Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect to urlseek & desktop icons rearrange/disappear


  • This topic is locked This topic is locked
11 replies to this topic

#1 Jener1

Jener1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 February 2011 - 10:17 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic379051.html ~ OB

Hello,
When I browse in Mozilla, I get redirected to a urlseek/dead page saying it can't find the page. (It doesn't happen when in Safari and Chrome).
I updated/ran Spyware Blaster, Spybot Search & Destroy, Avira AntiVir, Malwarebytes Anti-Malware, Eset scanner, Securnia scanner,Panda,Windows Defender, Norman Malware Cleaner. Malwarebytes and Norman picked up on a few virus'. I cleaned and reran all of them again and it showed clear. Also, when I ran Securnia (free version), it found Adobe and Java outdated so I updated Adobe, and uninstalled/reinstalled Java. Everything looked good for a couple of days. Then I started getting redirected again. Also, I noticed that a few of my desktop shortcut icons have been moving or disappearing.

Any help is greatly appreciated!
Thanks, Jen


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 18:26:25.51 on Thu 02/24/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1763 [GMT -8:00]

AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.toshibadirect.com/dpdstart
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} -
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\owner\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\1pkilp67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\program files\panda security\panda id protect\firefox\components\FFKeypad.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\1pkilp67.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\1pkilp67.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.5.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\1pkilp67.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\1pkilp67.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\panda security\panda id protect\Firefox

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-28 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-22 11608]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 126536]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-29 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-22 61960]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-25 1153368]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2010-11-17 107856]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-7-8 318464]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-7-8 51456]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2010-11-17 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2010-11-17 120144]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-9 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-7 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]

=============== Created Last 30 ================

2011-02-24 21:43:18 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-02-24 21:43:18 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-02-24 21:43:18 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-02-24 21:43:15 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-02-24 21:43:15 -------- d-----w- c:\program files\PDFCreator
2011-02-23 17:50:02 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 16:58:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 16:58:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 16:56:44 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c9e4a7ca-3844-4d44-b86f-000ca51462ce}\mpengine.dll
2011-02-04 05:53:16 -------- d-----w- c:\users\owner\appdata\local\panda2_0dn
2011-02-04 03:45:20 -------- d-----w- c:\progra~2\Panda Security URL Filtering
2011-01-30 15:45:12 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-20 03:51:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-17 02:39:53 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-12-13 17:51:52 37376 ----a-w- c:\windows\system32\libusb0.dll
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 18:28:56.64 ===============

Attached Files


Edited by Orange Blossom, 25 February 2011 - 03:27 PM.


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:42 PM

Posted 01 March 2011 - 09:30 AM

Greetings Jener1 and Welcome to the Malware removal forum.

Your Firefox profile does seem to indicate a problem. The file, npmnqmp071101000055.dll, is seen as cloaked malware...I have doubts that it's all that serious as it seems, that particular file comes along with your installation of the "Coupon Printer for Windows". I see that in your "attach.txt" log as well, and that indicates to me that you should be able to uninstall it successfully. Please look for it in your "Programs and features" listing from the control panel and uninstall it.

There is however, evidence in the dds log that the system is waiting for a reboot since your last scan with mbam. So, before you carry on with any of the instructions below, please reboot that computer.

You have two items listed in your trusted zone...and should have nothing in the trusted zone unless it's another system (or file from another system) which is on a network that you setup. You should remove anything from the trusted zone that you know with certainty, is not on a protected system under your control.

The "Trusted Zone" is really something more suited for the corporate environment...or of course, as mentioned, a home network which you as admin, have setup and maintain control of. Otherwise, anything you place in the trusted zone is likened unto one who goes away on vacation, having left the front door keys in the lock. If you agree that is a bad idea, then please, by all means, remove those items from the trusted zone.

After having complied with the above suggestions, and before we continue, and perhaps introduce even more invasive tools, there is one more thing I'd like you to do.

If you have book marked certain web sites in the Firefox browser, click "Bookmarks" from the Firefox browser menu then scroll to and select Organize Bookmarks...The library menu should open. At the top, please click Import and Backup, then scroll to and select Export HTML...

There you can choose to save your bookmarks as an "HTML" file anywhere you think best...and the desktop would be a good place so you could easily find it later.

Once you've done that, you should uninstall Firefox. After the uninstall completes, locate and delete the "Firefox" folder in the "Program Files" listing. Reboot, then reinstall Firefox. To restore the bookmarks, simply return to the Firefox "Bookmarks" tab from the menu at the top, and select Organize Bookmarks..., then once again, click Import and Backup. There you can choose to Restore the HTML file from the desktop. However, please run Firefox for a while FIRST, before you restore the book marks. Do this with and without the bookmarked web pages to see which way may make a difference. I would also advise not to install any of the addons or plugins you had previously.

Run the system now, browsing the web using the freshly installed Firefox for a bit...without, then with your bookmarked web pages and see if the redirect issue persists. If so...let us know promptly under which of the circumstances above, caused your redirect issue to reappear and we will address the issue once again.

If neither of the above cause the issue to return, the next thing you should try is to reinstall the plugins and addons you were previously using. Do this one by one and surf the web each time until you can cause a return of your issue. Let us know your findings. Good luck!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 Jener1

Jener1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 02 March 2011 - 02:00 AM

Hello 1972vet, Thank you for taking your time to help me.

I uninstalled the Coupon Printer program. When you say "trusted zone", do you mean trusted sites? I went ahead removed the Magic Jack programs within "trusted sites." I backed up the firefox bookmarks to my desktop and uninstalled and then reinstalled Mozilla Firefox. I rechecked - still had redirect issues.

Also, other events occurred between my first post and your response. I had an issue with a program and restored to the 25th (the day after my post here). I was also using Magic Jack all week long. I noticed that my computer started booting up a lot more slowly than before. Could that be related to MJ or just coincidence or to a virus? I updated and reran Malware Bytes and Avira. Avira spotted something. I wasn't sure if it was a virus or a false positive. So I quarantined it. Haven't seen a redirect yet but will keep checking. Maybe you could take a look at it?

I reran and attached: dds, ark, attach files.

Question: A long time ago, using my computer, my brother hacked into an unsecured network of someone in the area, created a portal and set it up to download Torrents through the portal (as my computer did not have internet access at the time.) I think that is how he described it at least. I was concerned about the whole sharing/downloading of videos so I removed the Torrent program. And since then, I also obtained my own internet provider.
However, I am wondering if I still have an open hole/portal somewhere that I need to close that could leave me vulnerable? If so, how do I do it?

Thanks, Jen


DDS & Avira logs below

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 22:07:16.30 on Tue 03/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1565 [GMT -8:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.toshibadirect.com/dpdstart
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} -
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\owner\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\5g2yjfdk.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\panda security\panda id protect\firefox\components\FFKeypad.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\panda security\panda id protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-28 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-22 11608]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 126536]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-29 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-22 61960]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111176]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-25 1153368]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2010-11-17 107856]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-7-8 318464]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-7-8 51456]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\clearwire\connection manager\ConAppsSvc.exe [2010-11-17 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2010-11-17 120144]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-9 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-7 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]

=============== Created Last 30 ================

2011-03-02 02:50:15 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{9db0ca75-3584-4371-8d7b-734d9e039cfe}\mpengine.dll
2011-02-24 21:43:18 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-02-24 21:43:18 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-02-24 21:43:18 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-02-24 21:43:15 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-02-24 21:43:15 -------- d-----w- c:\program files\PDFCreator
2011-02-23 17:50:02 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 16:58:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 16:58:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-04 05:53:16 -------- d-----w- c:\users\owner\appdata\local\panda2_0dn
2011-02-04 03:45:20 -------- d-----w- c:\progra~2\Panda Security URL Filtering

==================== Find3M ====================

2011-02-20 03:51:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-17 02:39:53 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-12-13 17:51:52 37376 ----a-w- c:\windows\system32\libusb0.dll

============= FINISH: 22:09:09.81 ===============


Avira scan


Avira AntiVir Personal
Report file date: Tuesday, March 01, 2011 19:40

Scanning for 2449364 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : OWNER-PC

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/18/2010 06:12:20
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 23:44:22
LUKE.DLL : 10.0.3.2 104296 Bytes 12/18/2010 06:12:22
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:25:28
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 06:11:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 03:55:33
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 03:55:33
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 03:55:33
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 03:55:34
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 03:55:34
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 03:55:34
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 03:55:35
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 03:55:35
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 03:55:36
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 03:55:36
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 03:55:36
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 06:31:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 06:31:10
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 06:31:10
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 02:48:02
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 02:48:03
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 02:48:04
VBASE019.VDF : 7.11.3.252 2048 Bytes 2/28/2011 02:48:04
VBASE020.VDF : 7.11.3.253 2048 Bytes 2/28/2011 02:48:04
VBASE021.VDF : 7.11.3.254 2048 Bytes 2/28/2011 02:48:05
VBASE022.VDF : 7.11.3.255 2048 Bytes 2/28/2011 02:48:05
VBASE023.VDF : 7.11.4.0 2048 Bytes 2/28/2011 02:48:05
VBASE024.VDF : 7.11.4.1 2048 Bytes 2/28/2011 02:48:05
VBASE025.VDF : 7.11.4.2 2048 Bytes 2/28/2011 02:48:06
VBASE026.VDF : 7.11.4.3 2048 Bytes 2/28/2011 02:48:06
VBASE027.VDF : 7.11.4.4 2048 Bytes 2/28/2011 02:48:07
VBASE028.VDF : 7.11.4.5 2048 Bytes 2/28/2011 02:48:07
VBASE029.VDF : 7.11.4.6 2048 Bytes 2/28/2011 02:48:07
VBASE030.VDF : 7.11.4.7 2048 Bytes 2/28/2011 02:48:08
VBASE031.VDF : 7.11.4.24 89088 Bytes 3/1/2011 02:48:09
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 01:06:46
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 3/2/2011 02:48:18
AESCN.DLL : 8.1.7.2 127349 Bytes 12/18/2010 06:12:12
AESBX.DLL : 8.1.3.2 254324 Bytes 12/18/2010 06:12:16
AERDL.DLL : 8.1.9.2 635252 Bytes 9/28/2010 05:09:26
AEPACK.DLL : 8.2.4.10 520567 Bytes 3/2/2011 02:48:16
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/2/2011 02:51:03
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 3/2/2011 02:48:15
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/14/2011 03:55:47
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/2/2011 02:50:57
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/18/2010 06:11:58
AECORE.DLL : 8.1.19.2 196983 Bytes 2/2/2011 02:50:56
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 00:58:42
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/4/2010 02:41:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/18/2010 06:12:21
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/18/2010 06:12:17
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/4/2010 02:41:55

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, March 01, 2011 19:40

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '76' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '106' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '111' Module(s) have been scanned
Scan process 'taskeng.exe' - '28' Module(s) have been scanned
Scan process 'ConAppsSvc.exe' - '42' Module(s) have been scanned
Scan process 'RcAppSvc.exe' - '36' Module(s) have been scanned
Scan process 'ClearwireCM.exe' - '143' Module(s) have been scanned
Scan process 'CCC.exe' - '157' Module(s) have been scanned
Scan process 'StikyNot.exe' - '42' Module(s) have been scanned
Scan process 'PMB.exe' - '69' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '76' Module(s) have been scanned
Scan process 'sidebar.exe' - '93' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'Panda_URL_Filtering.exe' - '57' Module(s) have been scanned
Scan process 'MOM.exe' - '68' Module(s) have been scanned
Scan process 'PSUNMain.exe' - '65' Module(s) have been scanned
Scan process 'avgnt.exe' - '72' Module(s) have been scanned
Scan process 'TCrdMain.exe' - '67' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '52' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '45' Module(s) have been scanned
Scan process 'Explorer.EXE' - '194' Module(s) have been scanned
Scan process 'Dwm.exe' - '38' Module(s) have been scanned
Scan process 'taskhost.exe' - '40' Module(s) have been scanned
Scan process 'SmartFaceVWatchSrv.exe' - '37' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'DeviceLaunchSvc.exe' - '53' Module(s) have been scanned
Scan process 'PSANHost.exe' - '181' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'clearwireDeviceDiagnosticsService.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'atieclxx.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '163' Module(s) have been scanned
Scan process 'svchost.exe' - '128' Module(s) have been scanned
Scan process 'svchost.exe' - '89' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '403' files ).


Starting the file scan:

Begin scan in 'C:\' <SQ004720V05>
C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCNite.bti back-door program

Beginning disinfection:
C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/IRCNite.bti back-door program
[NOTE] The file was moved to the quarantine directory under the name '48e276a7.qua'.


End of the scan: Tuesday, March 01, 2011 21:11
Used time: 1:29:35 Hour(s)

The scan has been done completely.

21565 Scanned directories
352086 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
352085 Files not concerned
4727 Archives were scanned
0 Warnings
1 Notes
694807 Objects were scanned with rootkit scan
0 Hidden objects were found

Attached Files



#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:42 PM

Posted 02 March 2011 - 10:35 AM

No, I don't believe magic jack would cause a problem. The rootkit you picked up would though...and it seems now, from your last logs, that is the case.

You understand what your brother did is illegal? I hope so...let's see if we can repair the damage:
Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 Jener1

Jener1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 02 March 2011 - 11:12 PM

Oh dear, which part was illegal? Opening the portal or accessing Torrents or both? I'm glad I got rid of it. Hopefully, it can be fixed.

I wasn't sure if I was supposed to delete the programs in quarantine first before running the Combofix. I went ahead and left it alone and ran the CF. Do I need to go back in and delete the programs in Avira now?

Thanks, Jen


ComboFix 11-03-02.01 - Owner 03/02/2011 19:27:45.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1863 [GMT -8:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Owner\AppData\Local\{0D330AE8-D23A-44C1-A4AA-DF7247877842}
c:\users\Owner\AppData\Local\{0D330AE8-D23A-44C1-A4AA-DF7247877842}\chrome\content\overlay.xul
c:\users\Owner\AppData\Local\{0D330AE8-D23A-44C1-A4AA-DF7247877842}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-03 03:35 . 2011-03-03 03:36 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-03-03 03:35 . 2011-03-03 03:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-03 03:35 . 2011-03-03 03:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 03:23 . 2011-03-03 03:25 -------- d-----w- C:\32788R22FWJFW
2011-03-02 02:50 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DB0CA75-3584-4371-8D7B-734D9E039CFE}\mpengine.dll
2011-02-24 21:43 . 2004-03-09 08:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-02-24 21:43 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-02-24 21:43 . 1998-06-24 08:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-02-24 21:43 . 2011-02-24 21:43 -------- d-----w- c:\program files\PDFCreator
2011-02-24 21:43 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-02-23 17:50 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 16:58 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 16:58 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-21 00:27 . 2011-02-21 00:27 -------- d-----w- c:\program files\Common Files\Skype
2011-02-20 03:54 . 2011-02-20 03:54 -------- d-----w- c:\program files\Common Files\Java
2011-02-20 03:35 . 2011-02-20 03:36 -------- d-----w- c:\program files\Common Files\Adobe
2011-02-04 05:53 . 2011-02-04 05:57 -------- d-----w- c:\users\Owner\AppData\Local\panda2_0dn
2011-02-04 03:45 . 2011-02-04 03:45 -------- d-----w- c:\programdata\Panda Security URL Filtering

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 03:51 . 2010-09-22 01:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11 . 2009-10-03 04:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-02 02:14 . 2009-07-22 21:24 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-21 02:09 . 2010-03-07 00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-03-07 00:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 06:12 . 2009-07-22 21:24 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-17 02:39 . 2010-12-17 02:39 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-12-17 02:11 . 2010-12-17 02:11 113736 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2010-12-17 02:11 . 2010-12-17 02:11 111176 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2010-12-17 02:11 . 2010-12-17 02:11 126536 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2010-12-17 02:11 . 2010-12-17 02:11 99400 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2010-12-17 02:11 . 2010-12-17 02:11 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-12-13 17:51 . 2010-12-13 17:51 37376 ----a-w- c:\windows\system32\libusb0.dll
2010-12-13 17:51 . 2010-12-13 17:51 21504 ----a-w- c:\windows\system32\drivers\libusb0.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-17 02:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-17 02:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2009-01-03 18:25 73728 ----a-w- c:\users\Owner\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"cdloader"="c:\users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-11 2937528]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-28 136176]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-17 423232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2010-11-17 54608]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2010-12-19 223400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtualExpander.lnk]
backup=c:\windows\pss\VirtualExpander.lnk.Startup
backupExtension=.Startup
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk

R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-18 398848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 136176]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\Clearwire\Connection Manager\ConAppsSvc.exe [2010-11-17 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [2010-11-17 120144]
R3 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-17 126536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-17 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-17 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-17 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-17 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-17 113736]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-11-17 107856]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-07-08 318464]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-07-08 51456]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contents of the 'Scheduled Tasks' folder

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 00:17]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 00:17]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2148419379-538146983-3823351154-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 15:44]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2148419379-538146983-3823351154-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 15:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5g2yjfdk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Boardmaker Plus! - c:\program files\Boardmaker with SD Pro\unintl.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-02 19:39:03
ComboFix-quarantined-files.txt 2011-03-03 03:39

Pre-Run: 105,609,826,304 bytes free
Post-Run: 105,632,219,136 bytes free

- - End Of File - - A9DC71897D5D00B5CE29205425A81380

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:42 PM

Posted 03 March 2011 - 09:28 AM

Oh dear, which part was illegal? Opening the portal or accessing Torrents or both? I'm glad I got rid of it. Hopefully, it can be fixed.

It might not be fixed...there is no guarantee, and even if we can, it would be a foolish assumption that the computer could ever be trusted as a secure system.

The only way that you can trust a system again, once it's been compromised as your has, would be to reformat the entire disk and reinstall the operating system.

...and to address the first part of your question as to what was illegal, I need to point you back to your original statement:

...using my computer, my brother hacked into an unsecured network of someone in the area, created a portal and set it up to download Torrents through the portal (as my computer did not have internet access at the time.)


...both are illegal. The underlined portion is somewhat more serious in terms of legal action than is the portion in italics. I wouldn't fret it though. I have serious doubts that anyone will come knocking on the door to serve a summons.

Having access to the internet you understand, is no one's particular right...it is in fact, a service which is offered for a fee. If the service was obtained by stealth via hacking into an unsecured network to use it's connection to the internet, it would be no different (in the court's opinion) than someone who sneaks into your home to obtain your stuff. Burglary is the similar offense that the decision was based on and the penalty is also very similar. To use a lame analogy, "A Rose, by any other name, still smells as sweet"...you get the idea.

As to the torrent downloads, it's considered stealing, if in fact what was downloaded was copyrighted material. Most often, that's the case...videos and music.

One might think they got the movie or music they wanted for free...but in fact, they often get more than they bargained for. The shared servers where anyone can upload files/programs for anyone else to download, are notoriously packed with quite a punch. Those who upload those files are among the law enforcement community as well as the entertainment industry. Torrent downloads are, have been, and will always be monitored. The files one downloads can also pack a wallop. I believe, in your case, you downloaded one of those...something that was cracked.

All that said, you let me know on your next reply, how you wish to proceed...whether you choose to reformat and reinstall, or if you'd like to try cleaning up the system for future untrustworthy surfing. And, by the way, that combofix log was from the second time you ran the utility. I only asked you to run it once, but since it was run twice I would need to see the first log as well if in fact that's what you decide. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 Jener1

Jener1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 03 March 2011 - 09:29 PM

The good news is that I'm not being redirected anymore since Avira quarantined the virus or whatever that was. The bad news is that when I start up my computer now, a popup says there is some issue with Runtime C++ and it won't let me start up. I am writing to you in safe mode right now. I don't know if something happened when I ran the Combofix.

I ran only Combofix once last night. (Sometime last year though, I had a Google Redirect virus which was removed through a Combofix at that time.) I don't know why it would show 2 runs unless my finger double clicked on the button accidentally?

I am thinking a reformat might be better if that would indeed take care of it. However, I don't know where my recovery discs are. Do I need them? Can I download whatever I need from the internet? I've never done a reformat before.

The other thing I am wondering about. When I bought a portable hard drive (to back up my files), I had trouble shutting the drive off. I contacted the maker of the hard drive and they said that it was suggestive of a virus. So I am wondering if I could possibly have a virus on my portable hard drive and thumb drives as well. If I reformat the computer and then transfer the files back, could I end up transferring back a virus? I ran the Norman tool on the drives but it didn't pick anything up. Of course Norman didn't pick up the first virus either. I'm not sure if what they told me was true or if they were just guessing. I use my thumb drives on my work computer as well but no virus warnings have popped up there.

Thanks, Jen

#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:42 PM

Posted 04 March 2011 - 09:38 AM

I ran only Combofix once last night. (Sometime last year though, I had a Google Redirect virus which was removed through a Combofix at that time...

That would result in the log showing this to be the second run...however, it also implies that you didn't follow up with your assistant's advice or else you just ran it on your own which is also a bad idea.

I don't know where my recovery discs are. Do I need them? Can I download whatever I need from the internet?

To reformat and reinstall, the installation disk would be required unless your system is one that has a hidden partition that holds the originally installed system image but according to the DDS Attach.txt log, you have only one attached boot drive aside from the CD drive.

You can read This and give it a whirl. Let me know if it works out for you. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 Jener1

Jener1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 05 March 2011 - 12:29 PM

Hi, I went to the link and tried to restart while pressing 0 which was supposed to take me to a screen to recover "out of the box." But nothing happened. Since I have been experiencing an error since the day I did the Combofix, I thought maybe the computer wasn't functioning correctly for it to take me to the recover screen. So I restored to an earlier day before Combofix, which enabled me to start my computer normally. I retried to do the 'recovery' but it still wouldn't respond. (I held the 0, turned on the computer while holding 0, released the 0 when it started beeping. Instead of going to the option screen, it just goes back to the main desktop.

I also tried to find instructions under the help section of my computer but they gave directions for recovering to an earlier "image" which I tried but I didn't have one to revert to. The other option was with windows disks, which I don't have and actually I can't recall having in the first place when I bought it. There was an option listed to revert it back to the way it was but it didn't give instructions on how to do it.

I had a Google redirect virus last year which Myrti helped me with. The Combo fix appeared to work well and I had no problems with it. (http://www.bleepingcomputer.com/forums/topic300861.html/page__p__1661665__fromsearch__1#entry1661665). I thought I followed her instructions correctly. The virus went away. Was there something that I missed doing or did incorrectly?


Thanks, Jen

#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:42 PM

Posted 05 March 2011 - 11:22 PM

So I restored to an earlier day before Combofix, which enabled me to start my computer normally.
...and unfortunately, when you did that, you also restored the malware that combofix removed.

I retried to do the 'recovery' but it still wouldn't respond. (I held the 0, turned on the computer while holding 0, released the 0 when it started beeping. Instead of going to the option screen, it just goes back to the main desktop.
Then it seems to me, you don't have the recovery partition installed on that system.

I also tried to find instructions under the help section of my computer but they gave directions for recovering to an earlier "image" which I tried but I didn't have one to revert to. The other option was with windows disks, which I don't have and actually I can't recall having in the first place when I bought it. There was an option listed to revert it back to the way it was but it didn't give instructions on how to do it.
Your two best options are to use either the Windows installation disk itself, or to use an image of the system that should have been installed on the system at the factory. Now...I can't say whether your system should indeed have had such a partition housing an image of the system, but it's a common practice these days among vendors, to install the image on a hidden partition rather that to ship the Windows installation Disk. Since you said you don't recall for sure whether you ever had the disk then it's a fair assumption that system should have had the hidden partition with a copy of the operating system and all other installed software which would restore that system to the condition it was in on the day of your purchase. You should call the retail outlet, or the manufacturer to make certain of this...and you could at that time, request a copy of the installation disk if needed.

I had a Google redirect virus last year which Myrti helped me with. The Combo fix appeared to work well and I had no problems with it...I thought I followed her instructions correctly. The virus went away. Was there something that I missed doing or did incorrectly?
It does seem so. Your last posting there was on the 29th of March...and myrti replied roughly 9 hours later. That instruction, on page 2 is where myrti gives you explicit instructions how to uninstall combofix. If you had performed those actions, then the combofix log you posted for me would not have shown it to be your second run.


Regardless, while you have performed a system restore, this issue has just returned to what it was when you started this thread.

At this point, I see two options...we start over and you follow my directions to the letter and do nothing else with that computer while this help session is under way. Otherwise, it is a continuous circle with the issue repeating itself over and over...or...to contact the manufacturer or retail outlet and determine if your system is one that should have had a hidden partition from which you should be able to recover. If not, a request could be made for the installation disk. Please let me know which way you choose to proceed. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 Jener1

Jener1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 07 March 2011 - 10:52 PM

Ouch, I thought I had removed the Combofix last year. Is that why it didn't work correctly this time? When I mean correctly, I mean I couldn't start up my computer after I used it - I kept getting some type of Runtime error.

I think I will contact Toshiba to send me the reformat disk and just wipe the computer completely and start over.

Thank you,
Jen

#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:02:42 PM

Posted 08 March 2011 - 08:31 AM

This member chooses to contact the manufacturer and request a copy of the installation media in order to restore the system by reformatting and reinstalling the operating system software. As this issue will be resolved at that point, the thread is closed to prevent others from posting here.
Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users