Techmonkeys.co.uk / Security / Virus & Spyware Support / A virus I believe

Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A virus I believe
06-11-2011, 02:01 AM
Post: #1
mravenez Offline
Baboon
 		Posts: 30
Joined: Mar 2009
Reputation: 0
A virus I believe
Hi,

I read the "Please read here before posting" post and I hope I'm doing this correctly. For while now this computer seems to be re-directing me to something called get-answers-fast.com whenever I try to do a search for something. Also, I can't seem to get my Avira softwares internet protection enabled for some reason.. Thank you in advance for any help you may be able to provideSmile

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 04/22/10 7:35:56 PM
System Uptime: 11/05/2011 6:53:36 PM (1 hours ago)
.
Motherboard: TOSHIBA | | KAVAA
Processor: Intel® Atom™ CPU N280 @ 1.66GHz | U2E1 | 983/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 65.1 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP176: 10/10/2011 4:45:18 PM - Removed WorldWinner Games
RP177: 10/10/2011 7:15:23 PM - Removed Bonjour
RP178: 10/10/2011 8:13:43 PM - Removed QuickTime
RP179: 10/18/2011 7:37:05 PM - Windows Update
RP180: 10/27/2011 5:46:00 AM - Windows Update
RP182: 10/29/2011 8:55:28 PM - RegClean Pro Sat, Oct 29, 11 20:55
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
Compatibility Pack for the 2007 Office system
D3DX10
Download Updater (AOL LLC)
F.lux
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
IHA_MessageCenter
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 14
Junk Mail filter update
Kobo
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox (3.6.23)
MSVCRT
MyToshiba
Norton Security Scan
OGA Notifier 2.0.0048.0
PowerTeacher Gradebook
Quickbooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RegClean Pro
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Launcher
SmileyCentral
Spybot - Search & Destroy
Spyware Doctor 7.0
SpywareBlaster 4.4
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
Vz In Home Agent
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/05/2011 8:12:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
11/05/2011 6:57:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/05/2011 6:57:01 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/05/2011 6:54:11 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
11/05/2011 11:48:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/05/2011 10:33:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
11/04/2011 8:04:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
11/04/2011 6:45:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
11/04/2011 6:21:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/04/2011 6:21:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/04/2011 6:21:29 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/03/2011 8:28:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.
11/03/2011 4:20:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/03/2011 4:19:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
11/03/2011 4:19:09 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/03/2011 4:19:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
11/02/2011 9:12:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/02/2011 9:10:38 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
11/02/2011 9:07:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ConfigFree WiMAX Service service to connect.
11/02/2011 7:37:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
11/02/2011 7:26:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
11/02/2011 7:26:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.
11/02/2011 7:25:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
11/02/2011 7:24:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ConfigFree Service service.
11/02/2011 6:27:25 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
11/02/2011 6:23:47 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E1144D0F-77E3-416B-ACB5-685104A3C99B} because another computer on the network has the same name. The server could not start.
11/02/2011 6:20:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/01/2011 5:20:14 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
11/01/2011 5:12:32 PM, Error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/01/2011 5:12:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
10/31/2011 7:39:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/29/2011 8:36:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
10/29/2011 2:19:48 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/29/2011 2:19:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
10/29/2011 2:19:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
10/29/2011 2:07:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
.
==== End Of File ===========================


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Lindsey at 19:38:30 on 2011-11-05
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.108 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\SMILEY~2\bar\2.bin\1vbarsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Lindsey\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Users\Lindsey\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\explorer.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNB&bmod=TSNB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\lindsey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [F.lux] "c:\users\lindsey\local settings\apps\f.lux\flux.exe" /noshow
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AppleTrayTray] rundll32.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\whites~1.lnk - c:\users\lindsey\downloads\WhiteSmokeWriterGeo5002_en(2).exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?s=100000338&p=ZJman000&si=&a=iGdpd25DNosh7Tqg7Wjggw&n=2010060614
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45D4B3C1-C34D-4810-B99A-CCC42F515BA9} : DhcpNameServer = 100.100.0.102
TCP: Interfaces\{E1144D0F-77E3-416B-ACB5-685104A3C99B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E1144D0F-77E3-416B-ACB5-685104A3C99B}\63736314 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E1144D0F-77E3-416B-ACB5-685104A3C99B}\84359414 : DhcpNameServer = 4.2.2.1 12.127.16.83
TCP: Interfaces\{E1144D0F-77E3-416B-ACB5-685104A3C99B}\C4F6D626162746F6 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lindsey\appdata\roaming\mozilla\firefox\profiles\90vn5517.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb013YYUS&ptb=14A4C3CD-A0A9-4296-B92C-3DE0C65D4B25&psa=&ind=2010102006&ptnrS=ZNzfb013YYUS&si=&st=kwd&n=77cfb8f6&searchfor=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\smileycentral_1v\bar\2.bin\NP1vStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lindsey\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\lindsey\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\lindsey\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\lindsey\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XUL Cache: {af079d07-f1e2-4e1f-840c-d42e1a3e2ff9} - %profile%\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}
FF - Ext: SmileyCentral: 1vffxtbr@SmileyCentral_1v.com - c:\program files\smileycentral_1v\bar\2.bin
.
============= SERVICES / DRIVERS ===============
.
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-31 66616]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]
.
=============== Created Last 30 ================
.
2011-11-05 22:58:40 -------- d-----w- c:\users\lindsey\appdata\local\{302632F2-EC42-4EAF-979E-451B80299066}
2011-11-05 22:58:28 -------- d-----w- c:\users\lindsey\appdata\local\{877D8245-9A97-42C0-A3D9-D68ABABAFE30}
2011-11-05 22:40:17 -------- d-----w- c:\users\lindsey\appdata\local\{7FB315C3-72CF-447D-8962-031F03D7EC2C}
2011-11-05 22:39:38 -------- d-----w- c:\users\lindsey\appdata\local\{57213BF7-3E33-4226-AA3C-2E3B799B91D5}
2011-11-04 23:48:19 -------- d-----w- c:\users\lindsey\appdata\local\{73FFB3E2-794D-4058-A601-B1B15C2A81C4}
2011-11-04 23:47:55 -------- d-----w- c:\users\lindsey\appdata\local\{772B9BF0-A1A3-49CB-8F6D-8B7C73F5F3AB}
2011-11-04 10:24:12 -------- d-----w- c:\users\lindsey\appdata\local\{3B9032E9-BC35-4065-A407-5BF9BBAC495C}
2011-11-04 10:23:45 -------- d-----w- c:\users\lindsey\appdata\local\{248B94AB-9154-4147-BBD5-ABA6146366AB}
2011-11-03 01:11:32 -------- d-----w- c:\users\lindsey\appdata\local\{45475CD8-4E7D-4AE0-A749-BD6524BF395E}
2011-11-03 01:11:03 -------- d-----w- c:\users\lindsey\appdata\local\{1B3DE002-9CA4-4FD0-8BC4-C95B1A9C00E5}
2011-11-02 23:50:41 -------- d-----w- c:\users\lindsey\appdata\local\{6B3C5FC2-24EA-483D-BE46-E4BBA34236ED}
2011-11-02 23:50:30 -------- d-----w- c:\users\lindsey\appdata\local\{D3A9C608-5B73-4C1D-8404-0765BE4D27A2}
2011-11-02 22:36:57 -------- d-----w- c:\users\lindsey\appdata\local\{FE6B242D-C42E-4B76-B385-B5944F52DD58}
2011-11-02 22:35:59 -------- d-----w- c:\users\lindsey\appdata\local\{351FF1D9-2CC8-4214-89AA-73FD51A69921}
2011-10-31 18:10:17 -------- d-----w- c:\users\lindsey\appdata\local\{3C3E85CC-B14A-46AB-813A-3B627654392F}
2011-10-31 18:09:52 -------- d-----w- c:\users\lindsey\appdata\local\{3642E6DB-09A0-48F7-BDD9-D24B2E0EF55A}
2011-10-30 00:45:58 -------- d-----w- c:\users\lindsey\appdata\roaming\Systweak
2011-10-30 00:45:38 17280 ----a-w- c:\windows\system32\roboot.exe
2011-10-30 00:45:14 -------- d-----w- c:\program files\RegClean Pro
2011-10-29 18:21:06 -------- d-----w- c:\users\lindsey\appdata\local\{96F48916-BE14-43B0-AE74-22F3D22D39B7}
2011-10-29 18:20:12 -------- d-----w- c:\users\lindsey\appdata\local\{A064B1C0-AE48-4BBF-9FC7-9667B55A8FE6}
2011-10-28 00:44:52 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-10-28 00:44:52 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-10-28 00:44:52 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-10-28 00:42:06 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-10-28 00:42:06 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-10-28 00:42:01 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-28 00:42:01 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-10-28 00:41:43 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-28 00:41:03 -------- d-----w- c:\users\lindsey\appdata\roaming\PC Tools
2011-10-28 00:41:03 -------- d-----w- c:\programdata\PC Tools
2011-10-28 00:41:03 -------- d-----w- c:\program files\Spyware Doctor
2011-10-28 00:41:03 -------- d-----w- c:\program files\common files\PC Tools
2011-10-28 00:39:32 -------- d-----w- c:\users\lindsey\appdata\roaming\GetRightToGo
2011-10-27 21:32:34 -------- d-----w- c:\users\lindsey\appdata\local\{117E0109-8D1E-48FE-8F55-4689526BD926}
2011-10-27 21:32:20 -------- d-----w- c:\users\lindsey\appdata\local\{02744953-B506-430D-883F-C50BCF44B2AC}
2011-10-25 21:59:42 -------- d-----w- c:\users\lindsey\appdata\local\{E64B0A23-D6A5-466E-97C6-825807760B57}
2011-10-25 21:59:20 -------- d-----w- c:\users\lindsey\appdata\local\{9EFD6E66-2F1F-4A56-B7E0-8A75C9EBB3D4}
2011-10-25 20:37:41 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-23 13:15:14 -------- d-----w- c:\users\lindsey\appdata\local\{ABBFD028-7C71-4AC7-8A29-6AE4CDD48089}
2011-10-21 23:50:27 -------- d-----w- c:\users\lindsey\appdata\local\{1DD52D60-12F0-4A8B-B2E0-66C1C70F69C7}
2011-10-21 20:42:08 -------- d-----w- c:\users\lindsey\appdata\local\{17B6A44F-0165-4C32-98CF-01B2C30113C0}
2011-10-21 11:56:21 -------- d-----w- c:\users\lindsey\appdata\local\{C8A46BBF-B43D-49A9-B375-B44C69792BA4}
2011-10-21 11:56:08 -------- d-----w- c:\users\lindsey\appdata\local\{E7750FE2-6E60-4350-8875-6AFA497F5A33}
2011-10-19 00:02:03 -------- d-----w- c:\users\lindsey\appdata\local\{85164153-F7A8-4FD3-8CE4-EF13D82AF8CA}
2011-10-19 00:01:44 -------- d-----w- c:\users\lindsey\appdata\local\{B8CBCFE8-11EF-4720-931C-EA8A6148BB4B}
2011-10-17 10:01:33 -------- d-----w- c:\users\lindsey\appdata\local\{77CEF2EC-A787-4AA6-A94B-FFCD1C64A5CB}
2011-10-17 10:01:16 -------- d-----w- c:\users\lindsey\appdata\local\{1D8449E4-8EAA-41DA-9DC0-6C48C14741A9}
2011-10-13 09:57:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 09:57:17 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 09:57:14 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 09:57:13 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 09:57:12 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-13 09:57:11 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 09:57:10 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-09 12:19:02 -------- d-----w- c:\users\lindsey\appdata\local\{387191F5-4A05-408A-B8CF-A97421459D56}
2011-10-09 12:18:40 -------- d-----w- c:\users\lindsey\appdata\local\{454A6A36-1D19-420A-B950-57E8B60AC247}
2011-10-08 19:00:30 -------- d-----w- c:\users\lindsey\appdata\local\{AA53A977-45AB-4612-ABB5-D817E002D2AC}
2011-10-08 19:00:16 -------- d-----w- c:\users\lindsey\appdata\local\{8BD611A0-7DEE-4513-8A80-8E401899D7A8}
2011-10-07 23:43:51 -------- d-----w- c:\users\lindsey\appdata\local\{88C7C9A4-6EB8-4C45-90A9-5FD743D9141B}
2011-10-07 23:43:29 -------- d-----w- c:\users\lindsey\appdata\local\{280D9800-118A-4201-9931-0513C6D2400A}
.
==================== Find3M ====================
.
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 02:38:14 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 19:50:08.51 ===============




Thank you, Anthony
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 04:04 PM
Post: #2
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: A virus I believe
Hello Anthony! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

You're right! Your system is infected.

Quote:For while now this computer seems to be re-directing me to something called get-answers-fast.com whenever I try to do a search for something.

Typical malware, they redirects to other page every time you use any search engine.

Quote:Also, I can't seem to get my Avira softwares internet protection enabled for some reason.

According to the log file you provide to us, Avira AntiVir is active, but it is out-of-date. Another typical feature of modern malicious software is precisely this - to prevent security software to do its work.

Let's beginning:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.
  2. During the download, rename Combofix to Combo-Fix as follows:

    [Image: CF_download_FF.gif]

    [Image: CF_download_rename.gif]
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------
  7. Double click on combo-Fix.exe & follow the prompts.
  8. When finished, it will produce a report for you.
  9. Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
06-11-2011, 05:58 PM
Post: #3
mravenez Offline
Baboon
 		Posts: 30
Joined: Mar 2009
Reputation: 0
RE: A virus I believe
Hi Borislav,

Thanks so much for helping me with my problem. I downloaded combofix and I think I followed your instructions correctly, so here is the logfileSmile

ComboFix 11-11-06.01 - Lindsey 11/06/11 10:18:10.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.400 [GMT -5:00]
Running from: c:\users\Lindsey\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Lindsey\AppData\Local\iha.exe
c:\users\Lindsey\avira_antivir_personal_en.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 15:43 . 2011-11-06 15:45 -------- d-----w- c:\users\Lindsey\AppData\Local\temp
2011-11-06 15:43 . 2011-11-06 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 15:43 . 2011-11-06 15:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-10-30 00:45 . 2011-11-06 15:09 -------- d-----w- c:\users\Lindsey\AppData\Roaming\Systweak
2011-10-30 00:45 . 2011-09-30 19:37 17280 ----a-w- c:\windows\system32\roboot.exe
2011-10-28 00:41 . 2011-11-06 15:11 -------- d-----w- c:\program files\Spyware Doctor
2011-10-28 00:41 . 2011-11-06 15:11 -------- d-----w- c:\program files\Common Files\PC Tools
2011-10-28 00:41 . 2011-11-06 15:11 -------- d-----w- c:\programdata\PC Tools
2011-10-28 00:39 . 2011-10-28 00:40 -------- d-----w- c:\users\Lindsey\AppData\Roaming\GetRightToGo
2011-10-25 20:37 . 2011-08-15 04:25 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-13 09:57 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 09:57 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 09:57 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 09:57 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 09:57 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-13 09:57 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 09:57 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2011-05-03 01:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"F.lux"="c:\users\Lindsey\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 184320]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WhiteSmoke Translator.lnk - c:\users\Lindsey\Downloads\WhiteSmokeWriterGeo5002_en(2).exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-16 22:23 136176 ----atw- c:\users\Lindsey\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-31 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-25 08:35 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-06-24 21504]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-06-24 151552]
S2 SmileyCentral_1vService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\2.bin\1vbarsvc.exe [2011-04-12 36864]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
S4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pctplsg
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 14:12]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 14:12]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937138880-2053432485-1179595566-1000Core.job
- c:\users\Lindsey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 22:23]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937138880-2053432485-1179595566-1000UA.job
- c:\users\Lindsey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 22:23]
.
2011-10-30 c:\windows\Tasks\Norton Security Scan for Lindsey.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-22 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb013YYUS&ptb=14A4C3CD-A0A9-4296-B92C-3DE0C65D4B25&psa=&ind=2010102006&ptnrS=ZNzfb013YYUS&si=&st=kwd&n=77cfb8f6&searchfor=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XUL Cache: {af079d07-f1e2-4e1f-840c-d42e1a3e2ff9} - %profile%\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}
FF - Ext: SmileyCentral: 1vffxtbr@SmileyCentral_1v.com - c:\program files\SmileyCentral_1v\bar\2.bin
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-AppleTrayTray - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-937138880-2053432485-1179595566-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-937138880-2053432485-1179595566-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-06 10:54:44
ComboFix-quarantined-files.txt 2011-11-06 15:54
.
Pre-Run: 72,152,920,064 bytes free
Post-Run: 71,861,780,480 bytes free
.
- - End Of File - - F378ECC53872065270C8AC9622B5364E


Thank you, Anthony
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 06:38 PM
Post: #4
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: A virus I believe
Good Smile

Now, before we continue our work, please visit http://www.virustotal.com and one by one upload the following files:
c:\windows\system32\roboot.exe
c:\users\Lindsey\Downloads\WhiteSmokeWriterGeo5002_en(2).exe

When the scan finished, please copy the link and post them here.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
06-11-2011, 07:14 PM
Post: #5
mravenez Offline
Baboon
 		Posts: 30
Joined: Mar 2009
Reputation: 0
RE: A virus I believe
Hi Borislav,

Here are the two reports that you wanted,

File name:
roboot.exe
Submission date:
2011-11-06 16:55:58 (UTC)
Current status:
queued queued (#3) analysing finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.10.29.00 2011.10.29 -
AntiVir 7.11.16.201 2011.10.28 -
Antiy-AVL 2.0.3.7 2011.10.30 -
Avast 6.0.1289.0 2011.10.30 -
AVG 10.0.0.1190 2011.10.30 -
BitDefender 7.2 2011.10.30 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.29 -
ClamAV 0.97.3.0 2011.10.29 -
Commtouch 5.3.2.6 2011.10.30 -
Comodo 10605 2011.10.30 -
DrWeb 5.0.2.03300 2011.10.30 -
Emsisoft 5.1.0.11 2011.10.30 -
eSafe 7.0.17.0 2011.10.26 -
eTrust-Vet 36.1.8645 2011.10.28 -
F-Prot 4.6.5.141 2011.10.30 -
F-Secure 9.0.16440.0 2011.10.30 -
Fortinet 4.3.370.0 2011.10.30 -
GData 22 2011.10.30 -
Ikarus T3.1.1.107.0 2011.10.30 -
Jiangmin 13.0.900 2011.10.29 -
K7AntiVirus 9.116.5354 2011.10.29 -
Kaspersky 9.0.0.837 2011.10.30 -
McAfee 5.400.0.1158 2011.10.30 -
McAfee-GW-Edition 2010.1D 2011.10.30 -
Microsoft 1.7801 2011.10.30 -
NOD32 6586 2011.10.30 -
Norman 6.07.13 2011.10.29 -
nProtect 2011-10-30.01 2011.10.30 -
Panda 10.0.3.5 2011.10.29 -
PCTools 8.0.0.5 2011.10.30 -
Prevx 3.0 2011.11.06 -
Rising 23.81.04.01 2011.10.28 -
Sophos 4.70.0 2011.10.30 -
SUPERAntiSpyware 4.40.0.1006 2011.10.29 -
TheHacker 6.7.0.1.335 2011.10.28 -
TrendMicro 9.500.0.1008 2011.10.30 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.30 -
VBA32 3.12.16.4 2011.10.25 -
VIPRE 10915 2011.10.30 -
ViRobot 2011.10.29.4745 2011.10.30 -
VirusBuster 14.1.37.0 2011.10.29 -
Additional information
Show all
MD5 : 9da51d588f26c1740e24a9cca5e86ca4
SHA1 : 8d4f8bedc6b93ae4d617070accda992a1146037c
SHA256: c904234ff624bd2b03b67ef3af625400ef5ca9e1f10d79bb48c203f70810558d
ssdeep: 192:fxW8ACZd07P/uG+eNPL+T7XTPMG4QW/O5YSnEXNp8SbjcHZs10UKyowJL/VgrYMF:aDNhLE
7XbM/zhjcu10HYJLeVbCoj1Z
File size : 17280 bytes
First seen: 2011-10-03 02:29:19
Last seen : 2011-11-06 16:55:58
TrID:
Windows Screen Saver (51.1%)
Win32 Executable Generic (33.2%)
Generic Win/DOS Executable (7.8%)
DOS Executable Generic (7.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Systweak Inc., (http://www.systweak.com)
copyright....: Copyright © 2010 Systweak Inc., All rights reserved.
product......: Systweak Regclean Pro
description..: Regclean Pro
original name: RegcleanPro.exe
internal name: Regclean Pro Registry Optimizer
file version.: 6.1
comments.....: http://www.systweak.com
signers......: Systweak Inc
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 11:09 30/09/2011
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2545
timedatestamp....: 0x4D19C6FA (Tue Dec 28 11:16:10 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1F2E, 0x2000, 6.24, baaafcec427a6cc0cc73728bc3f0274b
.data, 0x3000, 0x34C, 0x200, 0.20, 563629f165a1b00ba1c92b2b4adf94bb
.rsrc, 0x4000, 0x468, 0x600, 2.59, ed9df3c3dd2ff71057983f0ee6cb5d56
.reloc, 0x5000, 0x1B6, 0x200, 5.06, 40af51e8e0afdba218bf98f14ab70502

[[ 1 import(s) ]]
ntdll.dll: NtDisplayString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, vsprintf, NtOpenKey, RtlInitUnicodeString, NtLoadKey, NtUnloadKey, RtlAllocateHeap, RtlFreeHeap, RtlAdjustPrivilege, NtInitializeRegistry, RtlCreateHeap, memset, NtClose, NtReadFile, NtCreateFile, NtSaveKey, NtReplaceKey, ZwDeleteFile, LdrGetProcedureAddress, LdrGetDllHandle, NtFlushKey, NtDelayExecution, NtSetValueKey, memmove, NtQueryValueKey, _chkstk, NtFlushBuffersFile, NtWriteFile, NtShutdownSystem, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 8192
Comments: http://www.systweak.com
CompanyName: Systweak Inc., (http://www.systweak.com)
EntryPoint: 0x2545
FileDescription: Regclean Pro
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 17 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.1
FileVersionNumber: 6.1.0.0
ImageVersion: 6.0
InitializedDataSize: 3072
InternalName: Regclean Pro Registry Optimizer
LanguageCode: English (U.S.)
LegalCopyright: Copyright © 2010 Systweak Inc., All rights reserved.
LegalTrademarks: Systweak, Regclean Pro
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.0
ObjectFileType: Dynamic link library
OriginalFilename: RegcleanPro.exe
PEType: PE32
ProductName: Systweak Regclean Pro
ProductVersion: 6.1
ProductVersionNumber: 6.1.0.0
Subsystem: Native
SubsystemVersion: 6.0
TimeStamp: 2010:12:28 12:16:10+01:00
UninitializedDataSize: 0


I tried to upload the file called c:\users\Lindsey\Downloads\WhiteSmokeWriterGeo5002_en(2).exe

but I was unable to find it anywhere..

Thank you, Anthony
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 07:32 PM
Post: #6
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: A virus I believe
Thank you! Smile


Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Please click on Start => Control Panel => Add or Remove Programs, highlight one by one the following application and use Remove button to uninstall them:
  • McAfee Security Scan Plus
  • Norton Security Scan


Step 3

Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
c:\users\Lindsey\Downloads\WhiteSmokeWriterGeo5002_en(2).exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk

Folder::
c:\program files\SmileyCentral_1v

FireFox::
FF - ProfilePath - c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb013YYUS&ptb=14A4C3CD-A0A9-4296-B92C-3DE0C65D4B25&psa=&ind=2010102006&ptnrS=ZNzfb013YYUS&si=&st=kwd&n=77cfb8f6&searchfor=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - Ext: SmileyCentral: 1vffxtbr@SmileyCentral_1v.com - c:\program files\SmileyCentral_1v\bar\2.bin

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

[Image: CFScriptB-4.gif]

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


In your next post here, please include ComboFix.txt and let me know how are things there.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
06-11-2011, 10:44 PM
Post: #7
mravenez Offline
Baboon
 		Posts: 30
Joined: Mar 2009
Reputation: 0
RE: A virus I believe
Hi Borislav,

This is the file of combofix..

ComboFix 11-11-06.02 - Lindsey 11/06/11 15:05:02.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.236 [GMT -5:00]
Running from: c:\users\Lindsey\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Lindsey\Desktop\cfScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk"
"c:\users\Lindsey\Downloads\WhiteSmokeWriterGeo5002_en(2).exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SmileyCentral_1v
c:\program files\SmileyCentral_1v\bar\1.bin\chrome\1vffxtbr.jar
c:\program files\SmileyCentral_1v\bar\2.bin\1vbar.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vbarsvc.exe
c:\program files\SmileyCentral_1v\bar\2.bin\1vdatact.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vdyn.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vfeedmg.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vhighin.exe
c:\program files\SmileyCentral_1v\bar\2.bin\1vhtml.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vhtmlmu.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vhttpct.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vidle.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vimpipe.exe
c:\program files\SmileyCentral_1v\bar\2.bin\1vmedint.exe
c:\program files\SmileyCentral_1v\bar\2.bin\1vmlbtn.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vmsg.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vPlugin.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vradio.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vregfft.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vscript.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vskin.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vskplay.exe
c:\program files\SmileyCentral_1v\bar\2.bin\1vtpinst.dll
c:\program files\SmileyCentral_1v\bar\2.bin\1vuabtn.dll
c:\program files\SmileyCentral_1v\bar\2.bin\CHROME.MANIFEST
c:\program files\SmileyCentral_1v\bar\2.bin\chrome\1vffxtbr.jar
c:\program files\SmileyCentral_1v\bar\2.bin\INSTALL.RDF
c:\program files\SmileyCentral_1v\bar\2.bin\LOGO.BMP
c:\program files\SmileyCentral_1v\bar\2.bin\NP1vStub.dll
c:\program files\SmileyCentral_1v\bar\Message\COMMON.T8S
c:\program files\SmileyCentral_1v\bar\Settings\s_pid.dat
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\70jy50fy.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\70jy50fy.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\70jy50fy.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\70jy50fy.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\70jy50fy.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\install.rdf
c:\users\Lindsey\AppData\Roaming\completescan
c:\users\Lindsey\AppData\Roaming\install
c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}
c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\chrome.manifest
c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\chrome\xulcache.jar
c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\defaults\preferences\xulcache.js
c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\extensions\{af079d07-f1e2-4e1f-840c-d42e1a3e2ff9}\install.rdf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 20:29 . 2011-11-06 20:29 -------- d-----w- c:\users\Lindsey\AppData\Local\temp
2011-11-06 20:29 . 2011-11-06 20:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-06 20:29 . 2011-11-06 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 19:50 . 2011-11-06 19:50 -------- d-----w- c:\windows\system32\SPReview
2011-11-06 19:47 . 2011-11-06 19:47 -------- d-----w- c:\windows\system32\EventProviders
2011-11-06 15:12 . 2011-11-06 15:54 -------- d-----w- C:\Combo-Fix
2011-10-30 00:45 . 2011-11-06 15:09 -------- d-----w- c:\users\Lindsey\AppData\Roaming\Systweak
2011-10-30 00:45 . 2011-09-30 19:37 17280 ----a-w- c:\windows\system32\roboot.exe
2011-10-28 00:41 . 2011-11-06 15:11 -------- d-----w- c:\programdata\PC Tools
2011-10-28 00:39 . 2011-10-28 00:40 -------- d-----w- c:\users\Lindsey\AppData\Roaming\GetRightToGo
2011-10-25 20:37 . 2011-08-15 04:25 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-13 09:57 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 09:57 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 09:57 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 09:57 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 09:57 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-13 09:57 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 09:57 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2011-05-03 01:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"F.lux"="c:\users\Lindsey\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 184320]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WhiteSmoke Translator.lnk - c:\users\Lindsey\Downloads\WhiteSmokeWriterGeo5002_en(2).exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-16 22:23 136176 ----atw- c:\users\Lindsey\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-31 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-08-25 08:35 2446648 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-06-24 21504]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-06-24 151552]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SmileyCentral_1vService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\2.bin\1vbarsvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 14:12]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 14:12]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937138880-2053432485-1179595566-1000Core.job
- c:\users\Lindsey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 22:23]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-937138880-2053432485-1179595566-1000UA.job
- c:\users\Lindsey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-23 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lindsey\AppData\Roaming\Mozilla\Firefox\Profiles\90vn5517.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-937138880-2053432485-1179595566-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-937138880-2053432485-1179595566-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-06 15:37:35
ComboFix-quarantined-files.txt 2011-11-06 20:37
ComboFix2.txt 2011-11-06 15:54
.
Pre-Run: 78,486,319,104 bytes free
Post-Run: 78,103,293,952 bytes free
.
- - End Of File - - CBD1D75B0C4137E0F3C21526ACEB0720


Thank you, Anthony
Send this user an email Find all posts by this user
Quote this message in a reply
06-11-2011, 11:16 PM
Post: #8
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: A virus I believe
How are things now?
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
07-11-2011, 12:42 AM
Post: #9
mravenez Offline
Baboon
 		Posts: 30
Joined: Mar 2009
Reputation: 0
RE: A virus I believe
Hi Borislav,

It seems to be working now and i think the problem is gone. One thing I'm not sure about is that the little icon for Avira has the little umbrella closed. When I open the program it says Online Protection disabled, I'm not sure why though.. Also, I sent you a little donation through paypal... Thank you so much for all of your helpSmile

Anthony
Send this user an email Find all posts by this user
Quote this message in a reply
07-11-2011, 01:32 AM (This post was last modified: 07-11-2011 01:33 AM by Maniac.)
Post: #10
Maniac Offline
Malware Fighter
*****
 		Posts: 1,339
Joined: Dec 2009
Reputation: 7
RE: A virus I believe
Hi Anthony! Smile

Thank you very much for donation! I really appreciate it! Smile

Quote:One thing I'm not sure about is that the little icon for Avira has the little umbrella closed. When I open the program it says Online Protection disabled, I'm not sure why though..

Right click on Avira icon in system tray and tick AntiVir Guard Enable.

Whatever the outcome, please do some additional checks to make sure that your system is clean:

Please download Malwarebytes' Anti-Malware from Here.

  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select Perform Quick Scan, then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  10. Copy&Paste the entire report in your next reply.


Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Next:

  1. Please run a free online scan with the ESET Online Scanner

    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic



In your next post, please include both the log file specified above.
[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


Contact Us | Techmonkeys.co.uk | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication