pum.hijack.startmenu

[gsergot]

Hello,

I have been infected with pum.hijack.startmenu and it is causing my progress to think that I am not connected to the internet when I am. Nothing will connnect.

I ran Malwarebytes and it removed hijack.startmenu, but I still am having my connection problem.

Here are my DDS.txt and Attach.txt log files.

DDS-

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by owner at 14:24:50 on 2012-07-31

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1919 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\AGRI\LIC\MFLMWIN.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\AGRI\LIC\mflmma.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = <local>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0441260C-897F-4DCB-82D7-345D0A7AF92A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A6C3F5B9-65E2-44CD-9E82-FAF215DB88FC} : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\947xq7mc.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-11 20384]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 Micro Focus License Manager;Micro Focus License Manager;c:\agri\lic\MFLMWIN.EXE [2012-2-16 394608]

R2 MSSQL$APEX2005;SQL Server (APEX2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-11-10 19456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-11 954368]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-5-3 33792]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-31 05:03:51 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-31 05:03:48 -------- d-----w- c:\users\owner\appdata\local\temp

2012-07-31 04:39:41 98816 ----a-w- c:\windows\sed.exe

2012-07-31 04:39:41 518144 ----a-w- c:\windows\SWREG.exe

2012-07-31 04:39:41 256000 ----a-w- c:\windows\PEV.exe

2012-07-31 04:39:41 208896 ----a-w- c:\windows\MBR.exe

2012-07-31 03:38:24 -------- d-----w- c:\programdata\MFAData

2012-07-31 03:38:24 -------- d-----w- c:\programdata\Common Files

2012-07-31 02:30:04 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2012-07-31 02:29:49 -------- d-----w- c:\programdata\Malwarebytes

2012-07-31 02:29:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-31 02:29:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-29 23:02:06 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a10d2a2b-2fd4-4417-8200-6e591b4733dd}\mpengine.dll

2012-07-28 14:08:42 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-19 08:05:51 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 00:14:15 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-18 00:14:12 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-18 00:14:12 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-18 00:14:11 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 00:14:11 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 00:14:11 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-05 03:47:22 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bb8b3598-bb60-41ae-9204-863d4eb8bdcb}\gapaengine.dll

.

==================== Find3M ====================

.

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 14:25:15.71 ===============

Attach -

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 1/11/2009 7:11:42 PM

System Uptime: 7/31/2012 2:15:18 PM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Genuine Intel® CPU 585 @ 2.16GHz | CPU | 2161/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 140 GiB total, 76.794 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: MAC Bridge Miniport

Device ID: ROOT\MS_BRIDGEMP\0000

Manufacturer: Microsoft

Name: MAC Bridge Miniport

PNP Device ID: ROOT\MS_BRIDGEMP\0000

Service: BridgeMP

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Aatrix Federal/State Payroll Reporting

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

AgManager

Apex 2.5

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

CD/DVD Drive Acoustic Silencer

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

DVD MovieFactory for TOSHIBA

Geek Squad 24 Hour Computer Support

Google Chrome

Google Update Helper

GSDNet Connection 2.5

GSDNetBridge

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 25

Java 6 Update 6

LeapFrog Connect

LeapFrog Tag Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (APEX2005)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 2.0 SP3 Runtime

Microsoft XML Parser

Mozilla Firefox (3.5.14)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NOVAPDF (novaPDF Professional Server 5.5 printer)

OGA Notifier 2.0.0048.0

Picasa 3

QuickBooks Financial Center

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Rpv Business Reports

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Sid Meier's Civilization 4

Sid Meier's Civilization V

Skype™ 5.1

Steam

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Desktop Links

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Service Station

TOSHIBA Software Modem

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Media Encoder 9 Series

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

7/31/2012 12:01:05 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/30/2012 9:33:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/30/2012 11:42:40 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/30/2012 10:57:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

7/30/2012 10:24:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.956.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

7/30/2012 10:24:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/30/2012 10:14:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6

7/30/2012 10:14:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:14:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

7/30/2012 10:14:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/30/2012 10:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/30/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/30/2012 10:04:14 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/30/2012 10:03:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/30/2012 10:03:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/30/2012 10:03:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/30/2012 10:01:36 PM, Error: Service Control Manager [7034] - The Micro Focus License Manager service terminated unexpectedly. It has done this 1 time(s).

7/29/2012 8:02:02 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A6C3F5B9-65E2-44CD-9E82-FAF215DB88FC} because another computer on the network has the same name. The server could not start.

7/29/2012 8:02:02 PM, Error: netbt [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.0.194. The computer with the IP address 192.168.0.197 did not allow the name to be claimed by this computer.

7/29/2012 8:02:02 PM, Error: netbt [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.0.194. The computer with the IP address 192.168.0.197 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[gsergot]

Here is the results from MBAM. I could not update it before running because my laptop cannot access the internet. I tried to update it on another computer and install it on my laptop but the message still wanted an update when running on the laptop.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-30 23:12:16

-----------------------------

23:12:16.529 OS Version: Windows 6.0.6002 Service Pack 2

23:12:16.529 Number of processors: 1 586 0xF0D

23:12:16.529 ComputerName: OWNER-PC UserName: owner

23:12:17.106 Initialize success

23:12:20.414 AVAST engine download error: 0

23:12:23.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:12:23.175 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3

23:12:23.222 Disk 0 MBR read successfully

23:12:23.222 Disk 0 MBR scan

23:12:23.237 Disk 0 Windows VISTA default MBR code

23:12:23.237 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

23:12:23.253 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143737 MB offset 3074048

23:12:23.284 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 297447424

23:12:23.284 Disk 0 scanning sectors +312580096

23:12:23.346 Disk 0 scanning C:\Windows\system32\drivers

23:12:31.022 Service scanning

23:12:40.382 Service MpKsl40b6107e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A10D2A2B-2FD4-4417-8200-6E591B4733DD}\MpKsl40b6107e.sys **LOCKED** 32

23:12:53.735 Modules scanning

23:13:01.052 Disk 0 trace - called modules:

23:13:01.083 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

23:13:01.083 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864afac8]

23:13:01.098 3 CLASSPNP.SYS[8a1198b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85413028]

23:13:01.098 Scan finished successfully

23:13:47.836 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"

23:13:47.836 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

Here are the results from ComboFix:

ComboFix 12-07-30.03 - owner 07/30/2012 23:43:00.1.1 - x86

Running from: c:\users\owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\owner\g2mdlhlpx.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))

.

.

2012-07-31 05:00 . 2012-07-31 05:01 -------- d-----w- c:\users\owner\AppData\Local\temp

2012-07-31 05:00 . 2012-07-31 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-31 03:38 . 2012-07-31 03:39 -------- d-----w- c:\programdata\MFAData

2012-07-31 03:38 . 2012-07-31 03:38 -------- d-----w- c:\programdata\Common Files

2012-07-31 02:30 . 2012-07-31 02:30 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes

2012-07-31 02:29 . 2012-07-31 02:29 -------- d-----w- c:\programdata\Malwarebytes

2012-07-31 02:29 . 2012-07-31 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-31 02:29 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-29 23:02 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A10D2A2B-2FD4-4417-8200-6E591B4733DD}\mpengine.dll

2012-07-28 14:08 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-19 08:05 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 00:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-18 00:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-18 00:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-18 00:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 00:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 00:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-05 03:47 . 2012-02-09 19:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB8B3598-BB60-41AE-9204-863D4EB8BDCB}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 22:19 . 2012-06-21 21:48 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 21:48 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 21:48 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 21:48 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 21:48 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 21:48 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 21:48 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 21:47 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:12 . 2012-06-21 21:47 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-07 00:49 . 2012-04-13 20:07 95362 ----a-w- C:\PN.ZIP

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-10-09 02:49 136176 ----atw- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2012-05-22 02:43 1242448 ----a-w- c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 15:55]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 15:55]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core.job

- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:49]

.

2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA.job

- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 02:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\947xq7mc.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-31 00:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-31 00:03:47

ComboFix-quarantined-files.txt 2012-07-31 05:03

.

Pre-Run: 82,228,350,976 bytes free

Post-Run: 82,503,639,040 bytes free

.

- - End Of File - - 3A875A23AB21A96945706D529F089954

[gsergot]

Anything?

[gsergot]

So...nothing?

[screen317]

Hi,

Bumping puts you at the bottom of my queue. Please don't do that.

Also, please don't run tools that I don't tell you to........

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[gsergot]

I ran TFC but I am still having trouble connecting to the internet.

As you can see from the image below, I am connected, but my icon in the bottom right of the screen says I am not connected. Also, no browsers will connect to the internet. Is there another way I can run ESET?

http://imgur.com/0ngMf

[screen317]

Hi,

Are you connected through a router wirelessly? How many computers are on this network?

[gsergot]

I am connected wirelessly to my router. There is another laptop connected wirelessly and a pc connected through network cable.

[screen317]

Are the other computers having difficulty connecting as well or is it only this one? What happens if you plug it in directly via ethernet cable?

[gsergot]

The other computers are not having any trouble connecting through the router. If I connect my laptop via ethernet cable it does not work either.

In the screen shot I posted, the network screen shows that I am connected, but the icon in the tool bar says that I am not. None of my browsers will connect.

[screen317]

Okay. On the laptop, plug directly into the router via ethernet cable.

Please reboot to Safe Mode With Networking (tap the F8 key just before Windows starts to load and select the Safe Mode With Networking option from the menu).

See if you can connect now. If so, then some software is to blame and we can troubleshoot it. If not, we will try a few other things.

[gsergot]

I plugged in the ethernet cable and booted it up in safe mode with networking but still could not connect.

[screen317]

Okay thanks.

Click Start --> Run, and enter this command:

netsh winsock reset

Reboot and see if Internet is restored.

[gsergot]

It is still not connecting. I tried in Safe Mode with Networking also, no luck. Connecting with Ethernet cable does not work either.

[screen317]

How strange. Do you have any System Restore points that are from before the issue began? What exactly were you doing when the issue began? Do you have your Windows CD?

[gsergot]

Not sure about the restore points. I'm in the middle of moving, so locating my Windows CD will not be easy.

My Wife was on Skype and downloaded a file that had the virus. She immediately lost connection to the internet, but Skype still worked. We rebooted and then nothing would connect.

I downloaded Malwarebytes, it found and removed the Pum.Hijack.Startmenu Virus.

I have a feeling that the virus changed something in the system file for my connection to show as not connected, even though it is.

Is there a file I can compare to, to see if that is the issue?

[screen317]

I found a new tool that may help. Run this and see if it restores your connectivity. Ensure that you reboot after you run it:

http://complete-internet-repair.en.lo4d.com/

[gsergot]

I ran the tool and it did not help.

I reset my Atheros Network Adapter settings and my connection has been restored! I have no idea how or why that worked, but it did.

Thanks for your help.

[screen317]

Great!!

Are you experiencing any further issues??

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!