SVCHOST.EXE trying to connect to malicious sites

mpsinger · September 17, 2011

Hello,

First of all, let me preface this by saying I'm not the most computer savvy person, so please bear with me. I have a three-year-old Toshiba Satellite laptop running Windows Vista Service Pack 2; I use the free versions of Malwarebytes and AVG. For the past few weeks, svchost.exe has been attempting to access malicious sites a few times per day, even when I don't have a browser open. AVG blocks them, though I do occasionally find and quarantine a few infected files per day since this started. Also, svchost.exe has been spiking my CPU usage to 100%, where it stays until I reboot.

About two months ago, I clicked on something I shouldn't have and accidentally downloaded one of those fake antivirus programs, which I promptly removed. A couple weeks later, this trend started happening. Not sure if they're related. As you'll see, I have a few file sharing programs on my computer, but I hadn't use any of them directly before or since this issue came up. Previous to this, I've never had to deal with anything involving viruses, so I'm wondering what's going on.

I know a few other people have reported similar problems on this forum, so I was hoping you could help me out and walk me through how to fix this. I don't really know what the protocol is here for a first post, but I recently downloaded HiJackThis and did a scan. Here is the log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:47:12 PM, on 9/16/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Bing Toolbar\tbhelper.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Bing Toolbar\tbcore3.dll

O3 - Toolbar: Bing Toolbar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden

O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10468 bytes

Any help would be greatly appreciated. Thanks!

screen317 · September 18, 2011

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

mpsinger · September 19, 2011

Thank you for the response. Here are the logs you requested:

MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7745

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

9/18/2011 7:49:39 PM

mbam-log-2011-09-18 (19-49-39).txt

Scan type: Quick scan

Objects scanned: 171022

Time elapsed: 25 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

_______DDS.txt

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_26

Run by Matt at 20:10:48 on 2011-09-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1252 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\NLSSRV32.EXE

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\bing toolbar\tbhelper.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\bing toolbar\tbcore3.dll

TB: Bing Toolbar: {10000000-1000-1000-1000-100000000000} - c:\program files\bing toolbar\tbcore3.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden

uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{893B2CFC-3475-44C8-99CF-92BDECEB9778} : DhcpNameServer = 68.87.69.150 68.87.85.102

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\c0054sgs.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4e9edc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-18 366152]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416]

R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-18 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-18 22216]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]

S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-18 1025352]

S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

.

=============== Created Last 30 ================

.

2011-09-19 02:18:31 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-09-19 02:01:57 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-09-19 02:01:56 -------- d-----w- c:\program files\AVG Secure Search

2011-09-19 01:58:15 -------- d-----w- c:\users\matt\appdata\roaming\AVG2012

2011-09-19 01:53:48 -------- d-----w- c:\programdata\AVG2012

2011-09-17 01:45:05 388096 ----a-r- c:\users\matt\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-17 01:04:19 -------- d-----w- c:\users\matt\appdata\roaming\OpenOffice.org

2011-09-17 00:51:47 -------- d-----w- c:\program files\OpenOffice.org 3

2011-09-17 00:18:40 -------- d-----w- c:\users\matt\appdata\local\WindowsUpdate

2011-09-16 23:53:58 -------- d-----w- c:\users\matt\appdata\local\Secunia PSI

2011-09-16 23:53:50 -------- d-----w- c:\program files\Secunia

2011-09-16 22:53:09 -------- d-----w- c:\windows\system32\eu-ES

2011-09-16 22:53:09 -------- d-----w- c:\windows\system32\ca-ES

2011-09-16 22:53:08 -------- d-----w- c:\windows\system32\vi-VN

2011-09-16 22:45:56 -------- d-----w- c:\windows\system32\SPReview

2011-09-16 22:15:45 928768 ----a-w- c:\windows\system32\scavenge.dll

2011-09-16 22:15:34 57856 ----a-w- c:\windows\system32\compcln.exe

2011-09-16 22:08:59 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2011-09-16 22:01:37 -------- d-----w- c:\windows\system32\EventProviders

2011-09-16 21:21:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-09-16 21:21:37 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-09-16 18:49:47 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2011-09-16 00:37:22 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-09-15 23:09:15 41984 ----a-w- c:\windows\system32\netfxperf.dll

2011-09-15 23:04:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-09-15 23:04:04 411648 ----a-w- c:\windows\system32\drivers\http.sys

2011-09-15 23:04:04 30720 ----a-w- c:\windows\system32\httpapi.dll

2011-09-15 22:55:26 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-09-15 22:55:25 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-09-15 22:55:24 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-09-15 22:55:17 1696256 ----a-w- c:\windows\system32\gameux.dll

2011-09-15 22:54:31 105984 ----a-w- c:\windows\system32\netiohlp.dll

2011-09-15 22:54:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-09-15 22:54:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-09-15 22:54:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-09-15 22:54:30 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-09-15 22:54:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-09-15 22:54:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-09-15 22:54:30 10240 ----a-w- c:\windows\system32\finger.exe

2011-09-15 22:54:29 17920 ----a-w- c:\windows\system32\netevent.dll

2011-09-15 22:52:59 7680 ----a-w- c:\windows\system32\spwmp.dll

2011-09-15 22:51:57 1616384 ----a-w- c:\program files\windows mail\msoe.dll

2011-09-15 22:50:58 714240 ----a-w- c:\windows\system32\timedate.cpl

2011-09-15 22:41:08 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2011-09-15 22:41:03 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-09-15 22:41:03 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-09-15 22:33:41 601600 ----a-w- c:\windows\system32\schedsvc.dll

2011-09-15 22:33:40 352768 ----a-w- c:\windows\system32\taskschd.dll

2011-09-15 22:33:40 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-09-15 22:33:40 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-09-15 22:33:40 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-09-15 22:33:25 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-09-15 22:33:25 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-09-15 22:33:06 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

2011-09-15 22:33:05 310784 ----a-w- c:\windows\system32\unregmp2.exe

2011-09-15 22:31:56 2048 ----a-w- c:\windows\system32\tzres.dll

2011-09-15 22:31:22 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-09-15 22:31:16 1248768 ----a-w- c:\windows\system32\msxml3.dll

2011-09-15 22:31:12 243712 ----a-w- c:\windows\system32\rastls.dll

2011-09-15 22:31:05 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-15 22:30:59 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-09-15 22:30:58 98304 ----a-w- c:\windows\system32\cabview.dll

2011-09-15 22:30:56 276992 ----a-w- c:\windows\system32\schannel.dll

2011-09-15 22:30:35 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-09-03 01:58:57 -------- d-----w- c:\program files\iPod

2011-09-03 01:50:43 -------- d-----w- c:\program files\Bonjour

2011-09-03 01:16:48 -------- d-----w- c:\windows\pss

2011-09-03 00:18:06 -------- d-----w- c:\program files\Free Window Registry Repair

2011-09-03 00:12:56 -------- d-----w- c:\program files\StartNow Toolbar

2011-08-30 20:33:42 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-09-17 00:14:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-11 08:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-07-11 08:14:02 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys

2011-07-11 08:14:02 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-07-11 08:14:00 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

2011-07-11 08:13:58 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-07-11 08:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-07-11 08:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 20:12:30.01 ===============

mpsinger · September 20, 2011

BUMP

screen317 · September 24, 2011

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

mpsinger · October 1, 2011

Hey there.

Ran Combofix, here's the log:

ComboFix 11-09-30.05 - Matt 09/30/2011 17:06:48.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1376 [GMT -7:00]

Running from: c:\users\Matt\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

/wow section - STAGE 48

grep: temp2401: No such file or directory

.

/wow section - STAGE 50

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Bing Toolbar\tbHElper.dll

c:\program files\StartNow Toolbar\ToOLbar32.dll

c:\programdata\vlc-1.1.5-win32.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))

.

2011-10-01 00:21 . 2011-10-01 00:31 -------- d-----w- c:\users\Matt\AppData\Local\temp

2011-10-01 00:21 . 2011-10-01 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-19 21:42 . 2011-09-19 21:42 -------- d-----w- c:\program files\Windows Portable Devices

2011-09-19 17:52 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-09-19 17:52 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-09-19 17:52 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-09-19 17:51 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2011-09-19 17:51 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys

2011-09-19 17:51 . 2009-10-01 01:01 839168 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

2011-09-19 17:35 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-09-19 02:37 . 2011-01-20 16:08 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-09-19 02:37 . 2011-01-20 16:37 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-09-19 02:37 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll

2011-09-19 02:36 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-19 02:35 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-09-19 02:35 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-09-19 02:35 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-09-19 02:35 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-09-19 02:35 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-09-19 02:35 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-09-19 02:35 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-09-19 02:35 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-09-19 02:35 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-09-19 02:32 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-09-19 02:30 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-19 02:18 . 2011-10-01 00:28 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-09-19 02:01 . 2011-09-19 02:01 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-19 02:01 . 2011-09-19 02:02 -------- d-----w- c:\program files\AVG Secure Search

2011-09-19 01:58 . 2011-09-19 01:58 -------- d-----w- c:\users\Matt\AppData\Roaming\AVG2012

2011-09-19 01:53 . 2011-09-19 02:15 -------- d-----w- c:\programdata\AVG2012

2011-09-17 01:45 . 2011-09-17 01:45 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-17 01:04 . 2011-09-17 01:04 -------- d-----w- c:\users\Matt\AppData\Roaming\OpenOffice.org

2011-09-17 00:51 . 2011-09-17 00:51 -------- d-----w- c:\program files\OpenOffice.org 3

2011-09-17 00:18 . 2011-09-17 00:18 -------- d-----w- c:\users\Matt\AppData\Local\WindowsUpdate

2011-09-16 23:53 . 2011-09-16 23:53 -------- d-----w- c:\users\Matt\AppData\Local\Secunia PSI

2011-09-16 23:53 . 2011-09-16 23:53 -------- d-----w- c:\program files\Secunia

2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\ca-ES

2011-09-16 22:53 . 2011-09-16 22:57 -------- d-----w- c:\windows\system32\eu-ES

2011-09-16 22:15 . 2009-04-11 06:27 57856 ----a-w- c:\windows\system32\compcln.exe

2011-09-16 22:08 . 2009-04-11 06:28 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2011-09-16 22:01 . 2011-09-16 22:01 -------- d-----w- c:\windows\system32\EventProviders

2011-09-16 21:21 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-09-16 21:21 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-09-16 00:37 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-09-15 23:04 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2011-09-15 23:04 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2011-09-15 22:55 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2011-09-15 22:54 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-09-15 22:54 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-09-15 22:54 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe

2011-09-15 22:53 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2011-09-15 22:53 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-09-15 22:53 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-09-15 22:53 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-09-15 22:53 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-09-15 22:53 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-09-15 22:53 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-09-15 22:51 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll

2011-09-15 22:50 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll

2011-09-15 22:50 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm

2011-09-15 22:50 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm

2011-09-15 22:41 . 2009-07-15 10:21 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-09-15 22:33 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-09-15 22:33 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-09-15 22:32 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2011-09-15 22:32 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll

2011-09-15 22:32 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

2011-09-15 22:32 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-09-15 22:32 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll

2011-09-15 22:31 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-09-15 22:31 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-15 22:30 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2011-09-03 01:58 . 2011-09-03 01:58 -------- d-----w- c:\program files\iPod

2011-09-03 01:50 . 2011-09-03 01:50 -------- d-----w- c:\program files\Bonjour

2011-09-03 00:40 . 2011-09-03 00:40 -------- d-----w- c:\program files\Apple Software Update

2011-09-03 00:18 . 2011-09-03 00:26 -------- d-----w- c:\program files\Free Window Registry Repair

2011-09-03 00:12 . 2011-10-01 00:20 -------- d-----w- c:\program files\StartNow Toolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-17 00:14 . 2011-01-08 00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-01 00:00 . 2011-07-18 20:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2011-07-23 11:04 . 2011-09-19 02:31 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00 . 2011-09-19 02:31 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 09:25 . 2011-09-19 02:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-11 13:25 . 2011-09-19 02:38 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys

2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

2011-07-11 08:13 . 2011-07-11 08:13 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-30 18:23 . 2011-03-29 21:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-09-01 16:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]

"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]

"NDSTray.exe"="NDSTray.exe" [bU]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-07-31 22:26 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2008-07-11 01:35 188416 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]

2007-12-14 02:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-25 22:06 145944 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]

R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]

R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]

R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-07-11 32464]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-11 40960]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-21 67904]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-19 246600]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]

S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:44]

.

2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 01:44]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c0054sgs.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4e9edc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-30 17:31

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????m5uk????h?????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4748)

c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\RtHDVCpl.exe

c:\program files\Toshiba\ConfigFree\NDSTray.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-09-30 17:41:25 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-01 00:41

.

Pre-Run: 176,151,060,480 bytes free

Post-Run: 175,927,291,904 bytes free

.

- - End Of File - - A3DE28D5D07D122612790F99806FA388

log.txt

screen317 · October 5, 2011

Hi,

Please delete your copy of ComboFix, grab a fresh copy, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

mpsinger · October 11, 2011

OK, I ran everything but the problems still remain -- svchost.exe is still trying to connect to malicious sites which AVG keeps blocking, and CPU usage ramps up to 100% a few minutes after restarting the computer. Also, I've noticed that whenever I hibernate my laptop, I get blue-screened when I try to turn it back on.

Here are the logs you requested, starting with the new Combofix:

ComboFix 11-10-10.04 - Matt 10/10/2011 15:22:42.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1476 [GMT -7:00]

Running from: c:\users\Matt\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\protect\index.html

c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files\StartNow Toolbar\Resources\protect\window.css

c:\program files\StartNow Toolbar\Resources\protect\window.js

c:\program files\StartNow Toolbar\Resources\reactivate\index.html

c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.js

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files\StartNow Toolbar\uninstall.dat

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

.

((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))

.

2011-09-20 17:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-09-19 21:42 . 2011-09-19 21:42 -------- d-----w- c:\program files\Windows Portable Devices

2011-09-19 17:54 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2011-09-19 17:54 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2011-09-19 17:54 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-09-19 17:52 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-09-19 17:52 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-09-19 17:52 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-09-19 17:52 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-09-19 17:52 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-09-19 17:52 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-09-19 17:52 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-09-19 17:49 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-09-19 17:49 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2011-09-19 17:49 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-19 17:35 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-09-19 17:35 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-09-19 17:35 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-09-19 17:35 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-09-19 17:35 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-09-19 02:40 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-09-19 02:40 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll

2011-09-19 02:39 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-09-19 02:38 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll

2011-09-19 02:36 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-19 02:36 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll