Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 2012 Antispyware Virus Keeps Returning


  • This topic is locked This topic is locked
24 replies to this topic

#1 Junny

Junny

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 15 December 2011 - 05:03 PM

Hello, I was re-directed here by jntkwx aka Jason. He has help me over at this topic in the following link but believes I need the help of this forum:

http://www.bleepingcomputer.com/forums/topic432016.html/page__p__2506215#entry2506215

This started about a week ago and I thought I removed it but it kept returning with vengeance. Now, I did exactly what the guide said to do through this guide here but now for some reason, Malwarebytes didn't find the infection so I had to get it done through safe mode. Now the computer is taking up such a long time to load. After inserting my password to the computer, the screen will stay black for five or so minutes before allowing me on. Usually, it'll allow me back on to doing what I have to do but now it just takes forever to do it. I was hoping to use Avast to try and nab this virus but now Avast won't even work for me. Right now I'm doing all this through safe mode.

Please help and go a bit easy on me. I'm a bit new to the whole copy/paste of logs and stuff. Thank you in advance.

I couldn't follow the GMER step to the guide. For some reason, it will not allow me to check or uncheck all that should be checked or unchecked. The only checked boxes are "services, registry, & files". Everything else is grayed out and won't allow me to post it. Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Val at 16:51:49 on 2011-12-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.5179 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EC95200-E7E2-40AF-8760-F2C702AAD063} : DhcpNameServer = 192.168.1.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\1b9yqtna.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-9-1 3997912]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
S2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-14 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-7 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
S2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-9-5 130000]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S2 ssfmonm;ssfmonm;C:\windows\system32\DRIVERS\ssfmonm.sys --> C:\windows\system32\DRIVERS\ssfmonm.sys [?]
S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-9-5 5790064]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-7 136176]
S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-15 17152]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam_x64.sys --> C:\windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-4-6 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-8-7 54136]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S4 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-9-5 487280]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-7 2656280]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
.
=============== Created Last 30 ================
.
2011-12-15 21:38:13 -------- d-----w- C:\Users\Val\AppData\Local\{16FC362D-58F0-4F67-9CE6-3F72D168C366}
2011-12-15 19:48:22 -------- d-----w- C:\Users\Val\AppData\Local\{437D5A5A-ED2E-488B-BCA1-914AD7A7B863}
2011-12-15 19:36:51 -------- d-----w- C:\Users\Val\AppData\Local\{7910D8A6-5699-4ADD-8CD4-7C2CD974F0D7}
2011-12-15 19:20:43 -------- d-----w- C:\Users\Val\AppData\Local\{7F0B8774-4B6D-4E03-B378-9DE71394F648}
2011-12-15 19:02:12 -------- d-----w- C:\Users\Val\AppData\Local\{F637A2DD-2DD3-453D-968E-D9B16F6D9219}
2011-12-15 18:51:54 -------- d-----w- C:\Users\Val\AppData\Local\{494E85B1-6E66-4C52-AFA4-3A27A26FE2B7}
2011-12-15 18:34:50 -------- d-----w- C:\Users\Val\AppData\Local\{E6A5F43A-C896-4758-AF73-DC4D7A7B45E4}
2011-12-15 18:18:55 -------- d-----w- C:\Users\Val\AppData\Local\{3F944EBA-F607-44A5-AF09-6DEF8CC6251A}
2011-12-15 18:18:42 -------- d-----w- C:\Users\Val\AppData\Local\{F4AD5023-A256-487F-A997-F0A250EBE0FD}
2011-12-15 17:57:34 -------- d-----w- C:\Users\Val\AppData\Local\{13FEC14D-07B8-4595-BB49-9F251511919D}
2011-12-15 17:38:56 -------- d-----w- C:\Users\Val\AppData\Local\{B205AA3A-9995-4D4E-B47A-957F0BA47CF9}
2011-12-15 15:01:11 -------- d-----w- C:\Users\Val\AppData\Local\{A4CC6DD9-96D1-4701-BD08-F67308E3FFF5}
2011-12-15 07:04:21 -------- d-----w- C:\Users\Val\AppData\Local\{9A3171BC-1498-4C28-88E9-AFE3F7B69FF1}
2011-12-15 04:53:13 -------- d-----w- C:\Users\Val\AppData\Local\{04019A14-CC95-4B48-A9FB-211A32504A9A}
2011-12-15 03:10:17 -------- d-----w- C:\Users\Val\AppData\Local\{77591ED2-1FEF-4B6E-BEC2-9E2F52B13440}
2011-12-15 03:09:57 -------- d-----w- C:\Users\Val\AppData\Local\{11B00992-1EA4-4004-BD34-4F2CB1CCB064}
2011-12-15 01:35:40 -------- d-----w- C:\Users\Val\AppData\Local\{C898D2CC-541D-4CBC-B46A-319E841A0578}
2011-12-15 01:25:52 -------- d-----w- C:\Users\Val\AppData\Local\{AC79A3D9-A523-4304-93CA-150953D9475D}
2011-12-15 01:25:33 -------- d-----w- C:\Users\Val\AppData\Local\{A0D6AA48-6599-455A-9698-08CFD6207847}
2011-12-14 05:45:01 -------- d-----w- C:\Users\Val\AppData\Local\ElevatedDiagnostics
2011-12-14 01:25:51 -------- d-----w- C:\Users\Val\AppData\Local\{E0FF1A54-BE64-4721-8950-FEFD7A5FF5DF}
2011-12-13 13:37:08 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{977E907A-E91C-4A89-9935-3C02CC364829}\mpengine.dll
2011-12-13 13:25:19 -------- d-----w- C:\Users\Val\AppData\Local\{BD48D2C3-E6B1-4260-950C-98E934E9C5E9}
2011-12-13 13:25:06 -------- d-----w- C:\Users\Val\AppData\Local\{CAB52110-A0C8-4DD6-B54A-507B3F1EB739}
2011-12-13 01:26:08 -------- d-----w- C:\Users\Val\AppData\Local\{4D68BDEA-7607-4A6B-AF5A-00B3571C3C7C}
2011-12-12 05:33:32 -------- d-----we C:\windows\system64
2011-12-12 00:42:26 -------- d-----w- C:\Users\Val\AppData\Local\{2B0D3017-A87A-4C46-B11E-927F98BF19F4}
2011-12-12 00:42:15 -------- d-----w- C:\Users\Val\AppData\Local\{470E4C4D-0011-4D49-A313-D35CF8ED4FAD}
2011-12-11 12:42:03 -------- d-----w- C:\Users\Val\AppData\Local\{7AFFB217-E408-4DDF-8FFF-C2388AC48D2D}
2011-12-11 12:41:52 -------- d-----w- C:\Users\Val\AppData\Local\{1133E0A3-5595-46EF-9976-589A3773E4DA}
2011-12-11 00:41:26 -------- d-----w- C:\Users\Val\AppData\Local\{79E30613-E27B-4B37-80C0-88F3F8EDCE33}
2011-12-11 00:41:16 -------- d-----w- C:\Users\Val\AppData\Local\{B604855D-F2DE-459E-B459-E094120B9140}
2011-12-10 12:40:49 -------- d-----w- C:\Users\Val\AppData\Local\{869FC83D-97CE-49D1-850C-953D127F56EB}
2011-12-10 12:40:36 -------- d-----w- C:\Users\Val\AppData\Local\{8CC2A7F7-D0B4-4A18-A215-02B19FC70411}
2011-12-09 20:18:09 -------- d-----w- C:\Users\Val\AppData\Local\{1CB7A223-81DE-4350-AD94-9F2462B18F7B}
2011-12-09 20:18:01 -------- d-----w- C:\Users\Val\AppData\Local\{CD79BDA5-4255-48CA-947A-D37BDCCAE858}
2011-12-09 13:41:30 -------- d-----w- C:\Users\Val\AppData\Local\{F0F1FDDF-CC63-466E-AE3D-A7965AC0A868}
2011-12-09 13:41:16 -------- d-----w- C:\Users\Val\AppData\Local\{3B0348C4-0606-42A2-836A-136E810B694D}
2011-12-08 18:01:22 -------- d-----w- C:\Users\Val\AppData\Local\{C80F138F-77FF-461B-B18B-C3970433BD9A}
2011-12-08 18:01:05 -------- d-----w- C:\Users\Val\AppData\Local\{F7B2912F-2E4C-4ADC-9FD2-6CC20B880D20}
2011-12-08 06:00:41 -------- d-----w- C:\Users\Val\AppData\Local\{EA0865CF-D5F7-40DC-B353-BD1C72754637}
2011-12-08 06:00:30 -------- d-----w- C:\Users\Val\AppData\Local\{AA333DF6-6FF7-4556-AB1C-BF26FECBE63D}
2011-12-07 18:00:05 -------- d-----w- C:\Users\Val\AppData\Local\{79C1F817-31D5-4AA5-B730-AF9CD27E2D3D}
2011-12-07 17:59:50 -------- d-----w- C:\Users\Val\AppData\Local\{00888C74-E8FE-4F96-B578-2F8027445F31}
2011-12-07 05:59:25 -------- d-----w- C:\Users\Val\AppData\Local\{D4C425F7-00A9-459F-8A57-7A7E125ED0C4}
2011-12-07 05:59:13 -------- d-----w- C:\Users\Val\AppData\Local\{6233C44B-5A52-4710-B288-9593A549FFDB}
2011-12-06 17:58:47 -------- d-----w- C:\Users\Val\AppData\Local\{07590741-C755-44CD-8B53-83F99D559FED}
2011-12-06 17:58:22 -------- d-----w- C:\Users\Val\AppData\Local\{0F9F7C75-8284-4753-9C0B-3F9063501EFB}
2011-12-06 03:38:03 -------- d-----w- C:\Users\Val\AppData\Local\{3BF8FA73-26B1-49DB-8AA4-E04DFEB5A414}
2011-12-06 03:37:46 -------- d-----w- C:\Users\Val\AppData\Local\{3C04873D-E6E8-495E-B787-7DFCE1D81151}
2011-12-05 15:37:12 -------- d-----w- C:\Users\Val\AppData\Local\{96D309BC-8927-45D1-9923-61C4BC880E6C}
2011-12-05 15:36:51 -------- d-----w- C:\Users\Val\AppData\Local\{108A72B4-3890-4C0D-8B02-45B07BDD6FFC}
2011-12-05 02:00:22 -------- d-----w- C:\Users\Val\AppData\Local\{1A00766F-099D-4982-BA04-3B342B93FF00}
2011-12-05 02:00:10 -------- d-----w- C:\Users\Val\AppData\Local\{3537D5CF-F8C3-4AE2-AA3D-994D338A5DEF}
2011-12-04 13:59:45 -------- d-----w- C:\Users\Val\AppData\Local\{487411C6-3B12-470E-AD75-A96080C3C35E}
2011-12-04 13:59:33 -------- d-----w- C:\Users\Val\AppData\Local\{982C8DB3-14F1-4978-A358-CF6F022CF17A}
2011-12-04 01:59:08 -------- d-----w- C:\Users\Val\AppData\Local\{62890C50-7E5A-4E02-A967-6952E9A85260}
2011-12-04 01:58:53 -------- d-----w- C:\Users\Val\AppData\Local\{2BC83772-3265-4699-8754-292571D5C8FE}
2011-12-03 13:58:40 -------- d-----w- C:\Users\Val\AppData\Local\{128EC515-ED7F-4FA6-AADD-ABEED9A4EC46}
2011-12-03 01:58:16 -------- d-----w- C:\Users\Val\AppData\Local\{0F6CC6C7-FE80-4CB6-A444-B912CD1930FE}
2011-12-03 01:57:59 -------- d-----w- C:\Users\Val\AppData\Local\{80712E5B-EE41-4051-990F-7ED1DADEBC34}
2011-12-02 18:42:52 -------- d-----w- C:\Users\Val\AppData\Local\{20C6AD79-C013-4E04-9719-0EA1695B3D3F}
2011-12-02 18:42:36 -------- d-----w- C:\Users\Val\AppData\Local\{2948202F-E6C2-45A2-BE9D-4CCEB4071788}
2011-12-02 16:30:31 -------- d-----w- C:\Users\Val\AppData\Local\{AFD24C28-09EE-41D7-8D3D-4BF2110CDDA3}
2011-12-02 16:30:20 -------- d-----w- C:\Users\Val\AppData\Local\{B1F52783-B41A-48F0-8559-2CA4C11053B9}
2011-12-02 13:46:23 -------- d-----w- C:\Users\Val\AppData\Local\{B81A6081-C5B0-43B7-95DD-B866AEA31FAF}
2011-12-02 01:45:59 -------- d-----w- C:\Users\Val\AppData\Local\{90454697-BFA6-43E6-9140-9AE080777938}
2011-12-02 01:45:47 -------- d-----w- C:\Users\Val\AppData\Local\{CD723633-4936-44C8-B939-01DCF7A337BE}
2011-12-01 10:48:00 -------- d-----w- C:\Users\Val\AppData\Local\{3F064D68-7A05-42C0-8041-05604387C585}
2011-12-01 10:47:48 -------- d-----w- C:\Users\Val\AppData\Local\{7F5AC44A-293D-4F8A-90D1-9783C292858C}
2011-11-30 22:47:35 -------- d-----w- C:\Users\Val\AppData\Local\{B05EEF53-FEE2-4989-BBA1-0ADD3721D974}
2011-11-30 22:47:17 -------- d-----w- C:\Users\Val\AppData\Local\{1BB54068-670D-41C1-BE19-CC24B449F2BF}
2011-11-30 14:45:21 -------- d-----w- C:\Users\Val\AppData\Local\{D40A2102-0060-449E-8FEB-DA976FB7F683}
2011-11-30 02:39:57 -------- d-----w- C:\Users\Val\AppData\Local\{CD15F1C0-8FF1-48A1-9B05-605D5F271B4B}
2011-11-30 02:39:46 -------- d-----w- C:\Users\Val\AppData\Local\{BBC7A0E3-E84D-494D-A15D-B9274C2A4700}
2011-11-30 00:44:12 -------- d-----w- C:\Users\Val\AppData\Local\{4E8A4165-F502-4677-9F51-6E55A8C32CFD}
2011-11-29 12:43:46 -------- d-----w- C:\Users\Val\AppData\Local\{AB91062E-71AA-41D9-B36A-BBCA1E3EA28E}
2011-11-29 12:43:29 -------- d-----w- C:\Users\Val\AppData\Local\{65889F9D-CB3D-4993-A1AE-10B7A89BCC52}
2011-11-29 00:43:03 -------- d-----w- C:\Users\Val\AppData\Local\{8651E8A4-D46A-460D-9EA0-241CC0A79DEC}
2011-11-29 00:42:46 -------- d-----w- C:\Users\Val\AppData\Local\{41574A39-6B98-4C04-A07E-8ECA4AF23A02}
2011-11-28 12:42:22 -------- d-----w- C:\Users\Val\AppData\Local\{4D3925D3-4596-4F34-9C04-FD9CD497A230}
2011-11-28 00:41:54 -------- d-----w- C:\Users\Val\AppData\Local\{D3C49ECA-1909-4DC4-A1A0-7AAE4A8A27C8}
2011-11-28 00:40:49 -------- d-----w- C:\Users\Val\AppData\Local\{29CFF2AD-EE9A-4B54-AFBE-1290C625E5AB}
2011-11-27 11:06:02 -------- d-----w- C:\Users\Val\AppData\Local\{8110BC00-B43F-4FB3-8BD6-0A1BFFCD9E3A}
2011-11-27 11:05:50 -------- d-----w- C:\Users\Val\AppData\Local\{6732DE52-05EF-419A-90EF-2CF979E531F4}
2011-11-26 23:05:36 -------- d-----w- C:\Users\Val\AppData\Local\{9E6B59AD-4E9A-44AC-847C-171EEAF44CAA}
2011-11-26 23:05:01 -------- d-----w- C:\Users\Val\AppData\Local\{B664B318-15CC-4CE3-9467-347201CADCA3}
2011-11-26 23:01:03 -------- d-----w- C:\Users\Val\AppData\Local\{6989327B-0E0F-4CB2-A44F-46505E51DBA3}
2011-11-26 10:01:42 -------- d-----w- C:\Users\Val\AppData\Local\{0DA59CE0-6C77-4BAF-A4B7-E3A20580094C}
2011-11-25 22:01:14 -------- d-----w- C:\Users\Val\AppData\Local\{5C352F7F-59E8-4798-8E74-B5C9FBDE24F5}
2011-11-25 22:00:55 -------- d-----w- C:\Users\Val\AppData\Local\{F0EE3B1C-32B0-4F74-91CE-365B86C59231}
2011-11-25 07:43:11 -------- d-----w- C:\Users\Val\AppData\Local\{A285057A-C52E-4661-96E7-226FEF990458}
2011-11-25 07:43:00 -------- d-----w- C:\Users\Val\AppData\Local\{37FDDBCA-96E9-4BE7-9274-CFB025A9C769}
2011-11-24 19:42:32 -------- d-----w- C:\Users\Val\AppData\Local\{EE8AEBA1-5A86-431C-907B-06D85CE65724}
2011-11-24 19:42:21 -------- d-----w- C:\Users\Val\AppData\Local\{47414E11-3330-468A-8A62-89D144197049}
2011-11-24 07:11:39 -------- d-----w- C:\Users\Val\AppData\Local\{1E1F3F45-B491-4B5F-BEE0-B7407A8C144D}
2011-11-24 07:11:27 -------- d-----w- C:\Users\Val\AppData\Local\{50FBC030-A0AA-42C8-9EF8-5379037B35A9}
2011-11-23 19:11:00 -------- d-----w- C:\Users\Val\AppData\Local\{95551628-5742-4A1B-84BD-53E7B5DD7B42}
2011-11-23 19:10:48 -------- d-----w- C:\Users\Val\AppData\Local\{41F633B3-CCD1-4A9B-BD58-204487B1F006}
2011-11-23 01:21:48 -------- d-----w- C:\Users\Val\AppData\Local\{52046FF8-5CAF-4DFD-B588-CBE308905939}
2011-11-23 01:21:37 -------- d-----w- C:\Users\Val\AppData\Local\{D8B144BD-E621-4326-8CDA-330765A20945}
2011-11-22 13:21:05 -------- d-----w- C:\Users\Val\AppData\Local\{FAC6A287-462D-489D-9806-BC46CB7CA02E}
2011-11-22 13:20:54 -------- d-----w- C:\Users\Val\AppData\Local\{E6FEC570-7E2D-4917-9C95-0EC53946EB53}
2011-11-22 01:08:34 -------- d-----w- C:\Users\Val\AppData\Local\{9C34E9BC-90F1-42D8-AC93-305CDA2BF01E}
2011-11-22 01:08:23 -------- d-----w- C:\Users\Val\AppData\Local\{6B6F9068-A840-43C3-9223-4953FC1435E4}
2011-11-21 13:07:59 -------- d-----w- C:\Users\Val\AppData\Local\{59EA322C-E2B9-49D8-8811-4722842A638C}
2011-11-21 13:07:47 -------- d-----w- C:\Users\Val\AppData\Local\{0F3AA655-CF7A-4BB6-92D2-5D80E317EB66}
2011-11-21 01:07:34 -------- d-----w- C:\Users\Val\AppData\Local\{E1FFC422-B799-4457-9970-A28BF3B6FB38}
2011-11-21 01:07:23 -------- d-----w- C:\Users\Val\AppData\Local\{5ABC9113-F545-4BBA-B537-BFF92490267F}
2011-11-20 11:15:05 -------- d-----w- C:\Users\Val\AppData\Local\{0930D3AB-1FDE-45A7-8404-5CC3AE2FAF22}
2011-11-20 11:14:53 -------- d-----w- C:\Users\Val\AppData\Local\{A80F7DC1-5B81-4B05-9C96-63C07C393E79}
2011-11-19 23:14:28 -------- d-----w- C:\Users\Val\AppData\Local\{DD491EAD-5DC2-4033-8486-669797BD56DD}
2011-11-19 23:14:12 -------- d-----w- C:\Users\Val\AppData\Local\{C09A6D85-ECE5-41C5-B322-1EE7633A5AC5}
2011-11-19 10:40:21 -------- d-----w- C:\Users\Val\AppData\Local\{0BC11BB0-C3DD-4729-827D-CFC4A614AF62}
2011-11-18 22:39:52 -------- d-----w- C:\Users\Val\AppData\Local\{4CCBD27A-27F6-4C46-AC12-CAF4EC5F51DC}
2011-11-18 22:39:34 -------- d-----w- C:\Users\Val\AppData\Local\{74EA2F49-EB5A-46D2-92EB-35EE759D6EB2}
2011-11-18 07:03:31 -------- d-----w- C:\Users\Val\AppData\Local\{EE30C154-0103-4286-86A9-EF4A2D251E7D}
2011-11-18 07:03:21 -------- d-----w- C:\Users\Val\AppData\Local\{F6011F80-2235-4518-A8FD-91B6F86ECB8D}
2011-11-17 19:02:59 -------- d-----w- C:\Users\Val\AppData\Local\{919DE608-62A1-4116-A702-E0013676F15A}
2011-11-17 19:02:47 -------- d-----w- C:\Users\Val\AppData\Local\{EB571BD2-5626-4418-8B6C-1CB8EC72E22F}
2011-11-17 01:07:01 -------- d-----w- C:\Users\Val\AppData\Local\{F5524484-A241-4EFF-B42D-D5CC8396AAB6}
2011-11-17 01:06:48 -------- d-----w- C:\Users\Val\AppData\Local\{1AF2F714-C8BA-43D4-8D96-157DF8EBC733}
2011-11-16 07:05:04 -------- d-----w- C:\Users\Val\AppData\Local\{38E9DA43-018E-4ADC-83D2-C633D93C6E68}
2011-11-16 07:04:53 -------- d-----w- C:\Users\Val\AppData\Local\{4D98C09D-D8A1-4D50-A662-AC33C87BCB2F}
.
==================== Find3M ====================
.
2011-11-22 20:33:52 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 16:52:47.17 ===============

Edited by Junny, 15 December 2011 - 05:05 PM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 15 December 2011 - 09:56 PM

Hi Junny,

It's Jason again! :)

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 15 December 2011 - 10:51 PM

Welcome back, Jason! Thank you so much for taking even more time to help me with my problem! I'll patiently await your response!

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 16 December 2011 - 10:29 AM

Hi Sunny,

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.




Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

In Safe Mode with Networking, please download and run Combofix:

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Notes:
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Combofix may need to reboot your computer more than once to do its job. This is normal.
  • When finished, it will produce a report for you.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 16 December 2011 - 11:34 AM

I'm currently writing this from another computer and awaiting for the log report to be created by ComboFix which was started up around...20 minutes or so ago.

#6 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 16 December 2011 - 12:12 PM

Sorry for the double post but here are the results. ComboFix easily did it's scan in Safe Mode but when it rebooted into normal mode, it acted like all the other programs and wouldn't open up into the next step for 40 minutes. I ended up restarting it and running ComboFix again in safe mode and immediately got the log which can be seen here (PLEASE NOTE THAT WHILE IN SAFEMODE, WIN 2012 ATTACKED MY COMPUTER YET AGAIN A FEW HOURS AFTER DOING COMBOFIX):

ComboFix 11-12-16.01 - Val 12/16/2011 12:04:16.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.5191 [GMT -5:00]
Running from: c:\users\Val\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Val\AppData\Roaming\Microsoft\Windows\Templates\irlxhh3p5keu7jop3rgx2d885e0g
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 17:08 . 2011-12-16 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 05:45 . 2011-12-14 05:45 -------- d-----w- c:\users\Val\AppData\Local\ElevatedDiagnostics
2011-12-13 13:37 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{977E907A-E91C-4A89-9935-3C02CC364829}\mpengine.dll
2011-11-20 10:56 . 2011-11-20 10:56 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-22 20:33 . 2011-09-02 04:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-01 03:25 . 2011-10-12 05:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 05:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29 . 2011-11-09 02:00 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 02:00 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-27 2152152]
R2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-15 17152]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R4 taisregispinger;taisregispinger;c:\program files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 08:29]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 00:40]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 00:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Val\AppData\Roaming\Mozilla\Firefox\Profiles\1b9yqtna.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-Run-combofix - c:\combofix\CF20289.3XE
HKLM-RunOnce-combofix - c:\combofix\CF20289.3XE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-16 12:10:35
ComboFix-quarantined-files.txt 2011-12-16 17:10
.
Pre-Run: 573,609,992,192 bytes free
Post-Run: 573,375,889,408 bytes free
.
- - End Of File - - A49A5E6964BFD0733A75B63396AAA880

Edited by Junny, 16 December 2011 - 03:28 PM.


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 17 December 2011 - 11:34 AM

Hi Junny,

Rerun SystemLook
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Windows\system64
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

How's your computer running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 December 2011 - 11:48 AM

It's still running the same as ever. In normal mode it lags so badly nothing will open at all. And I'm having a problem posting the logs. According to the forum, my post is too long to post the log. I've tried posting it on it's own but to no avail.

I just even tried to edit it into this post. Still too long apparently.

Edited by Junny, 17 December 2011 - 12:01 PM.


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 17 December 2011 - 12:10 PM

Hi Junny,

How long is the SystemLook log? Can you attach it to your next post?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 17 December 2011 - 12:16 PM

It must be pretty long if it's not allowing me to post it here. Here's the attachment.

Attached Files



#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 17 December 2011 - 01:35 PM

Hi Junny,

I notice you have Ad-Aware and SpySweeper installed. These two programs have antivirus components, which may be conflicting with Avast and slowing down your computer. I strongly recommend uninstalling them.

  • Click on the Start menu, and then click on the Control Panel.
  • Please double-click the Uninstall a program icon
  • A list of programs installed will be populated this may take a bit of time.
  • In this list please find the following programs select it by left-clicking once on it.
    Ad-Aware

    Webroot SpySweeper

  • Then click on the Uninstall button to start the uninstall process for each of these programs. A wizard should then open, which will guide you through the rest of the uninstall.

How's your computer running now?

Edited by jntkwx, 17 December 2011 - 01:37 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 18 December 2011 - 12:05 AM

Ok, I was having a problem uninstalling them so I had the little help of SafeMSI to do this in safemode. I got rid of AdWare but I couldn't find the Webroot SpySweeper one anywhere. I'm pretty sure I removed it the first week of obtaining my laptop because it didn't seem to be working (always asking for an update and never updating). And there is still no change to the loading.

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 18 December 2011 - 04:01 PM

Hi Junny,

Please try the following. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Junny

Junny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 18 December 2011 - 07:16 PM

I've tried booting it from the USB Drive but I get this:

SYSLINUX 3.72 2008-09-25 EBIOS Copyright © 1994-2008 H. Peter Anvin
Could not find kernal image: linux
boot:

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:11:31 AM

Posted 19 December 2011 - 09:45 AM

Hi Junny,

Is there anything else on the USB drive (other than what we've put on it)?

You could also try burning this file: http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso directly to a CD, and boot your computer off the CD. (Let me know if you have any questions on how to do this).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users