View Poll Results: Do you consider Win32/Toggle Application critical enought to remove?

Voters
1. You may not vote on this poll
• Does it cause problems?

1 100.00%
• Is it just a tracking cookie?

0 0%

I hope I am not wasting the time of all you kind folks. However, the retailier of my computer included a scanning program of its own which runs without generating any logs. I believe it is a sham that they created to intice you to keep the antivirus that they bundle with the computer. Anyway, yesterday I ran this scanning program which concluded stating that it found malware with showing its location. Then, I telephoned its technical support, which proposed to charge me $129 to remove the malware, as if I don't have any say in what stays on my computer. Since I already ran last Monday Panda (the program with which I replaced the original antivirus), Malwarebytes, SuperAntispyware and Temporary File Cleaner (by Justin Murray), I was curious about the location and identification of this malware. Those programs ran clean. Out of despiration, I installed and ran ESET. It found two occurrences of Win32/Toggle Application. They appear to be in a folder of installers of programs I did not use on this computer. I suppose I could get rid of them. My computer runs Windows 7 64-Bit and IE9. It is on a wireless network with an XP-Pro running IE8. The two programs that have the Toggle Application are versions of WinDVD, which I intended for the XP computer. They are trial programs for which I am unwilling to pay. Additionally, I could not run HiJact This until I checked off the box which states "Run As Administrator." So, I have logs for Panda, Malwarebytes, SuperAntispyware, ESET and HiJack This, which is still open on my computer. Which logs do you want first? Should I begin new scans with any of these programs? 2. Hi troothteller, My apologies for the delay in responding. So, I have logs for Panda, Malwarebytes, SuperAntispyware, ESET and HiJack This, which is still open on my computer. Which logs do you want first? Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary. Thank you for understanding! Donna 3. Unidentified Malware/HJT Log Donna, Since this log seems to be most important, and most difficult to obtain, here is the first post: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:42:26 AM, on 12/8/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe C:\Program Files (x86)\Office Depot PC Support Agent\escont.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\ApVxdWin.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavBckPT.exe C:\Program Files (x86)\Hewlett-Packard\SmartPrint\bootstrap.exe C:\PROGRA~2\MICROS~2\wkcalrem.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = XFINITY by Comcast -- Official Customer Site | Email | Watch TV Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (file missing) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing) O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (file missing) O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Marketsplash Print Software.lnk = C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1301405572200 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.4.24.0.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\windows\SysWOW64\atashost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Office Depot PC Support Agent - Support.com, Inc. - C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 17254 bytes 4. Unidentified Malware/Panda Log The Panda Log does not go into detail. It just states that it ran and whether or not it found anything. Here it is: Panda Internet Security 2012 incident report Filter selected:All, Date: All INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Update Updates system 12/8/2011 7:41:38 AM Correct File modification signatures Scan complete On-demand antivirus scan 12/7/2011 1:10:12 PM Scan: Scan started On-demand antivirus scan 12/7/2011 1:07:12 PM Scan: Update Updates system 12/7/2011 1:07:00 PM Correct File: Threat signatures Update Updates system 12/6/2011 9:31:52 AM Correct File modification signatures Scan complete On-demand antivirus scan 12/5/2011 10:15:46 PM Scan: Scanning the whole system Scan started On-demand antivirus scan 12/5/2011 7:19:20 PM Scan: Scanning the whole system Update Updates system 12/5/2011 5:45:05 PM Correct File modification signatures Update Updates system 12/3/2011 7:55:25 AM Correct File modification signatures Scan complete On-demand antivirus scan 12/2/2011 11:54:03 AM Scan: Scan started On-demand antivirus scan 12/2/2011 11:51:47 AM Scan: Update Updates system 12/2/2011 11:51:38 AM Correct File: Threat signatures Scan complete On-demand antivirus scan 12/1/2011 3:00:30 PM Scan: Scan started On-demand antivirus scan 12/1/2011 2:56:44 PM Scan: Update Updates system 12/1/2011 2:56:34 PM Correct File: Threat signatures Scan complete On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system Scan started On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system Scan complete On-demand antivirus scan 11/30/2011 12:14:30 PM Scan: Scan started On-demand antivirus scan 11/30/2011 12:11:11 PM Scan: Update Updates system 11/30/2011 12:11:09 PM Correct Type: Identity protection Update Updates system 11/30/2011 12:11:03 PM Correct File: Threat signatures Scan started On-demand antivirus scan 11/29/2011 11:36:58 AM Scan: Update Updates system 11/29/2011 11:36:56 AM Correct Type: autofix hfp171104s19 Update Updates system 11/29/2011 11:36:51 AM Correct Type: autofix hfp171104s6 Update Updates system 11/29/2011 11:36:50 AM Correct Type: autofix hfp171104s3 Update Updates system 11/29/2011 11:36:46 AM Correct File: Threat signatures Scan complete On-demand antivirus scan 11/29/2011 10:56:40 AM Scan: Scanning the whole system Scan complete On-demand antivirus scan 11/29/2011 7:17:17 AM Scan: Scanning System Scan complete On-demand antivirus scan 11/29/2011 7:16:28 AM Scan: Scan started On-demand antivirus scan 11/29/2011 7:13:43 AM Scan: Scanning the whole system Update Updates system 11/29/2011 7:12:43 AM Correct Type: Identity protection Update Updates system 11/29/2011 7:12:38 AM Correct File modification signatures Scan started On-demand antivirus scan 11/29/2011 7:12:38 AM Scan: Update Updates system 11/29/2011 7:12:34 AM Incorrect Error: Error in the download process Scan started On-demand antivirus scan 11/29/2011 7:12:33 AM Scan: Scanning System Update Updates system 11/29/2011 7:12:33 AM Incorrect Error: Error in the download process Update Updates system 11/29/2011 7:12:32 AM Incorrect Error: Error in the download process Update Updates system 11/29/2011 7:12:31 AM Correct File: Threat signatures Panda Internet Security 2012 incident report Filter selected:All, Date: All INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Update Updates system 12/8/2011 7:41:38 AM Correct File modification signatures Scan complete On-demand antivirus scan 12/7/2011 1:10:12 PM Scan: Scan started On-demand antivirus scan 12/7/2011 1:07:12 PM Scan: Update Updates system 12/7/2011 1:07:00 PM Correct File: Threat signatures Update Updates system 12/6/2011 9:31:52 AM Correct File modification signatures Scan complete On-demand antivirus scan 12/5/2011 10:15:46 PM Scan: Scanning the whole system Scan started On-demand antivirus scan 12/5/2011 7:19:20 PM Scan: Scanning the whole system Update Updates system 12/5/2011 5:45:05 PM Correct File modification signatures Update Updates system 12/3/2011 7:55:25 AM Correct File modification signatures Scan complete On-demand antivirus scan 12/2/2011 11:54:03 AM Scan: Scan started On-demand antivirus scan 12/2/2011 11:51:47 AM Scan: Update Updates system 12/2/2011 11:51:38 AM Correct File: Threat signatures Scan complete On-demand antivirus scan 12/1/2011 3:00:30 PM Scan: Scan started On-demand antivirus scan 12/1/2011 2:56:44 PM Scan: Update Updates system 12/1/2011 2:56:34 PM Correct File: Threat signatures Scan complete On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system Scan started On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system Scan complete On-demand antivirus scan 11/30/2011 12:14:30 PM Scan: Scan started On-demand antivirus scan 11/30/2011 12:11:11 PM Scan: Update Updates system 11/30/2011 12:11:09 PM Correct Type: Identity protection Update Updates system 11/30/2011 12:11:03 PM Correct File: Threat signatures Scan started On-demand antivirus scan 11/29/2011 11:36:58 AM Scan: Update Updates system 11/29/2011 11:36:56 AM Correct Type: autofix hfp171104s19 Update Updates system 11/29/2011 11:36:51 AM Correct Type: autofix hfp171104s6 Update Updates system 11/29/2011 11:36:50 AM Correct Type: autofix hfp171104s3 Update Updates system 11/29/2011 11:36:46 AM Correct File: Threat signatures Scan complete On-demand antivirus scan 11/29/2011 10:56:40 AM Scan: Scanning the whole system Scan complete On-demand antivirus scan 11/29/2011 7:17:17 AM Scan: Scanning System Scan complete On-demand antivirus scan 11/29/2011 7:16:28 AM Scan: Scan started On-demand antivirus scan 11/29/2011 7:13:43 AM Scan: Scanning the whole system Update Updates system 11/29/2011 7:12:43 AM Correct Type: Identity protection Update Updates system 11/29/2011 7:12:38 AM Correct File modification signatures Scan started On-demand antivirus scan 11/29/2011 7:12:38 AM Scan: Update Updates system 11/29/2011 7:12:34 AM Incorrect Error: Error in the download process Scan started On-demand antivirus scan 11/29/2011 7:12:33 AM Scan: Scanning System Update Updates system 11/29/2011 7:12:33 AM Incorrect Error: Error in the download process Update Updates system 11/29/2011 7:12:32 AM Incorrect Error: Error in the download process Update Updates system 11/29/2011 7:12:31 AM Correct File: Threat signatures Originally Posted by DonnaB Hi troothteller, My apologies for the delay in responding. Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary. Thank you for understanding! Donna 5. Unidentified Malware/Malwarebytes Log Here is the Malwarebytes Log: Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 8320 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12/5/2011 11:08:52 PM mbam-log-2011-12-05 (23-08-52).txt Scan type: Full scan (C:\|D:\|Q:\|) Objects scanned: 323343 Time elapsed: 47 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Originally Posted by DonnaB Hi troothteller, My apologies for the delay in responding. Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary. Thank you for understanding! Donna 6. Unidentified Malware/SuperAntiSpyware Log Here is the SuperAntiSpyware log: SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 12/06/2011 at 00:03 AM Application Version : 5.0.1136 Core Rules Database Version : 8018 Trace Rules Database Version: 5830 Scan type : Complete Scan Total Scan Time : 00:51:26 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 675 Memory threats detected : 0 Registry items scanned : 73547 Registry threats detected : 0 File items scanned : 58538 File threats detected : 0 Originally Posted by DonnaB Hi troothteller, My apologies for the delay in responding. Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary. Thank you for understanding! Donna 7. Unidentified Malware/ESET log Here is the ESET log, where it identified malware, though possibly a false positive: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=62b53f29b96c8347acf0693025e9fd52 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-07 07:53:21 # local_time=2011-12-07 02:53:21 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1536 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 74825028 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=170758 # found=2 # cleaned=0 # scan_time=6023 C:\Users\user\Downloads\installer_intervideo_windvd.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I C:\Users\user\Downloads\installer_windvd_gold.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I Originally Posted by DonnaB Hi troothteller, My apologies for the delay in responding. Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary. Thank you for understanding! Donna 8. Hi troothteller, My apologies for the delay. As I stated in my email reply you were not intentionally overlooked. I thought you were being taken care of due to the number of replies posted to your thread, I should have looked closer. However, the retailier of my computer included a scanning program of its own which runs without generating any logs. I believe it is a sham that they created to intice you to keep the antivirus that they bundle with the computer. Anyway, yesterday I ran this scanning program which concluded stating that it found malware with showing its location. Then, I telephoned its technical support, which proposed to charge me$129 to remove the malware, as if I don't have any say in what stays on my computer.
Your assumption is correct. Many retailers are paid to promote software. What was the name of the program?

After discussing the entries that ESET found with our expert:

ESET Scan:

# found=2
# cleaned=0
# scan_time=6023
We both agree that the installer in the download folder was targeted as malicious.

The two programs that have the Toggle Application are versions of WinDVD, which I intended for the XP computer.
Since WinDVD was intended for your XP, uninstall WinDVD from your Win7 and that should take care of those entries from being detected again.

Also, I'd like to point out few entries that could/should be removed with HiJack This:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (file missing)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (file missing)
O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll

Right click on HiJackThis and choose Run as Administrator, if the option is presented, then click on Do a system scan only. Place a check mark to the left of each of the entries above and click Fix Checked, close HiJackThis, then reboot, then do another system scan and post the log in your next reply.

Then go to Programs and Features and uninstall the mentioned Toolbars if found.

You can also follow the paths below and delete the folders:

C:\Program Files (x86)\WI3C8A~1
C:\Program Files (x86)\somototoolbar

Run ESET again to see if anything is detected this time.

Donna

9. The Following User Says Thank You to DonnaB For This Useful Post:

10. Thank you, Donna. The program the retailer included in this computer is the Office Depot Support Agent.

11. Hi troothteller,

You're welcome!

I'm assuming that you bought your computer at Office Depot. Right?

The software in question, Office Depot PC Support Agent, is totally unnecessary. You have Secunia installed which is a much more reliable program, serves the same purpose, and is highly recommended by some of the best renowned experts in Internet Security.

Personally, I would uninstall the Office Depot PC Support Agent software.

To do so, go to Control Panel > Programs and Features, right click and choose uninstall. If you do not plan on reinstalling the software (which I wouldn't) follow the path below and delete the folder as well.

C:\Program Files (x86)\Office Depot PC Support Agent

Have you taken the time to accomplish the tasks I asked you to do in post #8 above? When complete, please post another HiJackThis log and scan with ESET once again.

Also, I'd like to see an uninstall list if you don't mind. Please do the following:

Uninstall list HijackThis instructions:

Double click the HiJackThis Icon on the Desktop. On the Main Menu click on Open the Misc Tools section.

Under System Tools on the left, click on Open Uninstall Manager.

Then over to the right click on the Save List button and Save it to your Desktop so you may find it.