Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

security protection infection


  • Please log in to reply
3 replies to this topic

#1 grandpagates

grandpagates

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 02 September 2011 - 12:50 AM

How do I get rid of security protection, after all the normal means have failed?

1. I noticed pops about security problems.
2. rkill without finding anything.
2. I ran MBAM and if found 4 things. I removed them and rebooted and it came back with a vengeance.
3. I noticed and ICON that said "Security Protection" and the class descriptions on the web are consistent with the pops ups I see.
4. I couldn't run mbam or rsetup any more.
5. I rebooted in safe mode and could run things again, albeit with redirection.
6. tdsskiller.zip didn't find anything.
7. DeFogger did not give me an option to reboot.
8. GMER did not find anything.
9. I cannot figure out how to attached my other logs to this post (DDS, Attach, mbam output which still found 4 items.

BC AdBot (Login to Remove)

 


#2 grandpagates

grandpagates
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 02 September 2011 - 12:52 AM

Running windows 7.
Could load the microsoft anti-malware tool in safe mode.

#3 grandpagates

grandpagates
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 02 September 2011 - 05:13 PM

It seems that others are justing pasting their logs in?

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2010 7:14:47 PM
System Uptime: 9/1/2011 10:43:26 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon™ II P340 Dual-Core Processor | Socket S1G4 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 353.726 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP101: 8/5/2011 4:54:44 AM - Windows Update
RP102: 8/9/2011 4:37:56 AM - Windows Update
RP103: 8/10/2011 3:00:13 AM - Windows Update
RP104: 8/12/2011 5:24:25 AM - Windows Update
RP105: 8/16/2011 5:24:24 AM - Windows Update
RP106: 8/17/2011 5:24:36 AM - Windows Update
RP107: 8/19/2011 1:45:20 AM - Windows Update
RP108: 8/23/2011 3:32:15 AM - Windows Update
RP109: 8/26/2011 3:00:17 AM - Windows Update
RP110: 8/26/2011 10:36:45 AM - Windows Update
RP111: 9/1/2011 12:08:53 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Amazon Games & Software Downloader
Amazon Kindle
Amazon Links
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Debut Video Capture Software
Express Burn Disc Burning Software
FATE
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 22
Jewel Quest - Heritage
Junk Mail filter update
Label@Once 1.0
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Choice Guard
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MotoHelper 2.0.51 Driver 5.2.0
MotoHelper MergeModules
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH FileBulldog Toolbar
Norton Internet Security
Plants vs. Zombies
Polar Bowler
Prism Video File Converter
PS_AIO_06_C309g-m_SW_Min
Quickbooks Financial Center
QuickTime
Realtek USB 2.0 Card Reader
Scan
Scrabble Complete
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype Launcher
Spybot - Search & Destroy
Toolbox
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wohiper
TurboTax 2010 wrapper
Virtual Villagers 4 - The Tree of Life
Web Essentials
Wheel of Fortune 2
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/1/2011 11:50:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2011 10:49:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/1/2011 10:49:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/1/2011 10:44:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2011 10:44:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/1/2011 10:44:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/1/2011 10:44:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2011 10:44:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/1/2011 10:43:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr SRTSP SRTSPX Wanarpv6
8/29/2011 5:21:43 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer.
8/29/2011 4:00:55 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{74B25AF9-040D-43BA-AE31-0371ED75EE0D}. The master browser is stopping or an election is being forced.
8/28/2011 8:58:26 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.107 did not allow the name to be claimed by this computer.
8/28/2011 8:32:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVIDSLAUGHTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{74B25AF9-040D-43BA-AE31-0371ED75EE0D}. The master browser is stopping or an election is being forced.
8/27/2011 8:12:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user laptop\general SID (S-1-5-21-3758853786-2957344982-827459710-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/27/2011 8:12:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user laptop\general SID (S-1-5-21-3758853786-2957344982-827459710-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/27/2011 8:12:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user laptop\general SID (S-1-5-21-3758853786-2957344982-827459710-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================



dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by general at 23:52:58 on 2011-09-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2741 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\general\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Security Protection] C:\Users\general\AppData\Roaming\defender.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\general\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 64.233.222.2 64.233.222.7
TCP: Interfaces\{53863127-AEF8-49B9-B268-B6C34A5A744E} : DhcpNameServer = 64.233.222.2 64.233.222.7
TCP: Interfaces\{74B25AF9-040D-43BA-AE31-0371ED75EE0D} : DhcpNameServer = 64.233.222.2 64.233.222.7
TCP: Interfaces\{74B25AF9-040D-43BA-AE31-0371ED75EE0D}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{74B25AF9-040D-43BA-AE31-0371ED75EE0D}\C696E6B6379737 : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{74B25AF9-040D-43BA-AE31-0371ED75EE0D}\D4963786E656D275962756C6563737 : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce-x64: [GrpConv] grpconv -o
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\general\AppData\Roaming\Mozilla\Firefox\Profiles\u9vhff2k.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-3-13 401920]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-9-14 126904]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-9-14 120248]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-9-14 126392]
S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S3 motandroidusb;Mot ADB Interface Driver;C:\windows\system32\Drivers\motoandroid.sys --> C:\windows\system32\Drivers\motoandroid.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS\stdriver64.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-14 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-02 03:45:23 -------- d-----w- C:\b56555b3634be62ff13754d0a60f
2011-09-02 00:31:49 830464 ----a-w- C:\Users\general\AppData\Roaming\defender.exe
2011-09-01 16:09:21 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBF6B3BF-57B0-4783-83BC-F2AE75275F8E}\mpengine.dll
2011-08-29 11:52:26 -------- d-----w- C:\Users\general\AppData\Roaming\WildTangent
2011-08-24 12:55:44 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-08-24 12:55:44 2048 ----a-w- C:\windows\System32\tzres.dll
2011-08-23 01:18:08 -------- d-----w- C:\Program Files\Motorola Inc
2011-08-23 01:18:08 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-08-23 01:17:59 -------- d-----w- C:\Program Files (x86)\Motorola
2011-08-20 01:11:46 -------- d-----w- C:\Users\general\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-01 04:12:48 103512 ----a-w- C:\windows\System32\drivers\stdriver64.sys
2011-06-23 05:29:39 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 23:53:49.27 ===============


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7633

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

9/2/2011 1:53:49 AM
mbam-log-2011-09-02 (01-53-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 453393
Time elapsed: 55 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Rogue.SecurityProtection) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\general\AppData\Roaming\defender.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\Users\general\AppData\Local\Temp\0.6264876118740691.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\general\AppData\Local\Temp\1035.tmp (Malware.Gen) -> Quarantined and deleted successfully.

#4 grandpagates

grandpagates
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 02 September 2011 - 10:33 PM

I was able to get rid of Security Protection. Please close this thread. I am not 100% sure how I got rid of it, but I think malwarebytes was able to get rid of it when running in protected mode. It appeared however that it was still on the laptop because it left the ICON for Security Protection on the desktop.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users