My Desktop computer was infected by malware now my laptop is also infected

[Maurice Naggar]

The ESET online scan is excellent.

This next procedure is to clean out temporary file areas. Close any programs you have started.

This will involve a reboot/restart of the system.

• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the Code-box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :processes
  killallprocesses
  
  :files
  recycler /alldrives
  
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  
  

  
  

• Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Java runtime

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of >> Windows Offline << from here and save it to your desktop.
  
• Get the Offline version for the 32-bit and 64-bit as well.
  
• Close any programs you may have running - especially your web browser(s).
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
  ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Feedback

Let me know how you do with Internet Explorer over the next day or two.

If there's a "unexpected close" of IE, I expect it would be due to possibly a toolbar or some recent "add-on" in IE.

I do not expect it would be "malware".

[JJMAC]

Maurice

I am surprised that the RUN FIX log appended below shows less detail than I expected. I think that I followed the instructions accurately with one exception. Internet Explorer is the only open browser on this computer and the only browser window open was that of OTL.exe which I assumed could not be closed without also closing OTL.exe which had not completed at that stage. After clicking on Run Fix I was not presented with a fix complete message or an OK button. The next thing I saw was the Notebook log. I think now that leaving IE open was a mistake. I will have another go at that tomorrow and let you know if I get a different result.

I have reinstalled Java and changed the settings as instructed.

OTL log

All processes killed

Error: Unable to interpret <:processeskillallprocesses:filesrecycler /alldrives:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 07202012_181652

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Thanks for your help

JJ Mac

[JJMAC]

Maurice

Further to my last post (yesterday evening) I have now rerun the FixLog program having closed all browser windows before clicking the fix log button & it has come up with the same result.

FIX LOG

All processes killed

Error: Unable to interpret <:processeskillallprocesses:filesrecycler /alldrives:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!.

OTL by OldTimer - Version 3.2.53.0 log created on 07202012_181652

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Is there still something wrong? I has expected to see a list of the processes killed, a list of files moved on reboot and their new location, & a list of the registry entries deleted.

I’m afraid I am still getting the error message, Internet Explorer has stopped working, every time I try to close it. It seldom stops working during as browsing session so it is not too much of a problem.

Regards

JJMAC

[Maurice Naggar]

Hello JJMAC,

I am modifying the procedure just a little to shorten it. The important part is that you follow all of the points and that you close your IE browser just before you press the Run Fix.

This will involve a reboot/restart of the system.

• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the Code-box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  
  

  
  

• Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Now, Close any browser(s) windows that may be open. Close Internet Explorer
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[Maurice Naggar]

Hello JJMAC,

Kindly let me know how you're doing.

[JJMAC]

Maurice

I have gone through this process three times and still come up with the same answer.

Here are the steps taken

1 Right click on OTL (3).exe, (the item with the yellow and black motif) and select run as administrator. Click yes to allow OTL(3).exe to make changes to my computer. OTL version 3.2.53.0 opens,

2 go to instructions and high light & copy to clipboard the 6 items grouped vertically within the code box.

3 Return to OTL and paste these 6 items into the Custom Scan Fixes box. They appear as a single line along the top of the box.

4 Right click on internet explorer icon on the task bar and select Close all windows. I get the familiar error message : internet explorer has stopped working. Windows will close the program and notify you if a solution is available. I click on close program.

5 Click on Run Fix. Click OK to reboot. Got a security message asking if I was sure I wanted to run OTL(3).exe. Click on run and almost immediately I got the following:

All processes killed

Error: Unable to interpret <:Commands[purity][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 07232012_163512

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Maurice I have been trying to figure out for myself what has gone wrong. When I clicked on runfix it obviously did not run, instead the computer rebooted and I was asked for permission to run OTL(3).exe which I could have withheld but that would not have got me anywhere.

When at the start of the process I was asked to right click OTL.exe and select run as administrator I first clicked on start and searched the computer for OTL.EXE. A number of OTLs were listed including OTL(1)(2)(3) & (4). I selected OTL(3) as it was the only one with the black and yellow motif. which I presume was the correct one.

I interpreted Copy all the lines in between the code box below to the clipboard to mean highlight the items within the code box and copy them as a group to the clipboard. When pasted into the OTL Custom Scans/Fixes window they appear as a single horizontal line along the top of the Custom Scans/Fixes window.

Please let me know what has gone wrong.

Thank you

JJMAC

[Maurice Naggar]

Hello JJMAC,

It appears, there's something not right when you do the procedure for Copy and paste into the OTL box. Let's forget this OTL procedure.

Instead, please do the following.

Logoff and restart the system.

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

After the system restarts, you have the DDS utility already.

Double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

• When done, DDS will open two (2) logs:
  
• DDS.txt
  
• Attach.txt
  
• Save both reports to your desktop.
  

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

[JJMAC]

Maurice I can’t explain it but I seem to be going from bad to worse. I ran TFC.exe as administrator. Temp file cleaner by old timer v3.1.9.0 opens Click start. Program runs. System requires a reboot to finish removing files. I click on ok to reboot now. After the system restarts I can’t find the DDS utility. When you say that after the system restarts I have the DDS utility already do you mean that I didn’t have the utility until the system restarts or that the DDS utility was already installed on my computer during some earlier tests.

Either way I can’t find DDS or DDS.scr anywhere on my computer. I suspect that the internet explorer malfunction which causes the program to stop working correctly may have something toi do with this issue.

JJMAC

[Maurice Naggar]

I meant that you had DDS from early on, if I remember correctly. In any event, you can get a new copy of DDS . Not a major issue.

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Don't allow this to give you a concern. But do tell me, generally, How is the pc overall?

I believe we are nearing closure.

[JJMAC]

Maurice

After running DDS I get a message that DDS had created 2 log file

1 dds.txt

2 Attach.txt

The logs will appear after you have closed this (TFC) window.

However. only the dds.txt log appeared. The Attach.txt log did not appear. The same thing happened when I previously ran DDS (on 19 June.)

You asked me to let you know generally how the PC is overall. Generally very good. It boots up in half the time taken by my Dell computer running on Windows Vista home premium (the infected

Computer) or in a quarter of the time required by my Gateway computer running on Xppro. Currently the only issue with this computer is its failure to shut down IE 9 properly at the end of a browsing session, error message: A problem has caused Internet Explorer to stop working correctly. Windows will close the program –……….. Not too much of a problem as it normally only occurs when I try to close a web site.

DDS LOG

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by John at 13:01:14 on 2012-07-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1916.1217 [GMT 1:00]

.

AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DhcpNameServer = 10.239.24.5

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

BHO-X64: WiseConvert - No File

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWise.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-10 275912]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 250056]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-9 30192]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512]

S3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]

S3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-20 17:16:52 -------- d-----w- C:\_OTL

2012-07-17 19:42:09 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-11 23:16:05 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 14:07:07 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 14:06:56 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 14:06:56 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 14:06:56 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 14:06:56 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 14:06:56 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 14:06:56 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 14:06:56 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 14:06:56 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 14:06:55 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 14:06:55 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 14:06:55 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 14:06:55 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 14:06:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-10 14:45:50 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-10 13:48:26 98816 ----a-w- C:\Windows\sed.exe

2012-07-10 13:48:26 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-10 13:48:26 256000 ----a-w- C:\Windows\PEV.exe

2012-07-10 13:48:26 208896 ----a-w- C:\Windows\MBR.exe

2012-07-10 12:36:44 -------- d-----w- C:\Windows\pss

2012-07-06 16:27:57 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-29 13:28:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-29 13:28:59 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-29 13:28:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-29 13:28:27 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-29 13:28:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-29 13:28:10 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-29 13:28:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-29 13:27:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-29 13:24:28 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-29 13:24:27 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-29 13:24:09 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-29 13:24:09 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-29 13:24:09 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-29 13:24:09 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-29 13:24:09 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-29 13:24:09 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-29 11:04:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-29 11:03:55 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-29 11:03:33 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-29 11:03:33 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-26 21:06:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-26 21:06:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-24 10:18:09 4101392 ----a-w- C:\Windows\uninst.exe

2012-05-10 11:25:46 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat

2012-05-04 18:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-04 18:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 13:03:30.79 ===============

Many thanks for your valued assistance.

JJMAC

[Maurice Naggar]

We Need to Run a Batch Script

1. Press the Windows-key on keyboard.
   
2. In the box, type notepad and press Enter.
   
3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
   

   @echo off
   del /f /q C:\Windows\System32\SupportTool.exe.bat
   del /f /q "%~f0"

   
   

4. Select File -> Save AS.
   
5. Press the Desktop button on the left side of the save dialog.
   
6. In the box, type in Fix.bat.
   
7. Press .
   
8. Close Notepad.
   
9. Right click on your desktop, and choose .
   
10. Press Yes if prompted by User Account Control.
    

You may want to print out this section.

The system has Inbox toolbar which appears to be foistware. This may also be the issue with your browser close issue.

Close your Internet Explorer browser as well as ny other browser.

Go to Control Panel >>Programs and Features

Look for Inbox Toolbar

IF found, select it, and do a right-click and choose Uninstall.

When done, close Control Panel and restart the system fresh.

Advise me whether or not if you removed Inbox toolbar.

[JJMAC]

Maurice

I am pleased to inform you that I found inbox toolbar and have succesfully removed it from my computer. I think that you might be right when you suggested that this may also be causing the browser fault. I have closed it down twice, after removing the inbox toolbar,and no error message was received. I will be delighted if that issue has been resolved.

Do you want me to run the DDS program again?.

Kind Regards

JJMAC

[Maurice Naggar]

Bravo. I believe that should take care of IE issue.

Do not need another DDS.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  ComboFix /uninstall

  
  

• Press Windows-logo-key on keyboard
  In the box, do a Paste (CTRL+V keys) to paste in from the Clipboard
  Then tap Enter-key. This will remove Combofix and its folders.
  

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

GMER.exe

SecurityCheck.exe

TDSSKILLER.exe

Then, go to Control Panel >> Programs and Features.

Locate and select ESET Online Scanner

then do a Right click on it and select (click)Uninstall

When done, exit Control Panel

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-s...e/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

Let me know when you have completed the cleanups so I can close this topic.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!