View Poll Results: Do you consider Win32/Toggle Application critical enought to remove?

Voters
1. You may not vote on this poll
  • Does it cause problems?

    1 100.00%
  • Is it just a tracking cookie?

    0 0%
Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default Unidentified Malware

    I hope I am not wasting the time of all you kind folks. However, the retailier of my computer included a scanning program of its own which runs without generating any logs. I believe it is a sham that they created to intice you to keep the antivirus that they bundle with the computer. Anyway, yesterday I ran this scanning program which concluded stating that it found malware with showing its location. Then, I telephoned its technical support, which proposed to charge me $129 to remove the malware, as if I don't have any say in what stays on my computer. Since I already ran last Monday Panda (the program with which I replaced the original antivirus), Malwarebytes, SuperAntispyware and Temporary File Cleaner (by Justin Murray), I was curious about the location and identification of this malware. Those programs ran clean. Out of despiration, I installed and ran ESET. It found two occurrences of Win32/Toggle Application. They appear to be in a folder of installers of programs I did not use on this computer. I suppose I could get rid of them. My computer runs Windows 7 64-Bit and IE9. It is on a wireless network with an XP-Pro running IE8. The two programs that have the Toggle Application are versions of WinDVD, which I intended for the XP computer. They are trial programs for which I am unwilling to pay. Additionally, I could not run HiJact This until I checked off the box which states "Run As Administrator." So, I have logs for Panda, Malwarebytes, SuperAntispyware, ESET and HiJack This, which is still open on my computer. Which logs do you want first? Should I begin new scans with any of these programs?

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi troothteller,

    My apologies for the delay in responding.

    So, I have logs for Panda, Malwarebytes, SuperAntispyware, ESET and HiJack This, which is still open on my computer. Which logs do you want first?
    Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary.

    Thank you for understanding!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default Unidentified Malware/HJT Log

    Donna, Since this log seems to be most important, and most difficult to obtain, here is the first post:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:42:26 AM, on 12/8/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
    C:\Program Files (x86)\Office Depot PC Support Agent\escont.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\ApVxdWin.exe
    C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavBckPT.exe
    C:\Program Files (x86)\Hewlett-Packard\SmartPrint\bootstrap.exe
    C:\PROGRA~2\MICROS~2\wkcalrem.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI | MSN
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = XFINITY by Comcast -- Official Customer Site | Email | Watch TV Online
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (file missing)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (file missing)
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe"
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: Marketsplash Print Software.lnk = C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1301405572200
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.4.24.0.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\windows\SysWOW64\atashost.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Office Depot PC Support Agent - Support.com, Inc. - C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe
    O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
    O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 17254 bytes

  4. #4
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default Unidentified Malware/Panda Log

    The Panda Log does not go into detail. It just states that it ran and whether or not it found anything. Here it is:

    Panda Internet Security 2012 incident report
    Filter selected:All, Date: All
    INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Update Updates system 12/8/2011 7:41:38 AM Correct File modification signatures
    Scan complete On-demand antivirus scan 12/7/2011 1:10:12 PM Scan:
    Scan started On-demand antivirus scan 12/7/2011 1:07:12 PM Scan:
    Update Updates system 12/7/2011 1:07:00 PM Correct File: Threat signatures
    Update Updates system 12/6/2011 9:31:52 AM Correct File modification signatures
    Scan complete On-demand antivirus scan 12/5/2011 10:15:46 PM Scan: Scanning the whole system
    Scan started On-demand antivirus scan 12/5/2011 7:19:20 PM Scan: Scanning the whole system
    Update Updates system 12/5/2011 5:45:05 PM Correct File modification signatures
    Update Updates system 12/3/2011 7:55:25 AM Correct File modification signatures
    Scan complete On-demand antivirus scan 12/2/2011 11:54:03 AM Scan:
    Scan started On-demand antivirus scan 12/2/2011 11:51:47 AM Scan:
    Update Updates system 12/2/2011 11:51:38 AM Correct File: Threat signatures
    Scan complete On-demand antivirus scan 12/1/2011 3:00:30 PM Scan:
    Scan started On-demand antivirus scan 12/1/2011 2:56:44 PM Scan:
    Update Updates system 12/1/2011 2:56:34 PM Correct File: Threat signatures
    Scan complete On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system
    Scan started On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system
    Scan complete On-demand antivirus scan 11/30/2011 12:14:30 PM Scan:
    Scan started On-demand antivirus scan 11/30/2011 12:11:11 PM Scan:
    Update Updates system 11/30/2011 12:11:09 PM Correct Type: Identity protection
    Update Updates system 11/30/2011 12:11:03 PM Correct File: Threat signatures
    Scan started On-demand antivirus scan 11/29/2011 11:36:58 AM Scan:
    Update Updates system 11/29/2011 11:36:56 AM Correct Type: autofix hfp171104s19
    Update Updates system 11/29/2011 11:36:51 AM Correct Type: autofix hfp171104s6
    Update Updates system 11/29/2011 11:36:50 AM Correct Type: autofix hfp171104s3
    Update Updates system 11/29/2011 11:36:46 AM Correct File: Threat signatures
    Scan complete On-demand antivirus scan 11/29/2011 10:56:40 AM Scan: Scanning the whole system
    Scan complete On-demand antivirus scan 11/29/2011 7:17:17 AM Scan: Scanning System
    Scan complete On-demand antivirus scan 11/29/2011 7:16:28 AM Scan:
    Scan started On-demand antivirus scan 11/29/2011 7:13:43 AM Scan: Scanning the whole system
    Update Updates system 11/29/2011 7:12:43 AM Correct Type: Identity protection
    Update Updates system 11/29/2011 7:12:38 AM Correct File modification signatures
    Scan started On-demand antivirus scan 11/29/2011 7:12:38 AM Scan:
    Update Updates system 11/29/2011 7:12:34 AM Incorrect Error: Error in the download process
    Scan started On-demand antivirus scan 11/29/2011 7:12:33 AM Scan: Scanning System
    Update Updates system 11/29/2011 7:12:33 AM Incorrect Error: Error in the download process
    Update Updates system 11/29/2011 7:12:32 AM Incorrect Error: Error in the download process
    Update Updates system 11/29/2011 7:12:31 AM Correct File: Threat signatures
    Panda Internet Security 2012 incident report
    Filter selected:All, Date: All
    INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Update Updates system 12/8/2011 7:41:38 AM Correct File modification signatures
    Scan complete On-demand antivirus scan 12/7/2011 1:10:12 PM Scan:
    Scan started On-demand antivirus scan 12/7/2011 1:07:12 PM Scan:
    Update Updates system 12/7/2011 1:07:00 PM Correct File: Threat signatures
    Update Updates system 12/6/2011 9:31:52 AM Correct File modification signatures
    Scan complete On-demand antivirus scan 12/5/2011 10:15:46 PM Scan: Scanning the whole system
    Scan started On-demand antivirus scan 12/5/2011 7:19:20 PM Scan: Scanning the whole system
    Update Updates system 12/5/2011 5:45:05 PM Correct File modification signatures
    Update Updates system 12/3/2011 7:55:25 AM Correct File modification signatures
    Scan complete On-demand antivirus scan 12/2/2011 11:54:03 AM Scan:
    Scan started On-demand antivirus scan 12/2/2011 11:51:47 AM Scan:
    Update Updates system 12/2/2011 11:51:38 AM Correct File: Threat signatures
    Scan complete On-demand antivirus scan 12/1/2011 3:00:30 PM Scan:
    Scan started On-demand antivirus scan 12/1/2011 2:56:44 PM Scan:
    Update Updates system 12/1/2011 2:56:34 PM Correct File: Threat signatures
    Scan complete On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system
    Scan started On-demand antivirus scan 11/30/2011 8:59:28 PM Scan: Scanning system
    Scan complete On-demand antivirus scan 11/30/2011 12:14:30 PM Scan:
    Scan started On-demand antivirus scan 11/30/2011 12:11:11 PM Scan:
    Update Updates system 11/30/2011 12:11:09 PM Correct Type: Identity protection
    Update Updates system 11/30/2011 12:11:03 PM Correct File: Threat signatures
    Scan started On-demand antivirus scan 11/29/2011 11:36:58 AM Scan:
    Update Updates system 11/29/2011 11:36:56 AM Correct Type: autofix hfp171104s19
    Update Updates system 11/29/2011 11:36:51 AM Correct Type: autofix hfp171104s6
    Update Updates system 11/29/2011 11:36:50 AM Correct Type: autofix hfp171104s3
    Update Updates system 11/29/2011 11:36:46 AM Correct File: Threat signatures
    Scan complete On-demand antivirus scan 11/29/2011 10:56:40 AM Scan: Scanning the whole system
    Scan complete On-demand antivirus scan 11/29/2011 7:17:17 AM Scan: Scanning System
    Scan complete On-demand antivirus scan 11/29/2011 7:16:28 AM Scan:
    Scan started On-demand antivirus scan 11/29/2011 7:13:43 AM Scan: Scanning the whole system
    Update Updates system 11/29/2011 7:12:43 AM Correct Type: Identity protection
    Update Updates system 11/29/2011 7:12:38 AM Correct File modification signatures
    Scan started On-demand antivirus scan 11/29/2011 7:12:38 AM Scan:
    Update Updates system 11/29/2011 7:12:34 AM Incorrect Error: Error in the download process
    Scan started On-demand antivirus scan 11/29/2011 7:12:33 AM Scan: Scanning System
    Update Updates system 11/29/2011 7:12:33 AM Incorrect Error: Error in the download process
    Update Updates system 11/29/2011 7:12:32 AM Incorrect Error: Error in the download process
    Update Updates system 11/29/2011 7:12:31 AM Correct File: Threat signatures



    Quote Originally Posted by DonnaB View Post
    Hi troothteller,

    My apologies for the delay in responding.



    Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary.

    Thank you for understanding!

    Donna

  5. #5
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default Unidentified Malware/Malwarebytes Log

    Here is the Malwarebytes Log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8320

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    12/5/2011 11:08:52 PM
    mbam-log-2011-12-05 (23-08-52).txt

    Scan type: Full scan (C:\|D:\|Q:\|)
    Objects scanned: 323343
    Time elapsed: 47 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Quote Originally Posted by DonnaB View Post
    Hi troothteller,

    My apologies for the delay in responding.



    Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary.

    Thank you for understanding!

    Donna

  6. #6
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default Unidentified Malware/SuperAntiSpyware Log

    Here is the SuperAntiSpyware log:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/06/2011 at 00:03 AM

    Application Version : 5.0.1136

    Core Rules Database Version : 8018
    Trace Rules Database Version: 5830

    Scan type : Complete Scan
    Total Scan Time : 00:51:26

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 675
    Memory threats detected : 0
    Registry items scanned : 73547
    Registry threats detected : 0
    File items scanned : 58538
    File threats detected : 0

    Quote Originally Posted by DonnaB View Post
    Hi troothteller,

    My apologies for the delay in responding.



    Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary.

    Thank you for understanding!

    Donna

  7. #7
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default Unidentified Malware/ESET log

    Here is the ESET log, where it identified malware, though possibly a false positive:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=62b53f29b96c8347acf0693025e9fd52
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-12-07 07:53:21
    # local_time=2011-12-07 02:53:21 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1536 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 0 74825028 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=170758
    # found=2
    # cleaned=0
    # scan_time=6023
    C:\Users\user\Downloads\installer_intervideo_windvd.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\user\Downloads\installer_windvd_gold.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I

    Quote Originally Posted by DonnaB View Post
    Hi troothteller,

    My apologies for the delay in responding.



    Please post all the logs. Our removal experts are very busy at this time and your patience will be necessary.

    Thank you for understanding!

    Donna

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi troothteller,

    My apologies for the delay. As I stated in my email reply you were not intentionally overlooked. I thought you were being taken care of due to the number of replies posted to your thread, I should have looked closer.

    However, the retailier of my computer included a scanning program of its own which runs without generating any logs. I believe it is a sham that they created to intice you to keep the antivirus that they bundle with the computer. Anyway, yesterday I ran this scanning program which concluded stating that it found malware with showing its location. Then, I telephoned its technical support, which proposed to charge me $129 to remove the malware, as if I don't have any say in what stays on my computer.
    Your assumption is correct. Many retailers are paid to promote software. What was the name of the program?

    After discussing the entries that ESET found with our expert:

    ESET Scan:

    # found=2
    # cleaned=0
    # scan_time=6023
    C:\Users\user\Downloads\installer_intervideo_windvd.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\user\Downloads\installer_windvd_gold.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I
    We both agree that the installer in the download folder was targeted as malicious.

    The two programs that have the Toggle Application are versions of WinDVD, which I intended for the XP computer.
    Since WinDVD was intended for your XP, uninstall WinDVD from your Win7 and that should take care of those entries from being detected again.

    Also, I'd like to point out few entries that could/should be removed with HiJack This:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (file missing)
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (file missing)
    O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll


    Right click on HiJackThis and choose Run as Administrator, if the option is presented, then click on Do a system scan only. Place a check mark to the left of each of the entries above and click Fix Checked, close HiJackThis, then reboot, then do another system scan and post the log in your next reply.

    Then go to Programs and Features and uninstall the mentioned Toolbars if found.

    You can also follow the paths below and delete the folders:

    C:\Program Files (x86)\WI3C8A~1
    C:\Program Files (x86)\somototoolbar

    Run ESET again to see if anything is detected this time.

    Donna
    Last edited by DonnaB; 03-19-2012 at 07:21 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. The Following User Says Thank You to DonnaB For This Useful Post:


  10. #9
    Member
    Join Date
    Nov 2010
    Location
    Hackettstown, NJ
    Posts
    28
    Points
    0

    Default

    Thank you, Donna. The program the retailer included in this computer is the Office Depot Support Agent.

  11. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi troothteller,

    You're welcome!

    I'm assuming that you bought your computer at Office Depot. Right?

    The software in question, Office Depot PC Support Agent, is totally unnecessary. You have Secunia installed which is a much more reliable program, serves the same purpose, and is highly recommended by some of the best renowned experts in Internet Security.

    Personally, I would uninstall the Office Depot PC Support Agent software.

    To do so, go to Control Panel > Programs and Features, right click and choose uninstall. If you do not plan on reinstalling the software (which I wouldn't) follow the path below and delete the folder as well.

    C:\Program Files (x86)\Office Depot PC Support Agent

    Have you taken the time to accomplish the tasks I asked you to do in post #8 above? When complete, please post another HiJackThis log and scan with ESET once again.

    Also, I'd like to see an uninstall list if you don't mind. Please do the following:

    Uninstall list HijackThis instructions:

    Double click the HiJackThis Icon on the Desktop. On the Main Menu click on Open the Misc Tools section.

    Under System Tools on the left, click on Open Uninstall Manager.

    Then over to the right click on the Save List button and Save it to your Desktop so you may find it.

    Please copy and paste the list from notepad into your next reply.

    In your next reply, please post logs for:

    1.) HiJackThis log
    2.) HJT Uninstall list
    3.) ESET log

    Thank you.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 2 12 LastLast