Infected PC - (probable) ZeroAccess|Root.MBR

[jgrotter]

Hello,

I'm working on a friend's PC, which was having problems with IE9 links redirecting to shopping/ad sites, ads playing on the speakers (only) without open windows, and with Avira warning messages of various viruses popping (like HTML/IFrame.aeu, TR/ATRAPS.Gen2, W32/Patched.UB, and more). I performed System Restore on it, then ran a full scan with Avira, MWB, and ESET online scanner - which came up as clean, but seem to have only taken care of secondary/tertiary infections (?), some odd problems remained and the old ones popped back up after a few hours of testing.

In working on it and investigating, I was led to this topic and (appropriately) directed to start a new thread. I copied a HJT log and (after reading the previous topic) a RogueKiller log onto USB and have them here for review. I'm fairly confident based on the previous topic and multiple others recently that the PC in question as the zeroAccess RK, but I'm not sure what else.

Further, I tried to go a step further and download Farbar Recovery Scan Tool and use it, however, I don't have access to that PC's Win7 disk, and can not enter System Recovery Options from the Advanced Boot Options: I'm getting an "ERROR : F3-F100-0004" when I try that.

So, if it is a rootkit, is there another option (I have a USB boot drive with some Unix flavor floating around somewhere)?

Thank you for your time.

Log attached

RKreport1.txt

hijackthis_2012-07-19-0628.txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

[jgrotter]

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Will do. I'm scanning it with MBAM now, and will paste it as soon as I can copy it to USB and bring it to this computer (a few minutes).

Next, run DDS again and post DDS.txt directly in your reply.

What's DDS, please?

Thank you.

[jgrotter]

Got DDS - sorry so slow. I'm copying it to the infected computer now. I'll be back shortly with logs.

Thank you.

[screen317]

Thanks for the update. I should've been more clear, sorry.

[jgrotter]

I can't update MBAM, it errors with, "PROGRAM_ERROR_UPDATING (0,0, No address found)." Currently, it's showing the database information is "Date: 7/18/2012 2:50:20 PM," "Database Version v2012.07.18.12."

Okay, I ran MBAM quick scan on the infected computer - no hits found, log below. I then turned off Avira "realtime protection" and ran DDS as Administrator, DDS.txt below.

MBAM:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.18.12

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

OWNER :: OWNER-PC [administrator]

7/19/2012 2:19:06 PM

mbam-log-2012-07-19 (14-19-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194499

Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by OWNER at 14:27:42 on 2012-07-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1968 [GMT -7:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\taskhost.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\Common Files\AOL\1293544326\ee\aolsoftware.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\lxctcoms.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\windows\system32\lxdxcoms.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\program files\avira\antivir desktop\avcenter.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TosSENotify] "c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe"

mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"

mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s

mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"

mRun: [HostManager] "c:\program files\common files\aol\1293544326\ee\AOLSoftware.exe"

mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2456C6B696E6F5E4B2F5241324838343F507771647 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2656C6B696E6E233238326 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\86F677162746 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6F513 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C16B5307-8D67-43AE-8FB8-ECABFE356F19} : DhcpNameServer = 97.64.183.164 97.64.209.37

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-1 36000]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-16 176128]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-1 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-1 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-1 83392]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-16 7680]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-16 187392]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-16 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-27 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-16 171520]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

.

=============== Created Last 30 ================

.

2012-07-19 21:26:57 -------- d--h--w- c:\windows\PIF

2012-07-18 23:47:23 -------- d-----w- c:\program files\ESET

2012-07-18 23:13:08 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 23:13:08 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 23:13:08 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 23:13:08 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 23:13:07 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 23:10:02 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:40:41 4024320 ----a-w- c:\program files\GUT1F91.tmp

2012-07-18 21:40:41 -------- d-----w- c:\program files\GUM1F71.tmp

2012-07-18 20:35:20 -------- d-----w- C:\temp

2012-07-18 20:35:11 -------- d-----w- c:\program files\RealVNC

2012-07-13 20:41:02 -------- d-----w- c:\programdata\AVG2012

2012-07-13 20:40:20 -------- d-----w- c:\program files\AVG

2012-07-13 20:36:53 -------- d--h--w- c:\programdata\Common Files

2012-07-13 20:36:53 -------- d-----w- c:\programdata\MFAData

2012-07-05 07:24:10 -------- d-----w- c:\programdata\gn_Logs

2012-07-05 07:21:53 -------- d-----w- c:\users\owner\appdata\local\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\programdata\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\common files\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-07-05 07:20:13 -------- d-----w- c:\program files\Lexmark

2012-07-05 07:19:44 -------- d-----w- c:\program files\Lexmark S310 Series

2012-06-29 12:03:30 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-22 03:54:18 -------- d-----w- c:\programdata\Brother

2012-06-21 19:58:27 -------- d-----w- c:\users\owner\appdata\roaming\SecretIslandEng

2012-06-21 13:23:52 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 13:23:27 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 13:23:00 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 13:23:00 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-18 22:49:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 22:49:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-08 21:26:38 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

.

============= FINISH: 14:29:01.08 ===============

[jgrotter]

Not sure if the quotes mess you up, here are the logs again:

========================

MBAM:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.18.12

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

OWNER :: OWNER-PC [administrator]

7/19/2012 2:19:06 PM

mbam-log-2012-07-19 (14-19-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194499

Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

===========================================

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by OWNER at 14:27:42 on 2012-07-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1968 [GMT -7:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\taskhost.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\Common Files\AOL\1293544326\ee\aolsoftware.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\lxctcoms.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\windows\system32\lxdxcoms.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\program files\avira\antivir desktop\avcenter.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No File

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TosSENotify] "c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe"

mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"

mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s

mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"

mRun: [HostManager] "c:\program files\common files\aol\1293544326\ee\AOLSoftware.exe"

mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2456C6B696E6F5E4B2F5241324838343F507771647 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2656C6B696E6E233238326 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\86F677162746 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6F513 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C16B5307-8D67-43AE-8FB8-ECABFE356F19} : DhcpNameServer = 97.64.183.164 97.64.209.37

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-1 36000]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-16 176128]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-1 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-1 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-1 83392]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-16 7680]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-16 187392]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-16 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-27 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-16 171520]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

.

=============== Created Last 30 ================

.

2012-07-19 21:26:57 -------- d--h--w- c:\windows\PIF

2012-07-18 23:47:23 -------- d-----w- c:\program files\ESET

2012-07-18 23:13:08 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 23:13:08 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 23:13:08 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 23:13:08 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 23:13:07 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 23:10:02 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:40:41 4024320 ----a-w- c:\program files\GUT1F91.tmp

2012-07-18 21:40:41 -------- d-----w- c:\program files\GUM1F71.tmp

2012-07-18 20:35:20 -------- d-----w- C:\temp

2012-07-18 20:35:11 -------- d-----w- c:\program files\RealVNC

2012-07-13 20:41:02 -------- d-----w- c:\programdata\AVG2012

2012-07-13 20:40:20 -------- d-----w- c:\program files\AVG

2012-07-13 20:36:53 -------- d--h--w- c:\programdata\Common Files

2012-07-13 20:36:53 -------- d-----w- c:\programdata\MFAData

2012-07-05 07:24:10 -------- d-----w- c:\programdata\gn_Logs

2012-07-05 07:21:53 -------- d-----w- c:\users\owner\appdata\local\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\programdata\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\common files\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-07-05 07:20:13 -------- d-----w- c:\program files\Lexmark

2012-07-05 07:19:44 -------- d-----w- c:\program files\Lexmark S310 Series

2012-06-29 12:03:30 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-22 03:54:18 -------- d-----w- c:\programdata\Brother

2012-06-21 19:58:27 -------- d-----w- c:\users\owner\appdata\roaming\SecretIslandEng

2012-06-21 13:23:52 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 13:23:27 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 13:23:00 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 13:23:00 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-18 22:49:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 22:49:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-08 21:26:38 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

.

============= FINISH: 14:29:01.08 ===============

[screen317]

Hi,

Hello and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[jgrotter]

Hi there, screen317.

Thank you for the response. I'm sorry that I'm so slow in getting back to you - I have the worst Flu: been on my a$$ all day.

I'll run Combofix and another DDS, asap. I'll post the results here.

Thank you.

[jgrotter]

Combofix says Webroot Spysweeper AV is installed and active, and says continuing is at my own risk - but Webroot isn't installed on that computer, and I can't find any running processes pointing to it (so couldn't disable it). It's scanning now.

[jgrotter]

Scans finished, here are the reports.

ComboFix 12-07-20.02 - OWNER 07/20/2012 18:19:52.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1998 [GMT -7:00]

Running from: c:\users\OWNER\Desktop\ComboFix.exe

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\$NtUninstallKB5332$

c:\windows\$NtUninstallKB5332$\2352777729

c:\windows\$NtUninstallKB5332$\2760683608\@

c:\windows\$NtUninstallKB5332$\2760683608\bckfg.tmp

c:\windows\$NtUninstallKB5332$\2760683608\cfg.ini

c:\windows\$NtUninstallKB5332$\2760683608\Desktop.ini

c:\windows\$NtUninstallKB5332$\2760683608\keywords

c:\windows\$NtUninstallKB5332$\2760683608\kwrd.dll

c:\windows\$NtUninstallKB5332$\2760683608\L\xadqgnnk

c:\windows\$NtUninstallKB5332$\2760683608\lsflt7.ver

c:\windows\$NtUninstallKB5332$\2760683608\U\00000001.@

c:\windows\$NtUninstallKB5332$\2760683608\U\00000002.@

c:\windows\$NtUninstallKB5332$\2760683608\U\00000004.@

c:\windows\$NtUninstallKB5332$\2760683608\U\80000000.@

c:\windows\$NtUninstallKB5332$\2760683608\U\80000004.@

c:\windows\$NtUninstallKB5332$\2760683608\U\80000032.@

c:\windows\system32\SET1DED.tmp

c:\windows\system32\SET820.tmp

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))

.

.

2012-07-21 01:32 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72AD9C12-F07F-4CA4-B2AD-89BB720AF57A}\mpengine.dll

2012-07-21 01:30 . 2012-07-21 01:33 -------- d-----w- c:\users\OWNER\AppData\Local\temp

2012-07-21 01:30 . 2012-07-21 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-21 01:24 . 2012-07-21 01:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E044F537-35F9-4B21-8014-2E80118BFFB0}\offreg.dll

2012-07-21 01:22 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E044F537-35F9-4B21-8014-2E80118BFFB0}\mpengine.dll

2012-07-20 05:45 . 2012-07-20 05:45 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-20 05:08 . 2012-07-20 05:08 -------- d-----w- c:\users\OWNER\AppData\Roaming\Malwarebytes

2012-07-20 05:08 . 2012-07-20 05:08 -------- d-----w- c:\programdata\Malwarebytes

2012-07-20 05:08 . 2012-07-20 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-20 05:08 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-20 05:07 . 2012-07-20 05:07 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-19 21:26 . 2012-07-19 21:26 -------- d--h--w- c:\windows\PIF

2012-07-18 23:47 . 2012-07-18 23:47 -------- d-----w- c:\program files\ESET

2012-07-18 23:13 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 23:13 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 23:13 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 23:13 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 23:13 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 23:10 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:40 . 2012-07-18 21:40 -------- d-----w- c:\program files\GUM1F71.tmp

2012-07-18 21:40 . 2012-07-18 21:40 4024320 ----a-w- c:\program files\GUT1F91.tmp

2012-07-18 20:35 . 2012-07-18 20:44 -------- d-----w- C:\temp

2012-07-18 20:35 . 2012-07-18 20:35 -------- d-----w- c:\program files\RealVNC

2012-07-13 20:41 . 2012-07-18 20:56 -------- d-----w- c:\programdata\AVG2012

2012-07-13 20:40 . 2012-07-13 20:40 -------- d-----w- c:\program files\AVG

2012-07-13 20:36 . 2012-07-13 22:59 -------- d-----w- c:\programdata\MFAData

2012-07-13 20:36 . 2012-07-13 20:36 -------- d--h--w- c:\programdata\Common Files

2012-07-05 07:24 . 2012-07-05 07:24 -------- d-----w- c:\programdata\gn_Logs

2012-07-05 07:21 . 2012-07-05 07:21 -------- d-----w- c:\users\OWNER\AppData\Local\ABBYY

2012-07-05 07:21 . 2012-07-18 20:57 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-07-05 07:21 . 2012-07-05 07:21 -------- d-----w- c:\programdata\ABBYY

2012-07-05 07:21 . 2012-07-05 07:21 -------- d-----w- c:\program files\Common Files\ABBYY

2012-07-05 07:20 . 2012-07-18 20:56 -------- d-----w- c:\program files\Lexmark

2012-07-05 07:19 . 2012-07-18 20:56 -------- d-----w- c:\program files\Lexmark S310 Series

2012-06-29 12:03 . 2012-06-29 12:03 -------- d-----w- c:\users\OWNER\AppData\Roaming\SUPERAntiSpyware.com

2012-06-29 12:03 . 2012-07-18 21:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-29 12:03 . 2012-06-29 12:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-22 03:54 . 2012-06-22 03:54 -------- d-----w- c:\programdata\Brother

2012-06-21 19:58 . 2012-06-21 19:59 -------- d-----w- c:\users\OWNER\AppData\Roaming\SecretIslandEng

2012-06-21 13:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 13:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 13:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 13:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 13:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 13:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 13:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 13:23 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 13:23 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 22:49 . 2012-05-27 15:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 22:49 . 2012-05-27 15:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-31 19:25 . 2009-11-18 22:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-08 21:26 . 2012-02-01 19:24 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-08 21:26 . 2012-02-01 19:24 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-05-01 04:44 . 2012-06-13 20:58 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-13 20:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-13 20:58 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 20:58 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 20:58 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36 . 2012-06-13 20:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 20:58 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 20:58 103936 ----a-w- c:\windows\system32\cryptnet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]

"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]

"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]

"HostManager"="c:\program files\Common Files\AOL\1293544326\ee\AOLSoftware.exe" [2010-03-08 41800]

"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

.

c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-07-29 04:12 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-07-30 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2009-08-21 16:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 22:49]

.

2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 19:44]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 19:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)

BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

MSConfigStartUp-SpySweeper - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\lxctcoms.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-07-20 18:42:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-21 01:42

.

Pre-Run: 255,939,514,368 bytes free

Post-Run: 265,160,331,264 bytes free

.

- - End Of File - - AA8D5A5E795F68DA0AA5CA0BB2D5090D

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by OWNER at 18:47:44 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1908 [GMT -7:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\Common Files\AOL\1293544326\ee\aolsoftware.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\lxctcoms.exe

C:\windows\system32\lxdxcoms.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TosSENotify] "c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe"

mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"

mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s

mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"

mRun: [HostManager] "c:\program files\common files\aol\1293544326\ee\AOLSoftware.exe"

mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2456C6B696E6F5E4B2F5241324838343F507771647 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2656C6B696E6E233238326 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\86F677162746 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6F513 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C16B5307-8D67-43AE-8FB8-ECABFE356F19} : DhcpNameServer = 97.64.183.164 97.64.209.37

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-1 36000]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-16 176128]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-1 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-1 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-1 83392]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-16 7680]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-16 187392]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-16 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-27 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-19 28488]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-16 171520]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

.

=============== Created Last 30 ================

.

2012-07-21 01:46:44 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e044f537-35f9-4b21-8014-2e80118bffb0}\offreg.dll

2012-07-21 01:32:39 -------- d-----w- C:\$RECYCLE.BIN

2012-07-21 01:30:34 -------- d-----w- c:\users\owner\appdata\local\temp

2012-07-21 01:22:47 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e044f537-35f9-4b21-8014-2e80118bffb0}\mpengine.dll

2012-07-21 01:09:54 6891424 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll

2012-07-21 01:07:32 98816 ----a-w- c:\windows\sed.exe

2012-07-21 01:07:32 518144 ----a-w- c:\windows\SWREG.exe

2012-07-21 01:07:32 256000 ----a-w- c:\windows\PEV.exe

2012-07-21 01:07:32 208896 ----a-w- c:\windows\MBR.exe

2012-07-20 05:45:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-20 05:08:44 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2012-07-20 05:08:30 -------- d-----w- c:\programdata\Malwarebytes

2012-07-20 05:08:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-20 05:08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-20 05:07:59 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-19 21:26:57 -------- d--h--w- c:\windows\PIF

2012-07-18 23:47:23 -------- d-----w- c:\program files\ESET

2012-07-18 23:13:08 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 23:13:08 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 23:13:08 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 23:13:08 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 23:13:07 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 23:10:02 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:40:41 4024320 ----a-w- c:\program files\GUT1F91.tmp

2012-07-18 21:40:41 -------- d-----w- c:\program files\GUM1F71.tmp

2012-07-18 20:35:20 -------- d-----w- C:\temp

2012-07-18 20:35:11 -------- d-----w- c:\program files\RealVNC

2012-07-13 20:41:02 -------- d-----w- c:\programdata\AVG2012

2012-07-13 20:40:20 -------- d-----w- c:\program files\AVG

2012-07-13 20:36:53 -------- d--h--w- c:\programdata\Common Files

2012-07-13 20:36:53 -------- d-----w- c:\programdata\MFAData

2012-07-05 07:24:10 -------- d-----w- c:\programdata\gn_Logs

2012-07-05 07:21:53 -------- d-----w- c:\users\owner\appdata\local\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\programdata\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\common files\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-07-05 07:20:13 -------- d-----w- c:\program files\Lexmark

2012-07-05 07:19:44 -------- d-----w- c:\program files\Lexmark S310 Series

2012-06-29 12:03:30 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-22 03:54:18 -------- d-----w- c:\programdata\Brother

2012-06-21 19:58:27 -------- d-----w- c:\users\owner\appdata\roaming\SecretIslandEng

2012-06-21 13:23:52 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 13:23:27 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 13:23:00 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 13:23:00 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-18 22:49:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 22:49:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-08 21:26:38 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

.

============= FINISH: 18:48:19.76 ===============

[screen317]

Hi,

Use this to remove all traces of Webroot:

Click here

Reboot, grab a fresh copy of ComboFix, run it, and post its log.

[jgrotter]

Ok, that's done. Also, as soon as Combofix is done running, the "Shutdown" button is replaced by a "Installs updates then shuts down" button. I know no new updates were downloaded (wireless is offline on that PC, no network connection) - is this normal? (The updates showing up are KB2698365 and KB2719985 of 1.1MB and 968KB respectively.)

Here's the reports again.

<<Combofix>>

ComboFix 12-07-25.04 - OWNER 07/24/2012 7:58.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1926 [GMT -7:00]

Running from: c:\users\OWNER\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 15:07 . 2012-07-24 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-24 15:07 . 2012-07-24 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-24 14:55 . 2012-07-24 14:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E044F537-35F9-4B21-8014-2E80118BFFB0}\offreg.dll

2012-07-21 01:30 . 2012-07-24 15:07 -------- d-----w- c:\users\OWNER\AppData\Local\temp

2012-07-21 01:22 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E044F537-35F9-4B21-8014-2E80118BFFB0}\mpengine.dll

2012-07-20 05:45 . 2012-07-20 05:45 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-20 05:08 . 2012-07-20 05:08 -------- d-----w- c:\users\OWNER\AppData\Roaming\Malwarebytes

2012-07-20 05:08 . 2012-07-20 05:08 -------- d-----w- c:\programdata\Malwarebytes

2012-07-20 05:08 . 2012-07-20 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-20 05:08 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-20 05:07 . 2012-07-20 05:07 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-19 21:26 . 2012-07-19 21:26 -------- d--h--w- c:\windows\PIF

2012-07-18 23:47 . 2012-07-18 23:47 -------- d-----w- c:\program files\ESET

2012-07-18 23:13 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 23:13 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 23:13 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 23:13 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 23:13 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 23:10 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:40 . 2012-07-18 21:40 -------- d-----w- c:\program files\GUM1F71.tmp

2012-07-18 21:40 . 2012-07-18 21:40 4024320 ----a-w- c:\program files\GUT1F91.tmp

2012-07-18 20:35 . 2012-07-18 20:44 -------- d-----w- C:\temp

2012-07-18 20:35 . 2012-07-18 20:35 -------- d-----w- c:\program files\RealVNC

2012-07-13 20:41 . 2012-07-18 20:56 -------- d-----w- c:\programdata\AVG2012

2012-07-13 20:40 . 2012-07-13 20:40 -------- d-----w- c:\program files\AVG

2012-07-13 20:36 . 2012-07-13 22:59 -------- d-----w- c:\programdata\MFAData

2012-07-13 20:36 . 2012-07-13 20:36 -------- d--h--w- c:\programdata\Common Files

2012-07-05 07:24 . 2012-07-05 07:24 -------- d-----w- c:\programdata\gn_Logs

2012-07-05 07:21 . 2012-07-05 07:21 -------- d-----w- c:\users\OWNER\AppData\Local\ABBYY

2012-07-05 07:21 . 2012-07-18 20:57 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-07-05 07:21 . 2012-07-05 07:21 -------- d-----w- c:\programdata\ABBYY

2012-07-05 07:21 . 2012-07-05 07:21 -------- d-----w- c:\program files\Common Files\ABBYY

2012-07-05 07:20 . 2012-07-18 20:56 -------- d-----w- c:\program files\Lexmark

2012-07-05 07:19 . 2012-07-18 20:56 -------- d-----w- c:\program files\Lexmark S310 Series

2012-06-29 12:03 . 2012-06-29 12:03 -------- d-----w- c:\users\OWNER\AppData\Roaming\SUPERAntiSpyware.com

2012-06-29 12:03 . 2012-07-18 21:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-29 12:03 . 2012-06-29 12:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 22:49 . 2012-05-27 15:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 22:49 . 2012-05-27 15:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-02 22:19 . 2012-06-21 13:23 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-21 13:23 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 13:23 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 13:23 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 13:23 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 13:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 13:23 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 13:23 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:12 . 2012-06-21 13:23 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-05-31 19:25 . 2009-11-18 22:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-08 21:26 . 2012-02-01 19:24 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-08 21:26 . 2012-02-01 19:24 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-05-01 04:44 . 2012-06-13 20:58 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-13 20:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-13 20:58 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 20:58 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 20:58 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-21_01.32.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-02 05:29 . 2012-07-24 14:55 49292 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2012-07-24 14:55 54760 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-11-19 16:12 . 2012-07-24 14:55 15220 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-133295596-2010338678-1549251133-1001_UserData.bin

- 2012-07-21 01:07 . 2012-06-06 04:25 57344 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7601.22012_none_f76bb918b537d198\msador15.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 57344 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7601.17857_none_f6bc05ed9c35ed03\msador15.dll

- 2012-07-21 01:07 . 2012-06-06 04:42 57344 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..onents-mdac-ado15-r_31bf3856ad364e35_6.1.7600.21227_none_f57f8d98b8150050\msador15.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.22012_none_8afce0390e381ffd\msxml6r.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17857_none_8a4d2d0df5363b68\msxml6r.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.21227_none_8910b4b911154eb5\msxml6r.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.17036_none_887b45d1f800b45e\msxml6r.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.22012_none_8afd24910e37d31a\msxml3r.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.21227_none_8910f911111501d2\msxml3r.dll

+ 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.17036_none_887b8a29f800677b\msxml3r.dll

+ 2010-04-26 17:06 . 2012-07-21 01:44 5208 c:\windows\System32\wdi\ERCQueuedResolutions.dat

- 2012-07-21 01:07 . 2010-06-26 03:24 2048 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.17857_none_8a4d7165f535ee85\msxml3r.dll

+ 2012-07-24 14:53 . 2012-07-24 14:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-21 01:18 . 2012-07-21 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-21 01:18 . 2012-07-21 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-24 14:53 . 2012-07-24 14:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-12-26 04:51 . 2012-07-21 02:39 281406 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:05 . 2012-07-21 01:06 660318 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2012-07-24 14:48 660318 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2012-07-21 01:06 121214 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2012-07-24 14:48 121214 c:\windows\System32\perfc009.dat

- 2012-07-21 01:07 . 2012-06-06 04:25 143360 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..replication-objects_31bf3856ad364e35_6.1.7601.22012_none_82ce1ea11cf3730a\msjro.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 143360 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..replication-objects_31bf3856ad364e35_6.1.7601.17857_none_821e6b7603f18e75\msjro.dll

- 2012-07-21 01:07 . 2012-06-06 04:43 143360 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..replication-objects_31bf3856ad364e35_6.1.7600.21227_none_80e1f3211fd0a1c2\msjro.dll

- 2012-07-21 01:07 . 2012-06-06 04:25 212992 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.22012_none_c6995b2aad348211\msadco.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 212992 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7601.17857_none_c5e9a7ff94329d7c\msadco.dll

- 2012-07-21 01:07 . 2012-06-06 04:42 208896 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_6.1.7600.21227_none_c4ad2faab011b0c9\msadco.dll

- 2012-07-21 01:07 . 2012-06-06 04:25 352256 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..o-multi-dimensional_31bf3856ad364e35_6.1.7601.22012_none_2135ced61d53c849\msadomd.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 352256 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..o-multi-dimensional_31bf3856ad364e35_6.1.7601.17857_none_20861bab0451e3b4\msadomd.dll

- 2012-07-21 01:07 . 2012-06-06 04:42 352256 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..o-multi-dimensional_31bf3856ad364e35_6.1.7600.21227_none_1f49a3562030f701\msadomd.dll

- 2012-07-21 01:07 . 2012-06-06 05:09 987136 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7600.17036_none_0c3e2c15d1d0f615\msado15.dll

- 2012-07-21 01:07 . 2012-06-06 04:25 372736 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.22012_none_b4bd7ad2b7c43519\msadox.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 372736 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17857_none_b40dc7a79ec25084\msadox.dll

- 2012-07-21 01:07 . 2012-06-06 04:42 372736 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7600.21227_none_b2d14f52baa163d1\msadox.dll

- 2012-07-21 01:07 . 2012-06-06 04:23 805376 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-cdosys_31bf3856ad364e35_6.1.7601.22012_none_20d4e4169cc60e3f\cdosys.dll

- 2012-07-21 01:07 . 2012-06-06 05:03 805376 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-cdosys_31bf3856ad364e35_6.1.7601.17857_none_202530eb83c429aa\cdosys.dll

- 2012-07-21 01:07 . 2012-06-06 04:40 805376 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-cdosys_31bf3856ad364e35_6.1.7600.21227_none_1ee8b8969fa33cf7\cdosys.dll

- 2009-07-14 04:47 . 2012-07-21 01:17 308028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2012-07-24 14:52 308028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-07-21 01:07 . 2012-06-06 04:25 1389056 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.22012_none_8afce0390e381ffd\msxml6.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 1390080 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7601.17857_none_8a4d2d0df5363b68\msxml6.dll

- 2012-07-21 01:07 . 2012-06-06 04:43 1390080 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.21227_none_8910b4b911154eb5\msxml6.dll

- 2012-07-21 01:07 . 2012-06-06 05:09 1389568 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.1.7600.17036_none_887b45d1f800b45e\msxml6.dll

- 2012-07-21 01:07 . 2012-06-06 04:25 1236480 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.22012_none_8afd24910e37d31a\msxml3.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 1236992 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.17857_none_8a4d7165f535ee85\msxml3.dll

- 2012-07-21 01:07 . 2012-06-06 04:43 1236992 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.21227_none_8910f911111501d2\msxml3.dll

- 2012-07-21 01:07 . 2012-06-06 05:09 1236992 c:\windows\SoftwareDistribution\Download\94311eafb9e8a5d57b7ffd877baad694\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.17036_none_887b8a29f800677b\msxml3.dll

- 2012-07-21 01:07 . 2012-06-06 04:25 1019904 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.22012_none_0ebfc67ce80861b4\msado15.dll

- 2012-07-21 01:07 . 2012-06-06 05:05 1019904 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7601.17857_none_0e101351cf067d1f\msado15.dll

- 2012-07-21 01:07 . 2012-06-06 04:42 1019904 c:\windows\SoftwareDistribution\Download\4201dca50dbf922cb32da37f918d3957\x86_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_6.1.7600.21227_none_0cd39afceae5906c\msado15.dll

+ 2012-02-02 03:56 . 2012-07-24 14:52 7852840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-133295596-2010338678-1549251133-1001-12288.dat

- 2012-02-02 03:56 . 2012-07-21 01:17 7852840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-133295596-2010338678-1549251133-1001-12288.dat

+ 2011-05-25 15:35 . 2012-07-24 14:52 167116701 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]

"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]

"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]

"HostManager"="c:\program files\Common Files\AOL\1293544326\ee\AOLSoftware.exe" [2010-03-08 41800]

"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

.

c:\users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-07-29 04:12 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-07-30 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2009-08-21 16:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 22:49]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 19:44]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 19:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-24 08:15:53

ComboFix-quarantined-files.txt 2012-07-24 15:15

.

Pre-Run: 265,649,242,112 bytes free

Post-Run: 265,469,317,120 bytes free

.

- - End Of File - - 7F7278720FDB5B264E981DAE7E9F4FBB

<< End Combofix>>

<<DDS>>

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by OWNER at 8:22:32 on 2012-07-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2000 [GMT -7:00]

.

AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\Dwm.exe

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\Common Files\AOL\1293544326\ee\aolsoftware.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\lxctcoms.exe

C:\windows\system32\lxdxcoms.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\windows\system32\conhost.exe

C:\windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

BHO: MRI_DISABLED - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TosSENotify] "c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe"

mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"

mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s

mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"

mRun: [HostManager] "c:\program files\common files\aol\1293544326\ee\AOLSoftware.exe"

mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2456C6B696E6F5E4B2F5241324838343F507771647 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\2656C6B696E6E233238326 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\86F677162746 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{66A8A232-40D7-4C1D-B36A-F90BD86322AF}\F475E45425D20534F5E4564777F627B6F513 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{C16B5307-8D67-43AE-8FB8-ECABFE356F19} : DhcpNameServer = 97.64.183.164 97.64.209.37

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-1 36000]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-16 176128]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-1 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-1 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-1 83392]

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-16 7680]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-16 187392]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-16 54136]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-27 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-15 136176]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-19 28488]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-16 171520]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

.

=============== Created Last 30 ================

.

2012-07-24 15:22:01 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e044f537-35f9-4b21-8014-2e80118bffb0}\offreg.dll

2012-07-24 15:14:50 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-21 01:30:34 -------- d-----w- c:\users\owner\appdata\local\temp

2012-07-21 01:22:47 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e044f537-35f9-4b21-8014-2e80118bffb0}\mpengine.dll

2012-07-21 01:09:54 6891424 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll

2012-07-21 01:07:32 98816 ----a-w- c:\windows\sed.exe

2012-07-21 01:07:32 518144 ----a-w- c:\windows\SWREG.exe

2012-07-21 01:07:32 256000 ----a-w- c:\windows\PEV.exe

2012-07-21 01:07:32 208896 ----a-w- c:\windows\MBR.exe

2012-07-20 05:45:30 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-20 05:08:44 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2012-07-20 05:08:30 -------- d-----w- c:\programdata\Malwarebytes

2012-07-20 05:08:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-20 05:08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-20 05:07:59 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-19 21:26:57 -------- d--h--w- c:\windows\PIF

2012-07-18 23:47:23 -------- d-----w- c:\program files\ESET

2012-07-18 23:13:08 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 23:13:08 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 23:13:08 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 23:13:08 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 23:13:07 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 23:10:02 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 21:40:41 4024320 ----a-w- c:\program files\GUT1F91.tmp

2012-07-18 21:40:41 -------- d-----w- c:\program files\GUM1F71.tmp

2012-07-18 20:35:20 -------- d-----w- C:\temp

2012-07-18 20:35:11 -------- d-----w- c:\program files\RealVNC

2012-07-13 20:41:02 -------- d-----w- c:\programdata\AVG2012

2012-07-13 20:40:20 -------- d-----w- c:\program files\AVG

2012-07-13 20:36:53 -------- d--h--w- c:\programdata\Common Files

2012-07-13 20:36:53 -------- d-----w- c:\programdata\MFAData

2012-07-05 07:24:10 -------- d-----w- c:\programdata\gn_Logs

2012-07-05 07:21:53 -------- d-----w- c:\users\owner\appdata\local\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\programdata\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\common files\ABBYY

2012-07-05 07:21:13 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-07-05 07:20:13 -------- d-----w- c:\program files\Lexmark

2012-07-05 07:19:44 -------- d-----w- c:\program files\Lexmark S310 Series

2012-06-29 12:03:30 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-29 12:03:22 -------- d-----w- c:\program files\SUPERAntiSpyware

.

==================== Find3M ====================

.

2012-07-18 22:49:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-18 22:49:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-08 21:26:38 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

============= FINISH: 8:24:38.37 ===============

<< End DDS>>

Thank you. :-)

[screen317]

Hi,

Seems normal to me. The connection must have been enabled temporarily after ComboFix ran. Feel free to install them..

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[jgrotter]

Hi screen317,

I put the computer back on the network and ran the ESET online tool, then your Security Check. Just from the standpoint of tools not alerting virus warnings, and no re-directs or audio-only ads, I'd say it's better. Thank you.

I'll still probably have to go through and update Java, Win, Avira, etc. Not sure what else to check for updates to make sure there aren't out-dated security holes - do you recommend anything?

Also, I probably should delete the previous Windows Restore points, and uninstall Combofix, right? (I can do the latter, but not sure how to remove restore points, aside from turning Restore off and back on again.)

If this looks clean to you, too, what would you recommend for cleaning up and updating?

Logs below:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7afedee7a1e9e41a12727e3fbbc1911

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-19 01:02:13

# local_time=2012-07-18 06:02:13 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 0 94200131 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=189866

# found=3

# cleaned=3

# scan_time=4394

C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\OWNER\AppData\Local\Temp\0.15832422143870295 a variant of Win32/Kryptik.AIGB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\OWNER\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7afedee7a1e9e41a12727e3fbbc1911

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-20 08:00:56

# local_time=2012-07-20 01:00:56 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 33495 33495 0 0

# compatibility_mode=5893 16776574 100 94 33459 94309254 0 0

# compatibility_mode=8192 67108863 100 0 22820 22820 0 0

# scanned=166215

# found=18

# cleaned=18

# scan_time=6793

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_22.43.56\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7afedee7a1e9e41a12727e3fbbc1911

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-25 04:29:41

# local_time=2012-07-25 09:29:41 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 502809 502809 0 0

# compatibility_mode=5893 16776573 100 94 0 94778568 0 0

# compatibility_mode=8192 67108863 100 0 492134 492134 0 0

# scanned=102

# found=0

# cleaned=0

# scan_time=3

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c7afedee7a1e9e41a12727e3fbbc1911

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-25 06:14:37

# local_time=2012-07-25 11:14:37 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 502869 502869 0 0

# compatibility_mode=5893 16776573 100 94 0 94778628 0 0

# compatibility_mode=8192 67108863 100 0 492194 492194 0 0

# scanned=120475

# found=0

# cleaned=0

# scan_time=6241

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus out of date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Wise Registry Cleaner 6.21

Java 6 Update 14

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.0.32.18 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Thank you.

[screen317]

Hi,

The following should answer your questions. The ComboFix uninstall will also reset System Restore.

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Search Toolbar

Java™ 6 Update 14

Adobe Flash Player 10

Adobe Flash Player 10.0.32.18

Adobe Reader 9

Restart your computer.

Delete this folder:

C:\TDSSKiller_Quarantine

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Update your antivirus!

Let me know what issues remain.

[jgrotter]

Hi,

Search Toolbar and Adobe Flash Player 10.0.32.18 aren't listed in Add/Remove programs (Adobe Flash Player 11 ActiveX is, though). Any thoughts on those.

Working on finishing up the rest of the points now.

[screen317]

Hi,

Search Toolbar was already removed. Do remove Adobe Flash Player 11 ActiveX. Then get the latest version as instructed.

[jgrotter]

Everything is done (as suggested) and the computer appears to be doing fine now. I setup a new restore point (on the cleaned/updated PC) and have been testing it: looks good.

I'm going to give this back to him tomorrow morning. Thank you for your help in this.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!