Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: AVG scan results = "Broken digital signature"  (Read 16431 times)

0 Members and 1 Guest are viewing this topic.

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
AVG scan results = "Broken digital signature"
« on: January 20, 2011, 04:35:17 PM »
AVG 2011 scan results information tab = "this file is signed with a broken digital signature, issued by: TOSHIBA INTERNATIONAL INFORMATION SYSTEMS."

File location is: C:\Program Files\toshiba\TOSAPINS\COMPS1\Chipset Software Installation Utility\ (3264bit)0\MANUAL\27611B.EXE

I keep getting this result as the only problem found via AVG scan. This is on my Toshiba L355 notebook PC. I tried finding a fix in the downloads section for my PC on Toshiba's website but I don't see this file.

Also, I ran the Computer Hope Log Tool using HJT and this does not show up as an issue.

How do I fix this?

Thanks,
Mike

deargodpleasehelp

  • Guest
Re: AVG scan results = "Broken digital signature"
« Reply #1 on: January 20, 2011, 04:56:42 PM »
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.
« Last Edit: January 21, 2011, 12:59:37 PM by SuperDave »

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #2 on: January 21, 2011, 01:09:30 PM »
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
******************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
Windows 8 and Windows 10 dual boot with two SSD's

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #3 on: January 22, 2011, 12:16:03 AM »
SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2011 at 11:50 PM

Application Version : 4.48.1000

Core Rules Database Version : 6255
Trace Rules Database Version: 4067

Scan type       : Complete Scan
Total Scan Time : 01:12:35

Memory items scanned      : 630
Memory threats detected   : 0
Registry items scanned    : 7738
Registry threats detected : 0
File items scanned        : 135966
File threats detected     : 1

Adware.Tracking Cookie
   www.naiadsystems.com [ C:\Users\Mike L\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XQCM3DMX ]

==========

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5569

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/22/2011 1:01:34 AM
mbam-log-2011-01-22 (01-01-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 300400
Time elapsed: 51 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==============

DDS logs next post

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #4 on: January 22, 2011, 12:18:32 AM »
DDS notepad


DDS (Ver_10-12-12.02) - NTFSx86 
Run by Mike L at  1:06:04.39 on Sat 01/22/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2939.1414 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike L\Downloads\dds(3).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: bmnet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} = 156.154.70.22,156.154.71.22
TCP: {9D493B71-F767-4098-8252-DAA7B357177C} = 156.154.70.22,156.154.71.22
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mikel~1\appdata\roaming\mozilla\firefox\profiles\wgi0my20.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 34744]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-23 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-18 363344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-20 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-18 20952]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2009-10-9 121416]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2009-10-9 125512]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-3-31 190080]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-5-4 148096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-21 01:49:52   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-01-21 01:49:52   --------   d-----w-   c:\progra~2\Spybot - Search & Destroy
2011-01-20 21:56:55   --------   d-----w-   c:\users\mikel~1\appdata\roaming\WildTangent
2011-01-20 21:19:39   --------   d-----w-   C:\Intel
2011-01-19 23:59:58   --------   d-----w-   c:\program files\COMODO
2011-01-19 23:56:59   --------   d-----w-   c:\progra~2\Comodo
2011-01-19 08:52:23   388096   ----a-r-   c:\users\mikel~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-19 08:52:23   --------   d-----w-   c:\program files\Trend Micro
2011-01-19 08:40:50   --------   d-----w-   C:\TOSHIBA
2011-01-19 08:40:41   733184   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-01-19 08:40:41   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-01-19 08:40:41   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-01-19 08:40:41   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-01-19 08:40:41   180356   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-01-19 08:40:41   172032   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-01-19 08:40:40   303236   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-01-19 08:19:09   --------   d-----w-   C:\slb8v220
2011-01-19 08:10:20   --------   d-----w-   c:\users\mikel~1\appdata\roaming\WinBatch
2011-01-18 06:31:13   --------   d-----w-   c:\users\mikel~1\appdata\local\Apple Computer
2011-01-17 22:25:01   --------   d-----w-   c:\program files\CCleaner
2011-01-17 22:04:20   --------   d-----w-   c:\users\mikel~1\appdata\local\Secunia PSI
2011-01-17 22:04:09   --------   d-----w-   c:\program files\Secunia
2011-01-17 00:01:38   --------   d-----w-   c:\users\mikel~1\appdata\local\KodakGallery
2011-01-17 00:01:27   --------   d-----w-   c:\users\mikel~1\appdata\roaming\Skinux
2011-01-16 10:23:43   --------   d-----w-   c:\users\mikel~1\appdata\local\WindowsUpdate
2011-01-16 10:01:17   --------   d-----w-   c:\users\mikel~1\appdata\local\Apps
2011-01-16 02:56:48   --------   d-----w-   c:\users\mikel~1\appdata\local\Adobe
2011-01-16 02:48:08   --------   d-----w-   c:\users\mikel~1\appdata\local\AT&T
2011-01-15 07:34:27   472808   ----a-w-   c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-15 06:50:51   --------   d-----w-   c:\users\mikel~1\appdata\roaming\SUPERAntiSpyware.com
2011-01-15 06:50:51   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2011-01-15 06:48:48   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-15 06:09:21   --------   d-----w-   c:\users\mikel~1\appdata\roaming\Malwarebytes
2011-01-15 05:49:06   --------   d-----w-   c:\users\mikel~1\appdata\local\Google
2011-01-15 04:48:53   --------   d-----w-   c:\users\mikel~1\appdata\roaming\Bytemobile
2011-01-15 04:48:53   --------   d-----w-   c:\users\mikel~1\appdata\roaming\AVG10
2011-01-15 04:48:00   --------   d-----w-   c:\users\mikel~1\appdata\local\VirtualStore
2011-01-15 04:46:17   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-01-15 04:46:17   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-01-15 04:46:17   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-01-15 04:46:17   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-01-15 04:46:17   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-01-15 04:46:16   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-01-15 04:46:16   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2011-01-15 03:44:06   2730536   ----a-w-   c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-01-15 03:44:03   6273872   ----a-w-   c:\progra~2\microsoft\windows defender\definition updates\{ab97d6dd-50a4-4e32-9f38-4df626947a7a}\mpengine.dll
2011-01-15 03:44:01   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-13 20:32:18   413696   ----a-w-   c:\windows\system32\odbc32.dll
2011-01-13 20:32:17   708608   ----a-w-   c:\program files\common files\system\ado\msado15.dll
2011-01-13 20:32:17   57344   ----a-w-   c:\program files\common files\system\msadc\msadcs.dll
2011-01-13 20:32:17   253952   ----a-w-   c:\program files\common files\system\ado\msadox.dll
2011-01-13 20:32:17   241664   ----a-w-   c:\program files\common files\system\ado\msadomd.dll
2011-01-13 20:32:17   180224   ----a-w-   c:\program files\common files\system\msadc\msadco.dll
2011-01-13 19:51:57   1169408   ----a-w-   c:\windows\system32\sdclt.exe
2011-01-06 23:36:46   34744   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 23:36:46   236600   ----a-w-   c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 23:36:44   17256   ----a-w-   c:\windows\system32\drivers\cmderd.sys
2010-12-29 07:42:04   285480   ----a-w-   c:\windows\system32\guard32.dll

==================== Find3M  ====================

2010-11-29 23:38:30   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-13 00:53:06   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-11-04 18:56:07   345600   ----a-w-   c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38   352768   ----a-w-   c:\windows\system32\taskschd.dll
2010-11-04 18:55:38   270336   ----a-w-   c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12   601600   ----a-w-   c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06   171520   ----a-w-   c:\windows\system32\taskeng.exe
2010-11-02 06:01:54   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-02 05:57:41   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-11-02 05:57:11   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 04:26:10   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-10-28 13:27:47   292352   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-28 13:20:12   2048   ----a-w-   c:\windows\system32\tzres.dll

============= FINISH:  1:06:50.69 ===============


DDS attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2009 6:57:02 AM
System Uptime: 1/22/2011 12:03:52 AM (1 hours ago)

Motherboard: TOSHIBA |  | Portable PC
Processor: Intel(R) Celeron(R) CPU          900  @ 2.20GHz | CPU | 2194/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 160.622 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Apple Application Support
Apple Software Update
AT&T Communication Manager
AVG 2011
AVG PC Tuneup 2011
CCleaner
CCScore
CD/DVD Drive Acoustic Silencer
COMODO Internet Security
Compatibility Pack for the 2007 Office system
DVD MovieFactory for TOSHIBA
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
EVEREST Home Edition v2.20
fflink
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 23
K-Lite Codec Pack 4.1.7 (Standard)
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
OfotoXMI
PS_AIO_03_C4400_Software_Min
QuickBooks Financial Center
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Scan
Secunia PSI (2.0.0.3001)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
tooltips
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 0.9.8a
VPRINTOL
WildTangent Games
Windows Media Encoder 9 Series
WIRELESS

==== End Of File ===========================


===============

Thanks SuperDave!!!

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #5 on: January 22, 2011, 12:38:44 PM »
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

WildTangent Web Driveror anything related to WildTangent.
*****************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Windows 8 and Windows 10 dual boot with two SSD's

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #6 on: January 22, 2011, 01:50:39 PM »
I get a message from Combofix saying I need to uninstall AVG before continuing. do I really need to do this? I have AVG disabled for 15 min. per directions given in your link.

Also disabled/closed are Malwarebytes, Spybot S&D - Teatimer, Comodo firewall. I'm now online with no protection.

I uninstalled Wild Tangent Games.

Here's the security check log:

 Results of screen317's Security Check version 0.99.8 
 Windows Vista Service Pack 2 (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Disabled! 
 AVG 2011     
 AVG PC Tuneup 2011   
 AVG 2011     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 AVG PC Tuneup 2011 
 CCleaner     
 Java(TM) 6 Update 23 
 Adobe Flash Player 10.1.102.64 
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
``````````End of Log````````````

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #7 on: January 22, 2011, 07:14:28 PM »
Quote
I get a message from Combofix saying I need to uninstall AVG before continuing. do I really need to do this? I have AVG disabled for 15 min. per directions given in your link.
Unfortunately, Yes. I would recommend MicroSoft Security Essentials. Very effective and not a resource hog. Just install it and forget about it.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
Windows 8 and Windows 10 dual boot with two SSD's

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #8 on: January 22, 2011, 08:17:19 PM »
Sorry for the delayed post but I finally got AVG uninstalled and ran Combofix. Below is the log and the new HJT log.

I suppose I might should wait for your reply about this log information before uninstalling / installing Acrobat Reader and MSE.


ComboFix 11-01-22.01 - Mike L 01/22/2011  20:30:03.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2939.2044 [GMT -6:00]
Running from: c:\users\Mike L\Downloads\ComboFix.exe
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-12-23 to 2011-01-23  )))))))))))))))))))))))))))))))
.

2011-01-23 02:35 . 2011-01-23 02:35   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-01-21 01:49 . 2011-01-22 09:19   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-01-21 01:49 . 2011-01-21 02:09   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-01-20 21:19 . 2011-01-20 21:19   --------   d-----w-   C:\Intel
2011-01-19 23:59 . 2011-01-19 23:59   --------   d-----w-   c:\program files\COMODO
2011-01-19 23:56 . 2011-01-20 00:06   --------   d-----w-   c:\programdata\Comodo
2011-01-19 08:52 . 2011-01-19 08:52   --------   d-----w-   c:\program files\Trend Micro
2011-01-19 08:40 . 2011-01-19 08:40   --------   d-----w-   C:\TOSHIBA
2011-01-19 08:40 . 2011-01-19 08:40   180356   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-01-19 08:40 . 2004-04-19 05:42   733184   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-01-19 08:40 . 2004-04-19 05:40   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-01-19 08:40 . 2004-04-19 05:39   266240   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-01-19 08:40 . 2004-04-19 05:39   172032   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-01-19 08:40 . 2004-04-19 05:39   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-01-19 08:40 . 2011-01-19 08:40   303236   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-01-19 08:19 . 2011-01-19 08:19   --------   d-----w-   C:\slb8v220
2011-01-17 22:25 . 2011-01-17 22:25   --------   d-----w-   c:\program files\CCleaner
2011-01-17 22:04 . 2011-01-17 22:04   --------   d-----w-   c:\program files\Secunia
2011-01-16 10:40 . 2011-01-16 10:40   --------   d-----w-   c:\users\Default\AppData\Local\Microsoft Help
2011-01-15 06:50 . 2011-01-15 06:50   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-01-15 06:48 . 2011-01-15 06:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-15 04:47 . 2011-01-20 00:00   --------   d-----w-   c:\users\Mike L
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-01-15 04:46 . 2011-01-15 04:46   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-01-15 04:45 . 2011-01-15 04:46   --------   d-----w-   c:\program files\QuickTime
2011-01-15 04:45 . 2011-01-15 04:45   --------   d-----w-   c:\programdata\Apple Computer
2011-01-15 04:44 . 2011-01-15 04:44   --------   d-----w-   c:\program files\Common Files\Apple
2011-01-15 04:44 . 2011-01-15 04:44   --------   d-----w-   c:\users\Jim\AppData\Local\Apple
2011-01-15 04:44 . 2011-01-15 04:44   --------   d-----w-   c:\program files\Apple Software Update
2011-01-15 04:44 . 2011-01-15 04:44   --------   d-----w-   c:\programdata\Apple
2011-01-15 04:33 . 2011-01-15 04:33   --------   d-----w-   c:\program files\Common Files\Adobe
2011-01-15 03:44 . 2010-11-16 18:01   6273872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB97D6DD-50A4-4E32-9F38-4DF626947A7A}\mpengine.dll
2011-01-15 03:44 . 2010-10-19 16:41   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-01-13 20:32 . 2010-12-28 15:55   413696   ----a-w-   c:\windows\system32\odbc32.dll
2011-01-13 20:32 . 2010-12-28 15:53   253952   ----a-w-   c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 20:32 . 2010-12-28 15:53   241664   ----a-w-   c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 20:32 . 2010-12-28 15:53   708608   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 20:32 . 2010-12-28 15:53   57344   ----a-w-   c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 20:32 . 2010-12-28 15:53   180224   ----a-w-   c:\program files\Common Files\System\msadc\msadco.dll
2011-01-13 19:51 . 2010-12-14 14:49   1169408   ----a-w-   c:\windows\system32\sdclt.exe
2011-01-13 19:27 . 2011-01-13 19:27   --------   d-----w-   c:\users\Jim\AppData\Local\Apple Computer
2011-01-06 23:36 . 2011-01-06 23:36   80064   ----a-w-   c:\windows\system32\drivers\inspect.sys
2011-01-06 23:36 . 2011-01-06 23:36   34744   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 23:36 . 2011-01-06 23:36   236600   ----a-w-   c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 23:36 . 2011-01-06 23:36   17256   ----a-w-   c:\windows\system32\drivers\cmderd.sys
2010-12-29 07:42 . 2010-12-29 07:42   285480   ----a-w-   c:\windows\system32\guard32.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2010-01-18 06:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-01-18 06:54   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-13 00:53 . 2010-08-17 18:37   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-11-04 18:56 . 2010-12-16 00:26   345600   ----a-w-   c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 00:26   352768   ----a-w-   c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 00:26   270336   ----a-w-   c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 00:26   601600   ----a-w-   c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 00:26   171520   ----a-w-   c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 22:23   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 22:23   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 22:23   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 22:23   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 22:23   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-15 22:23   385024   ----a-w-   c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 22:23   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 22:23   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-16 00:26   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-16 00:26   292352   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-15 22:23   2048   ----a-w-   c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\951738463]
2008-07-22 23:02   87536   ----a-w-   c:\program files\Toshiba Registration\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2009-10-09 23:58   883272   ----a-w-   c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-25 22:05   170520   ----a-w-   c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54   178712   ----a-w-   c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 22:06   150040   ----a-w-   c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 22:06   145944   ----a-w-   c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 22:14   6037504   ----a-w-   c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15   1826816   ----a-w-   c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2009-10-09 121416]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-09 125512]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 190080]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 148096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 34744]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
TCP: {0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} = 156.154.70.22,156.154.71.22
TCP: {9D493B71-F767-4098-8252-DAA7B357177C} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Mike L\AppData\Roaming\Mozilla\Firefox\Profiles\wgi0my20.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSConfigStartUp-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 20:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\bmnet.dll
.
Completion time: 2011-01-22  20:37:46
ComboFix-quarantined-files.txt  2011-01-23 02:37

Pre-Run: 175,741,857,792 bytes free
Post-Run: 175,839,641,600 bytes free

- - End Of File - - EC10C73ECB11FE753590C6A00A718888

===============================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:44 PM, on 1/22/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\Sniper run as administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D493B71-F767-4098-8252-DAA7B357177C}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5691 bytes


SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #9 on: January 23, 2011, 01:09:27 PM »
Quote
I suppose I might should wait for your reply about this log information before uninstalling / installing Acrobat Reader and MSE.
Please install them now. Every second you're on the net without protection increases your chances of getting infected.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The

log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list].
Windows 8 and Windows 10 dual boot with two SSD's

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #10 on: January 23, 2011, 02:01:26 PM »
Acrobat reader old uninstalled / new installed
Security Essentials installed

=========================


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8EAD4000
Module End: 8EBA2000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: JIM-PC:54491
Remote Address: LOCALHOST:54490
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: JIM-PC:54490
Remote Address: LOCALHOST:54491
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: JIM-PC:54489
Remote Address: LOCALHOST:54488
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: JIM-PC:54488
Remote Address: LOCALHOST:54489
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: JIM-PC:54763
Remote Address: PSI.SECUNIA.COM:HTTPS
Type: TCP
Process: C:\Program Files\Secunia\PSI\psia.exe
State: CLOSE_WAIT

Local Address: JIM-PC:54564
Remote Address: VIP1.G-ANYCAST1.CACHEFLY.NET:HTTP
Type: TCP
Process: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State: CLOSE_WAIT

Local Address: JIM-PC:54563
Remote Address: DOWNLOAD.COMODO.COM:HTTP
Type: TCP
Process: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State: CLOSE_WAIT

Local Address: JIM-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JIM-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: JIM-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JIM-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: JIM-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JIM-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JIM-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: JIM-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JIM-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: JIM-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: JIM-PC:64883
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:1233
Remote Address: NA
Type: UDP
Process: C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
State: NA

Local Address: JIM-PC:64882
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JIM-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: JIM-PC:61513
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: JIM-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied


SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #11 on: January 23, 2011, 07:03:28 PM »
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Windows 8 and Windows 10 dual boot with two SSD's

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #12 on: January 26, 2011, 01:52:31 AM »
Sorry for the delay. My job calls me in (65 miles from home) at anytime, any day. And I don't take this PC to work with me.  ::)

I'd like to scan your machine with ESET OnlineScan
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 Results = scanned files - 109637
             = infected files - 0
             = cleaned files 0
 - therefore no option is given to save a log - only option is, "uninstall application on close", which I checked and closed.

No log found in C/program/ESET either.

How are we doing so far SuperDave?
I know your real busy with all the users you help here and I'm certainly thankful for your effort helping me. Hat's off to all you helper guru's with no paycheck for the effort.  :)


SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #13 on: January 26, 2011, 12:05:53 PM »
Quote
How are we doing so far SuperDave?
Looks good. If there are no other issues, it's time for some cleanup.

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
*******************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Windows 8 and Windows 10 dual boot with two SSD's

lectrocrew

    Topic Starter


    Mentor

  • ole dog learning new tricks
  • Thanked: 21
    • Yes
    • Yes
    • My first self-built computer
  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 10
Re: AVG scan results = "Broken digital signature"
« Reply #14 on: January 26, 2011, 06:14:43 PM »
Okay,
Combofix uninstalled - done...
Run TFC - done...
Secunia PSI - already installed / system score 100%...
Windows Update is set to download / install updates automatically - no critical updates found...
WOT installed for both my browsers, Firefox and IE8...
Spywareblaster installed / updated and fully functional...
Spybot S&D already installed - immunized - up to date...

I made some changes suggested in the links you gave and my PC is running great.
I'll also use this information on some of my other PC's.

So I'm a happy camper and I thank you again for all your help!!!  :)