Application can not be executed. Googletoolbaruser_32.exe is infected....

[sbreaux]

Application can not be executed. Googletoolbaruser_32.exe is infected. Do you want to activate your anti-virus software now?

Hello! All of a sudden (today), I am getting messages like this one (affected filename changes, but all are .exe), and I can't use any programs.  I have Trend MicroAntivirus on my computer and I can run it in safe mode, but it doesn't detect a problem.

I understand from the other threads what the problem is, and that the fixes for this are specific to each computer.  Could you please walk me through the fix for my computer?

Thanks!

[sbreaux]

I followed the initial instructions that you gave to others, and am posting the log from the SuperAntiSpyware scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/05/2010 at 02:31 PM

Application Version : 4.42.1000

Core Rules Database Version : 5458
Trace Rules Database Version: 3270

Scan type       : Complete Scan
Total Scan Time : 00:49:17

Memory items scanned      : 384
Memory threats detected   : 0
Registry items scanned    : 12774
Registry threats detected : 0
File items scanned        : 105005
File threats detected     : 44

Adware.Tracking Cookie
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@advertising[2].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@apmebf[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@atdmt[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@collective-media[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@doubleclick[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@interclick[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@media6degrees[2].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@mediaplex[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@specificclick[1].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@specificmedia[2].txt
   C:\Users\Lorenzo Breaux\AppData\Local\Temp\Low\Cookies\lorenzo_breaux@tribalfusion[2].txt
   a.ads2.msads.net [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   ads2.msads.net [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   b.ads2.msads.net [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   cdn4.specificclick.net [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   cloudfront.mediamatters.org [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   core.insightexpressai.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   hs.interpolls.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   ia.media-imdb.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   ictv-bd-ec.indieclicktv.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media.kyte.tv [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media.mtvnservices.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media.nbclosangeles.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media.nbcnewyork.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media.scanscout.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media.vmixcore.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media01.kyte.tv [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   media1.break.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   msnbcmedia.msn.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   multimedia.hola.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   multimedia.msn.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   objects.tremormedia.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   s0.2mdn.net [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   secure-us.imrworldwide.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   spe.atdmt.com [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   udn.specificclick.net [ C:\Users\Lorenzo Breaux\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S9CXEFGS ]
   C:\Users\Lorenzo Breaux\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Lorenzo Breaux\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

[Allan]

http://www.computerhope.com/forum/index.php/topic,46313.0.html

[sbreaux]

Here is the log from Malwarebytes.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4552

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

9/5/2010 4:19:22 PM
mbam-log-2010-09-05 (16-19-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 233739
Time elapsed: 29 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmwljeli (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Lorenzo Breaux\AppData\Local\ypyapiagt\lxmnkqvshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Lorenzo Breaux\AppData\Local\Temp\google.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

[sbreaux]

Here is the log from HijackThis.
Looking forward to further help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:48 PM, on 9/5/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.savetheredwoods.org/kit/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75128 bytes, MD5 5CF6190CD875DA6B35256FEE573E7908)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (filesize 191792 bytes, MD5 69974B4FB022B6FB8691BF537B4C1A26)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 403840 bytes, MD5 D46ED7D33E847CD9E78E9F02910536B5)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (filesize 814648 bytes, MD5 42CB4EE0B0FC259C8AD20B460FA7D72A)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (filesize 41368 bytes, MD5 192E39C717013A0BD532B33AC29D6E7D)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (filesize 1068904 bytes, MD5 28455424E3C8B81661C5A40E18066BB1)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (filesize 1068904 bytes, MD5 28455424E3C8B81661C5A40E18066BB1)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL (filesize 352256 bytes, MD5 96E8146A1107387EDA800CA9CA36CDB0)
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP (filesize 423936 bytes, MD5 8107E3A186C034DDEB14718D71332714)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exeC:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 (filesize 1294136 bytes, MD5 0683803970A1375A2A632FEEA62D8D99)
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" (filesize 498160 bytes, MD5 BE760E2A88F814F7BCF1C5AA017B8DB3)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (filesize 421888 bytes, MD5 ED7A6D40B20DC34BE06F4AE196AE7D50)
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (filesize 210472 bytes, MD5 846965AE55A2662B1576C0F392DD1D6E)
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" (filesize 29984 bytes, MD5 27249F2A900032F3C2DFAB8DE8F16399)
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" (filesize 46368 bytes, MD5 BE72C212B14FC8F872A70C6C311D0529)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" (filesize 328992 bytes, MD5 A4A66195EB0ECD574A32AAA92DC0A7BD)
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (filesize 1167360 bytes, MD5 EC7523C687CF755D17BF1BCC63BBA300)
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun (filesize 114688 bytes, MD5 4DE3EF07E0854547309C6B40235A9D44)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (filesize 141608 bytes, MD5 869A67EE7C237DD9F9104854CAE0A9CD)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (filesize 1090952 bytes, MD5 D594EA4AC1C0E4675EF2F0063950ABEF)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 39408 bytes, MD5 5D61BE7DB55B026A5D61A3EED09D0EAD)
O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem (filesize 2216968 bytes, MD5 B8065B5EE3298BD27FB792509E5C12F4)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user') (filesize 1132472 bytes, MD5 A0C7E69118EACF21BAB84D102ED555C4)
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (filesize 3450608 bytes, MD5 670FCAD3345904BF3BC477EA0FB2D093)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 186192 bytes, MD5 F008B25C34C98E4F207B00852E25E97D)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (filesize 186192 bytes, MD5 F008B25C34C98E4F207B00852E25E97D)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exeC:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exeC:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14229 bytes

[sbreaux]

Am still hoping for help.  Now that the long weekend is over, maybe someone will have time to look at this thread.  Superdave, are you out there?
Thanks!

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (filesize 1090952 bytes, MD5 D594EA4AC1C0E4675EF2F0063950ABEF)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

***********************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance. (Advanced Registry Optimizer)

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
**************************************
Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

[sbreaux]

Thanks, Superdave.
Before I received your instructions, my husband did a System Restore, and then installed NOD32.  So far, the computer seems to be working fine.  Should we go ahead and follow your instructions (which we have not done yet), or wait and see if the computer has any further problems?

[SuperDave]

System Restore will not cure an infection problem. In fact, it will sometimes make the infection worse. I suggest that you run the scan and post the logs and I'll have a look.