01:52 -------- d-----w- c:\program files\Java 2011-06-08 01:40 . 2011-06-08 01:40 -------- d-----w- c:\users\Laura\AppData\Roaming\gtk-2.0 2011-06-08 01:30 . 2011-06-08 01:40 -------- d-----w- c:\users\Laura\.gimp-2.6 2011-06-08 01:29 . 2011-06-08 01:29 -------- d-----w- c:\program files (x86)\GIMP-2.0 2011-06-07 10:09 . 2011-06-07 10:09 -------- d-----w- c:\program files (x86)\ESET 2011-06-07 09:14 . 2011-06-07 09:14 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes 2011-06-07 09:14 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-07 09:14 . 2011-06-07 09:14 -------- d-----w- c:\programdata\Malwarebytes 2011-06-07 09:14 . 2011-06-07 09:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-06-07 09:14 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-30 23:03 . 2011-05-30 23:03 -------- d-----w- c:\windows\en 2011-05-30 23:00 . 2011-05-30 23:00 -------- dc----w- c:\windows\system32\DRVSTORE 2011-05-30 23:00 . 2010-09-23 04:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-05-30 22:59 . 2011-05-30 23:00 -------- d-----w- c:\program files\Windows Live 2011-05-30 22:57 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-05-30 22:57 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-05-30 22:57 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-05-30 22:57 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-05-30 22:48 . 2011-05-30 22:48 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b50929b11cc1f1b23\InstallManager_WLE_WLE.exe 2011-05-30 22:48 . 2011-05-30 22:48 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a0a9c2bd1cc1f1b1a\MeshBetaRemover.exe 2011-05-30 22:47 . 2011-05-30 22:47 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DSETUP.dll 2011-05-30 22:47 . 2011-05-30 22:47 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DXSETUP.exe 2011-05-30 22:47 . 2011-05-30 22:47 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\dsetup32.dll 2011-05-30 22:47 . 2011-05-30 22:47 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DSETUP.dll 2011-05-30 22:47 . 2011-05-30 22:47 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DXSETUP.exe 2011-05-30 22:47 . 2011-05-30 22:47 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\dsetup32.dll 2011-05-28 11:11 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9CD098F-04DF-4C55-909B-A10536BE4991}\mpengine.dll 2011-05-25 01:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-19 11:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-19 11:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-05-14 15:08 . 2011-05-14 15:08 -------- d-----w- c:\program files (x86)\iBryte 2011-05-14 15:08 . 2011-05-14 15:08 -------- d-----w- c:\program files (x86)\Yontoo Layers 2011-05-14 13:48 . 2011-05-14 13:50 -------- d-----w- c:\users\Bruce\AppData\Local\Adobe 2011-05-11 17:26 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-11 17:26 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-05-11 17:26 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-30 23:00 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 23:03 . 2011-05-06 23:03 53248 ----a-r- c:\users\Laura\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-04-01 05:10 . 2011-04-01 05:10 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll 2011-04-01 05:10 . 2011-04-01 05:10 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll 2011-04-01 05:08 . 2011-04-01 05:08 301664 ----a-w- c:\windows\SysWow64\lvcodec2.dll 2011-04-01 05:07 . 2011-04-01 05:07 4184672 ----a-w- c:\windows\system32\drivers\lvuvc64.sys 2011-04-01 05:07 . 2011-04-01 05:07 559712 ----a-w- c:\windows\system32\LVUIRC64.dll 2011-04-01 05:07 . 2011-04-01 05:07 767584 ----a-w- c:\windows\system32\LVUI64.dll 2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\SysWow64\LogiDPP.dll 2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll 2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe 2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe 2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\SysWow64\DevManagerCore.dll 2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll 2011-04-01 05:06 . 2011-04-01 05:06 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys 2011-04-01 05:05 . 2011-04-01 05:05 261728 ----a-w- c:\windows\system32\lvco13251014.dll 2011-04-01 05:05 . 2011-04-01 05:05 172128 ----a-w- c:\windows\system32\lvcod64.dll 2011-04-01 04:56 . 2011-04-01 04:56 39318 ----a-w- c:\windows\system32\Repository.reg 2011-03-23 04:02 . 2011-03-23 04:02 15192 ----a-w- c:\windows\system32\drivers\iKeyLFT264.dll 2011-03-12 12:03 . 2011-04-27 00:10 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-03-12 11:31 . 2011-04-27 00:10 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-03-11 06:23 . 2011-04-27 00:08 187264 ----a-w- c:\windows\system32\drivers\storport.sys 2011-03-11 06:23 . 2011-04-27 00:08 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-03-11 06:23 . 2011-04-27 00:08 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-03-11 06:23 . 2011-04-27 00:08 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-03-11 06:23 . 2011-04-27 00:08 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-03-11 06:22 . 2011-04-27 00:08 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-03-11 06:22 . 2011-04-27 00:08 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-03-11 06:19 . 2011-04-14 21:02 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-03-11 06:19 . 2011-04-14 21:02 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 06:18 . 2011-04-27 00:08 2566144 ----a-w- c:\windows\system32\esent.dll 2011-03-11 06:15 . 2011-04-27 00:08 96768 ----a-w- c:\windows\system32\fsutil.exe 2011-03-11 05:40 . 2011-04-14 21:02 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-03-11 05:40 . 2011-04-14 21:02 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-03-11 05:39 . 2011-04-27 00:08 1686016 ----a-w- c:\windows\SysWow64\esent.dll 2011-03-11 05:37 . 2011-04-27 00:08 74240 ----a-w- c:\windows\SysWow64\fsutil.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.12.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2011-06-07 08:50 50294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-08-30 22:10 . 2011-06-07 08:50 16838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1990302578-417509972-701531922-1000_UserData.bin - 2010-08-30 21:02 . 2011-05-30 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-30 21:02 . 2011-06-07 02:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-30 21:02 . 2011-05-30 22:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-30 21:02 . 2011-06-07 02:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-05-30 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-06-07 02:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-06-07 13:12 83688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2010-08-30 22:09 . 2011-06-08 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-30 22:09 . 2011-06-07 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-30 22:09 . 2011-06-07 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-30 22:09 . 2011-06-08 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-07 01:25 . 2011-06-07 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-07 01:25 . 2011-06-07 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-07 01:25 . 2011-06-07 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-06-07 01:25 . 2011-06-07 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-01 13:35 . 2011-06-07 23:11 571892 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2011-06-08 01:52 . 2011-06-08 01:52 190752 c:\windows\system32\javaws.exe + 2011-06-08 01:52 . 2011-06-08 01:52 171808 c:\windows\system32\javaw.exe + 2011-06-08 01:52 . 2011-06-08 01:52 171808 c:\windows\system32\java.exe - 2009-07-14 05:12 . 2010-08-30 22:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-06-07 02:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-06-08 01:50 . 2011-06-08 01:50 683520 c:\windows\Installer\3ac2a8f.msi - 2009-07-14 02:34 . 2011-06-07 01:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-06-07 20:13 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}] 2009-11-25 16:47 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-02-28 22:11 191488 ------w- c:\program files (x86)\Yontoo Layers\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{b278d9f8-0fa9-465e-9938-0c392605d8e3}"= "mscoree.dll" [2009-11-25 297808] . [HKEY_CLASSES_ROOT\clsid\{b278d9f8-0fa9-465e-9938-0c392605d8e3}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808] "iBryte playbryte Desktop"="c:\program files (x86)\iBryte\playbryte\ibrytedesktop.exe" [2011-05-14 167936] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2009-03-27 19:27 79368 ----a-w- c:\windows\System32\UmxWNP.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x] S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x] S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x] S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x] S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x] S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-02-02 292168] S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-05-17 285520] S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x] S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-11-01 115056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 1479160] S2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-08-24 740160] S2 UmxPol;HIPS Policy Manager;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-09-17 301648] S2 WinExtManager;WinSock Extention Manager;c:\windows\SysWOW64\mdmcls32.exe [2010-02-28 2347760] S2 WinSvchostManager;WinSock Svchost Manager;c:\windows\SysWOW64\svcprs32.exe [2010-02-28 1377008] S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2010-10-20 259408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . Contents of the 'Scheduled Tasks' folder . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 21:08] . 2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 21:08] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU] "cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-05-17 2952016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm LSP: winsflt.dll LSP: c:\windows\system32\VetRedir.dll TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox FF - Ext: PlayBryte: playbryte@playbryte.com - %profile%\extensions\playbryte@playbryte.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1990302578-417509972-701531922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1990302578-417509972-701531922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-06-07 22:28:11 ComboFix-quarantined-files.txt 2011-06-08 02:28 ComboFix2.txt 2011-06-07 02:18 . Pre-Run: 197,714,513,920 bytes free Post-Run: 197,687,713,792 bytes free . - - End Of File - - 686250FC11BD41E74045A47474E3AFCE

Attached Thumbnails

  • obnoxious.png

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 June 2011 - 08:05 AM

notesetter, That is not actually a pop-up in the picture you provided. That is a google-ad. Those ads should disappear when you log in to the site. They only show for non registered users. Those ads pay for the bandwidth of the forum for all of the views of unregistered users just cruising through. They are normal for most forums, specifically if not logged in. Please run DDS again (as you did in post #1) and provide the logs. Also let me know of specific toolbars you would like to purge.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#11 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 08 June 2011 - 03:56 PM

Right then. There are also some side banner ads on networking sites like Facebook that I'm not used to seeing, so we'll see if purging the toolbars helps any. The two toolbars I've already deleted through Firefox settings (and maybe Windows control panel, I can't remember now) are Yontoo and Alot (and Alot, despite having been uninstalled, has continued to try to hijack Firefox's homepage setting even though I've changed it to something else). There's also something called Playbryte, which I don't know about. Thanks again, Here are the DDS logs: "DDS" . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Laura at 17:41:31.67 on Wed 06/08/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.567 [GMT -4:00] . AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2} FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Windows\SysWOW64\mdmcls32.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Windows\SysWOW64\svcprs32.exe C:\windows\SysWOW64\cfgmig32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\iBryte\playbryte\iBryteDesktop.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\wuauclt.exe C:\windows\system32\Wat\WatAdminSvc.exe C:\windows\system32\prevhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\Users\Laura\Desktop\malware\dds.scr C:\windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll TB: PlayBryte Toolbar: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - mscoree.dll TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: winsflt.dll LSP: C:\windows\system32\VetRedir.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: PFW - UmxWnp.Dll BHO-X64: CA Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: CA Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe mRun-x64: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe" AppInit_DLLs-X64: C:\Windows\System32\UmxSbxExA64.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox\components\CAFxToolBar.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox FF - Ext: PlayBryte: playbryte@playbryte.com - %profile%\extensions\playbryte@playbryte.com . ============= SERVICES / DRIVERS =============== . R0 KmxAMRT;KmxAMRT;C:\Windows\System32\drivers\KmxAMRT.sys [2010-9-17 143952] R0 KmxFw;KmxFw;C:\Windows\System32\drivers\KmxFw.sys [2010-9-24 154448] R1 KmxAgent;KmxAgent;C:\Windows\System32\drivers\KmxAgent.sys [2010-3-22 108024] R1 KmxCfg;KmxCfg;C:\Windows\System32\drivers\KmxCfg.sys [2010-6-9 337744] R1 KmxFile;KmxFile;C:\Windows\System32\drivers\KmxFile.sys [2010-9-24 85072] R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\System32\drivers\KmxFilter.sys [2010-9-24 88144] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-10 202752] R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2010-10-20 292168] R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2010-10-20 301568] R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-5-17 285520] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R2 KmxCF;KmxCF;C:\Windows\System32\drivers\KmxCF.sys [2010-9-24 199760] R2 KmxSbx;KmxSbx;C:\Windows\System32\drivers\KmxSbx.sys [2010-9-24 71248] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-8-10 115056] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-8-10 126392] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640] R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-8-4 1479160] R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-8-24 740160] R2 UmxPol;HIPS Policy Manager;C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-9-17 301648] R2 WinExtManager;WinSock Extention Manager;C:\Windows\SysWOW64\mdmcls32.exe [2010-8-30 2347760] R2 WinSvchostManager;WinSock Svchost Manager;C:\Windows\SysWOW64\svcprs32.exe [2010-8-30 1377008] R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2010-10-20 259408] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-8-10 6403072] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-10 188928] R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-8-10 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-10 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-30 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856] S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 232992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-06-08 01:52:57 525544 ----a-w- C:\windows\System32\deployJava1.dll 2011-06-08 01:30:25 -------- d-----w- C:\Users\Laura\.gimp-2.6 2011-06-08 01:29:30 -------- d-----w- C:\Program Files (x86)\GIMP-2.0 2011-06-07 10:09:16 -------- d-----w- C:\Program Files (x86)\ESET 2011-06-07 09:14:56 -------- d-----w- C:\Users\Laura\AppData\Roaming\Malwarebytes 2011-06-07 09:14:25 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-07 09:14:24 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-06-07 09:14:18 25912 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-06-07 09:14:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-06-07 01:42:59 98816 ----a-w- C:\windows\sed.exe 2011-06-07 01:42:59 518144 ----a-w- C:\windows\SWREG.exe 2011-06-07 01:42:59 256512 ----a-w- C:\windows\PEV.exe 2011-06-07 01:42:59 208896 ----a-w- C:\windows\MBR.exe 2011-05-30 23:03:49 -------- d-----w- C:\windows\en 2011-05-30 23:00:13 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys 2011-05-30 22:57:37 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll 2011-05-30 22:57:36 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll 2011-05-30 22:57:35 523088 ----a-w- C:\windows\System32\d3dx10_42.dll 2011-05-30 22:57:35 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll 2011-05-30 22:48:36 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b50929b11cc1f1b23\InstallManager_WLE_WLE.exe 2011-05-30 22:48:01 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a0a9c2bd1cc1f1b1a\MeshBetaRemover.exe 2011-05-30 22:47:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DSETUP.dll 2011-05-30 22:47:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DXSETUP.exe 2011-05-30 22:47:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\dsetup32.dll 2011-05-30 22:47:15 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DSETUP.dll 2011-05-30 22:47:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DXSETUP.exe 2011-05-30 22:47:15 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\dsetup32.dll 2011-05-28 11:11:26 8718160 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E9CD098F-04DF-4C55-909B-A10536BE4991}\mpengine.dll 2011-05-25 01:17:20 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys 2011-05-20 14:27:34 8718160 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2011-05-19 11:46:43 142336 ----a-w- C:\windows\System32\poqexec.exe 2011-05-19 11:46:42 123904 ----a-w- C:\windows\SysWow64\poqexec.exe 2011-05-14 15:08:57 -------- d-----w- C:\Program Files (x86)\iBryte 2011-05-14 15:08:19 -------- d-----w- C:\Program Files (x86)\Yontoo Layers 2011-05-11 17:26:57 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe 2011-05-11 17:26:56 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2011-05-11 17:26:56 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe . ==================== Find3M ==================== . 2011-04-01 05:10:46 539232 ----a-w- C:\windows\SysWow64\LVUI2RC.dll 2011-04-01 05:10:24 543328 ----a-w- C:\windows\SysWow64\LVUI2.dll 2011-04-01 05:08:36 301664 ----a-w- C:\windows\SysWow64\lvcodec2.dll 2011-04-01 05:07:54 4184672 ----a-w- C:\windows\System32\drivers\lvuvc64.sys 2011-04-01 05:07:30 559712 ----a-w- C:\windows\System32\LVUIRC64.dll 2011-04-01 05:07:08 767584 ----a-w- C:\windows\System32\LVUI64.dll 2011-04-01 05:07:02 10877272 ----a-w- C:\windows\SysWow64\LogiDPP.dll 2011-04-01 05:07:02 10877272 ----a-w- C:\windows\System32\LogiDPP.dll 2011-04-01 05:07:02 102744 ----a-w- C:\windows\SysWow64\LogiDPPApp.exe 2011-04-01 05:07:02 102744 ----a-w- C:\windows\System32\LogiDPPApp.exe 2011-04-01 05:06:56 331608 ----a-w- C:\windows\SysWow64\DevManagerCore.dll 2011-04-01 05:06:56 331608 ----a-w- C:\windows\System32\DevManagerCore.dll 2011-04-01 05:06:22 341856 ----a-w- C:\windows\System32\drivers\lvrs64.sys 2011-04-01 05:05:38 261728 ----a-w- C:\windows\System32\lvco13251014.dll 2011-04-01 05:05:16 172128 ----a-w- C:\windows\System32\lvcod64.dll 2011-04-01 04:56:20 39318 ----a-w- C:\windows\System32\Repository.reg 2011-03-23 04:02:22 15192 ----a-w- C:\windows\System32\drivers\iKeyLFT264.dll 2011-03-12 12:03:46 662528 ----a-w- C:\windows\System32\XpsPrint.dll 2011-03-12 11:31:58 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2011-03-11 06:23:13 187264 ----a-w- C:\windows\System32\drivers\storport.sys 2011-03-11 06:23:06 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys 2011-03-11 06:23:06 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys 2011-03-11 06:23:06 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys 2011-03-11 06:23:00 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys 2011-03-11 06:22:41 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys 2011-03-11 06:22:40 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys 2011-03-11 06:19:26 1395712 ----a-w- C:\windows\System32\mfc42.dll 2011-03-11 06:19:26 1359872 ----a-w- C:\windows\System32\mfc42u.dll 2011-03-11 06:18:20 2566144 ----a-w- C:\windows\System32\esent.dll 2011-03-11 06:15:54 96768 ----a-w- C:\windows\System32\fsutil.exe 2011-03-11 05:40:24 1164288 ----a-w- C:\windows\SysWow64\mfc42u.dll 2011-03-11 05:40:24 1137664 ----a-w- C:\windows\SysWow64\mfc42.dll 2011-03-11 05:39:35 1686016 ----a-w- C:\windows\SysWow64\esent.dll 2011-03-11 05:37:34 74240 ----a-w- C:\windows\SysWow64\fsutil.exe . ============= FINISH: 17:42:41.48 =============== "Attach" . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/30/2010 6:08:09 PM System Uptime: 6/7/2011 4:44:54 AM (37 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD V120 Processor | Socket S1G4 | 792/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 185.121 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP126: 6/7/2011 5:46:09 AM - Removed Skype Toolbars RP127: 6/7/2011 9:51:09 PM - Installed Java™ 6 Update 26 (64-bit) . ==== Installed Programs ====================== . . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Driver Installation Program Bejeweled 2 Deluxe CA Backup and Migration CA Parental Controls CameraHelperMsi Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe D3DX10 DNAMigrator erLT Escape Rosecliff Island FATE - The Traitor Soul GIMP 2.6.11 Google Chrome Google Earth Google Update Helper Java™ 6 Update 17 Jewel Quest 3 Junk Mail filter update Label@Once 1.0 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes' Anti-Malware version 1.51.0.1200 Mesh Runtime Messenger Companion Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Mozilla Firefox (3.6.17) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Penguins! PlayBryte Polar Bowler Quickbooks Financial Center Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Skype Launcher Skype™ 5.1 Times Reader TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in Toshiba Online Backup TOSHIBA Quality Application TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package ToshibaRegistration Virtual Families Virtual Villagers - The Secret City WildTangent Games WildTangent ORB Game Console Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 6/8/2011 5:38:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/7/2011 9:12:30 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {5F36DC27-B076-4D0C-BD8C-7AEE14022193} and APPID {D3D96827-F7A7-4C54-A65F-EDC42D9EBB5E} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/7/2011 9:09:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service. 6/7/2011 7:11:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service. 6/7/2011 4:51:21 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {5F36DC27-B076-4D0C-BD8C-7AEE14022193} and APPID {D3D96827-F7A7-4C54-A65F-EDC42D9EBB5E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/7/2011 4:47:51 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting. 6/7/2011 10:22:26 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/6/2011 10:09:15 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/3/2011 9:29:35 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 6/3/2011 9:29:31 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 6/3/2011 9:29:31 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 6/3/2011 9:29:31 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 6/3/2011 9:29:31 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 6/3/2011 10:14:03 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. . ==== End Of File ===========================

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 June 2011 - 06:38 PM

I'm not seeing the Alot toolbar in your logs.. but there is some remnants of Yontoo. Before we take care of them... there appears to be a tool bar called PlayBryte. Is it something you want to keep?

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 6 update 26

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 08 June 2011 - 08:17 PM

Okay. I've updated Java again, following your instructions for JavaRa. Yes, I think it's best to get rid of the PlayBryte toolbar, as well as any residual Yontoo.

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 June 2011 - 08:33 PM

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    DDS::
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
TB: PlayBryte Toolbar: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - mscoree.dll
mRun: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
C:\Program Files (x86)\iBryte\playbryte\iBryteDesktop.exe
2011-05-14 15:08:19 -------- d-----w- C:\Program Files (x86)\Yontoo Layers
2011-05-14 15:08:57 -------- d-----w- C:\Program Files (x86)\iBryte

Folder::
C:\Program Files (x86)\iBryte
C:\Program Files (x86)\Yontoo Layers

Firefox::
FF - ProfilePath - c:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\
FF - Ext: PlayBryte: playbryte@playbryte.com - profile%\extensions\playbryte@playbryte.com
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms}
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#15 coffeemetalcode

coffeemetalcode

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts
  • Interests:Music, Metal, Web Development, Baseball, Linux

Posted 09 June 2011 - 06:55 AM

Hi Tomk, Even though CA's "real-time scanning" is disabled, and the firewall is temporarily turned off, ComboFix complains that it is still running. I've been through all of CA's panel options and there seem to be no other things to turn off. At any rate, ComboFix completed the scan and produced a log. Here is the latest ComboFix log: ComboFix 11-06-06.02 - Laura 06/09/2011 8:24.3.1 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.793 [GMT -4:00] Running from: c:\users\Laura\Desktop\ComboFix.exe Command switches used :: c:\users\Laura\Desktop\CFScript.txt AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F} FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591} SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\iBryte c:\program files (x86)\iBryte\playbryte\AsyncClient11.dll c:\program files (x86)\iBryte\playbryte\AxShockwaveFlashObjects.dll c:\program files (x86)\iBryte\playbryte\config.cfg c:\program files (x86)\iBryte\playbryte\iBryteDesktop.exe c:\program files (x86)\iBryte\playbryte\iBryteDesktop.exe.config c:\program files (x86)\iBryte\playbryte\ICSharpCode.SharpZipLib.dll c:\program files (x86)\iBryte\playbryte\Manifest.xml c:\program files (x86)\iBryte\playbryte\Proto11.dll c:\program files (x86)\iBryte\playbryte\SHDocVw.dll c:\program files (x86)\iBryte\playbryte\ShockwaveFlashObjects.dll c:\program files (x86)\iBryte\playbryte\uninstall.exe c:\program files (x86)\Yontoo Layers c:\program files (x86)\Yontoo Layers\YontooIEClient.dll . . ((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 ))))))))))))))))))))))))))))))) . . 2011-06-09 12:37 . 2011-06-09 12:37 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-06-09 12:37 . 2011-06-09 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-09 12:37 . 2011-06-09 12:37 -------- d-----w- c:\users\Bruce\AppData\Local\temp 2011-06-09 02:04 . 2011-06-09 02:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-09 01:49 . 2011-06-09 01:49 -------- d-----w- c:\program files\Java 2011-06-08 01:52 . 2011-06-09 01:49 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-08 01:40 . 2011-06-08 01:40 -------- d-----w- c:\users\Laura\AppData\Roaming\gtk-2.0 2011-06-08 01:30 . 2011-06-08 01:40 -------- d-----w- c:\users\Laura\.gimp-2.6 2011-06-08 01:29 . 2011-06-08 01:29 -------- d-----w- c:\program files (x86)\GIMP-2.0 2011-06-07 10:09 . 2011-06-07 10:09 -------- d-----w- c:\program files (x86)\ESET 2011-06-07 09:14 . 2011-06-07 09:14 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes 2011-06-07 09:14 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-07 09:14 . 2011-06-07 09:14 -------- d-----w- c:\programdata\Malwarebytes 2011-06-07 09:14 . 2011-06-07 09:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-06-07 09:14 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-30 23:03 . 2011-05-30 23:03 -------- d-----w- c:\windows\en 2011-05-30 23:00 . 2011-05-30 23:00 -------- dc----w- c:\windows\system32\DRVSTORE 2011-05-30 23:00 . 2010-09-23 04:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-05-30 22:59 . 2011-05-30 23:00 -------- d-----w- c:\program files\Windows Live 2011-05-30 22:57 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-05-30 22:57 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-05-30 22:57 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-05-30 22:57 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-05-30 22:48 . 2011-05-30 22:48 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b50929b11cc1f1b23\InstallManager_WLE_WLE.exe 2011-05-30 22:48 . 2011-05-30 22:48 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a0a9c2bd1cc1f1b1a\MeshBetaRemover.exe 2011-05-30 22:47 . 2011-05-30 22:47 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DSETUP.dll 2011-05-30 22:47 . 2011-05-30 22:47 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\DXSETUP.exe 2011-05-30 22:47 . 2011-05-30 22:47 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cf0fc1c1cc1f1b12\dsetup32.dll 2011-05-30 22:47 . 2011-05-30 22:47 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DSETUP.dll 2011-05-30 22:47 . 2011-05-30 22:47 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\DXSETUP.exe 2011-05-30 22:47 . 2011-05-30 22:47 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\84aa736a1cc1f1b10\dsetup32.dll 2011-05-28 11:11 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9CD098F-04DF-4C55-909B-A10536BE4991}\mpengine.dll 2011-05-25 01:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-19 11:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-19 11:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-05-14 13:48 . 2011-05-14 13:50 -------- d-----w- c:\users\Bruce\AppData\Local\Adobe 2011-05-11 17:26 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-11 17:26 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-05-11 17:26 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-30 23:00 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-06 23:03 . 2011-05-06 23:03 53248 ----a-r- c:\users\Laura\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-04-01 05:10 . 2011-04-01 05:10 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll 2011-04-01 05:10 . 2011-04-01 05:10 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll 2011-04-01 05:08 . 2011-04-01 05:08 301664 ----a-w- c:\windows\SysWow64\lvcodec2.dll 2011-04-01 05:07 . 2011-04-01 05:07 4184672 ----a-w- c:\windows\system32\drivers\lvuvc64.sys 2011-04-01 05:07 . 2011-04-01 05:07 559712 ----a-w- c:\windows\system32\LVUIRC64.dll 2011-04-01 05:07 . 2011-04-01 05:07 767584 ----a-w- c:\windows\system32\LVUI64.dll 2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\SysWow64\LogiDPP.dll 2011-04-01 05:07 . 2011-04-01 05:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll 2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe 2011-04-01 05:07 . 2011-04-01 05:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe 2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\SysWow64\DevManagerCore.dll 2011-04-01 05:06 . 2011-04-01 05:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll 2011-04-01 05:06 . 2011-04-01 05:06 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys 2011-04-01 05:05 . 2011-04-01 05:05 261728 ----a-w- c:\windows\system32\lvco13251014.dll 2011-04-01 05:05 . 2011-04-01 05:05 172128 ----a-w- c:\windows\system32\lvcod64.dll 2011-04-01 04:56 . 2011-04-01 04:56 39318 ----a-w- c:\windows\system32\Repository.reg 2011-03-23 04:02 . 2011-03-23 04:02 15192 ----a-w- c:\windows\system32\drivers\iKeyLFT264.dll 2011-03-12 12:03 . 2011-04-27 00:10 662528 ----a-w- c:\windows\system32\XpsPrint.dll 2011-03-12 11:31 . 2011-04-27 00:10 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-07_02.12.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2011-06-07 08:50 50294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-08-30 22:10 . 2011-06-07 08:50 16838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1990302578-417509972-701531922-1000_UserData.bin - 2010-08-30 21:02 . 2011-05-30 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-30 21:02 . 2011-06-07 02:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-30 21:02 . 2011-05-30 22:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-30 21:02 . 2011-06-07 02:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-06-07 02:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-05-30 22:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-06-07 13:12 83688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-08-30 22:09 . 2011-06-07 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-30 22:09 . 2011-06-09 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-30 22:09 . 2011-06-09 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-08-30 22:09 . 2011-06-07 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-07 01:25 . 2011-06-07 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-07 01:25 . 2011-06-07 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-07 01:25 . 2011-06-07 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-06-07 01:25 . 2011-06-07 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-06-09 02:04 . 2011-06-09 02:04 238040 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_Plugin.exe + 2010-09-01 13:35 . 2011-06-07 23:11 571892 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2011-06-09 11:02 624178 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-06-07 01:33 624178 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-06-07 01:33 106522 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-06-09 11:02 106522 c:\windows\system32\perfc009.dat + 2011-06-09 01:49 . 2011-06-09 01:49 190752 c:\windows\system32\javaws.exe + 2011-06-09 01:49 . 2011-06-09 01:49 171808 c:\windows\system32\javaw.exe + 2011-06-09 01:49 . 2011-06-09 01:49 171808 c:\windows\system32\java.exe + 2009-07-14 05:12 . 2011-06-07 02:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2010-08-30 22:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-06-09 01:46 . 2011-06-09 01:46 683520 c:\windows\Installer\8cdef22.msi + 2010-09-23 01:05 . 2011-06-09 02:04 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll - 2009-07-14 02:34 . 2011-06-07 01:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-06-09 01:44 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2009-03-27 19:27 79368 ----a-w- c:\windows\System32\UmxWNP.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x] S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x] S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x] S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x] S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x] S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-02-02 292168] S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-05-17 285520] S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x] S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-11-01 115056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 1479160] S2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2010-08-24 740160] S2 UmxPol;HIPS Policy Manager;c:\program files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe [2010-09-17 301648] S2 WinExtManager;WinSock Extention Manager;c:\windows\SysWOW64\mdmcls32.exe [2010-02-28 2347760] S2 WinSvchostManager;WinSock Svchost Manager;c:\windows\SysWOW64\svcprs32.exe [2010-02-28 1377008] S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2010-10-20 259408] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . Contents of the 'Scheduled Tasks' folder . 2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 21:08] . 2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 21:08] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU] "cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-05-17 2952016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm LSP: winsflt.dll LSP: c:\windows\system32\VetRedir.dll TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\371oi05n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-iBryte_playbryte - c:\program files (x86)\iBryte\playbryte\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1990302578-417509972-701531922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1990302578-417509972-701531922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-06-09 08:42:51 ComboFix-quarantined-files.txt 2011-06-09 12:42 ComboFix2.txt 2011-06-08 02:28 ComboFix3.txt 2011-06-07 02:18 . Pre-Run: 198,139,363,328 bytes free Post-Run: 198,077,874,176 bytes free . - - End Of File - - A679C924D34A18FBE1565B15A0FE01FD

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·