Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting to Searchmagnified (Gilane.net)


  • This topic is locked This topic is locked
21 replies to this topic

#1 TrainDriver

TrainDriver

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 April 2012 - 03:45 AM

Hello there. I am having a problem with what appears to be searchmagnified.com, everytime I open google or try to perform a search it redirects to a site advertising itself as Gilane.net and there has also been a noticable slowdown in my computers speed, especially when starting up firefox. This redirect seems to affect some search engines (Google, Bing) but not others (Yahoo). I have tried to remove it using available tools such as AVG, Malwarebytes and CCleaner but have had no luck.

Many Thanks for any help you can offer


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Ben at 15:04:36 on 2012-04-16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1013.158 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\ADAiO2MUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [ALUAlert] "c:\program files\symantec\liveupdate\ALuNotify.exe" "/LOWDISKSPACE C"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Conime] %windir%\system32\conime.exe
mRun: [ADAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D8E0CB1E-5F18-4F1B-8D0D-FDF480982E56} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\ylm6yfqa.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0205fac3-e007-4cda-8a74-baeec601b860%7D&mid=5c26f75c574d47d68a20d15f927ca576-5af1474a9e77cf5fec368b98c62baaeaa07aa7f5&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-15%2020%3A02%3A33&sap=ku&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\ben\appdata\roaming\mozilla\firefox\profiles\ylm6yfqa.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\avg secure search\10.0.0.7
FF - Ext: XULRunner: {24B7423D-B572-4083-8238-9BB738BF213B} - c:\users\ben\appdata\local\{24B7423D-B572-4083-8238-9BB738BF213B}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-18 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2011-10-14 361904]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-12 1153368]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-15 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c1ace56c71e;Google Update Service (gupdate1c9c1ace56c71e);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-12 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-20 133104]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-4-27 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-4-27 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-4-27 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-4-27 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-4-27 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-4-27 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-4-27 109864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-27 09:49:52 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-04-16 13:09:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH: 15:07:02.90 ===============

Attached Files

  • Attached File  ark.txt   11.26KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 17 April 2012 - 11:51 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 18 April 2012 - 04:56 AM

Hi Gringo, thanks for the reply. I will post the security check log as requested now and the combofix log in a separate post in a few minutes once it has run.

Security Check Log:

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.4
HijackThis 2.0.2
AVG PC Tuneup 2011
CCleaner (remove only)
Adobe Flash Player 10.3.183.18 Flash Player out of Date!
Mozilla Firefox (3.6.28) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#4 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 18 April 2012 - 05:36 AM

And here is the Combofix Log. It also seems to appear that since running combofix the redirects have finished and the browser is behaving normally:

ComboFix 12-04-17.01 - Ben 18/04/2012 11:05:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1013.282 [GMT 1:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Ben\AppData\Local\{24B7423D-B572-4083-8238-9BB738BF213B}
c:\users\Ben\AppData\Local\{24B7423D-B572-4083-8238-9BB738BF213B}\chrome.manifest
c:\users\Ben\AppData\Local\{24B7423D-B572-4083-8238-9BB738BF213B}\chrome\content\_cfg.js
c:\users\Ben\AppData\Local\{24B7423D-B572-4083-8238-9BB738BF213B}\chrome\content\overlay.xul
c:\users\Ben\AppData\Local\{24B7423D-B572-4083-8238-9BB738BF213B}\install.rdf
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk
c:\windows\system32\help.html
c:\windows\system32\images
c:\windows\system32\images\3da.jpg
c:\windows\system32\images\ts_back2.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 10:20 . 2012-04-18 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 10:20 . 2012-04-18 10:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-27 09:49 . 2012-03-27 11:46 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 13:09 . 2011-06-11 17:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2010-03-06 18:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-15 12:49 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-12 492912]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 185896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Conime"="c:\windows\system32\conime.exe" [2008-01-18 69120]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 11:33]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 11:33]
.
2012-04-18 c:\windows\Tasks\User_Feed_Synchronization-{948899F2-D181-4499-AB3E-9D744B0E4B99}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\ylm6yfqa.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0205fac3-e007-4cda-8a74-baeec601b860%7D&mid=5c26f75c574d47d68a20d15f927ca576-5af1474a9e77cf5fec368b98c62baaeaa07aa7f5&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-15%2020%3A02%3A33&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.0.0.7
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-22398354.sys
SafeBoot-84942742.sys
AddRemove-2714328721.www.tescoentertainment.com - c:\program files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 11:22
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\272F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-18 11:28:19
ComboFix-quarantined-files.txt 2012-04-18 10:28
.
Pre-Run: 7,353,802,752 bytes free
Post-Run: 7,383,195,648 bytes free
.
- - End Of File - - F9F56846A7EE5300B1EFE825DCBC3AF5

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 18 April 2012 - 05:38 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 18 April 2012 - 05:49 AM

Hi Gringo. TDSS below, aswMBR to follow


11:43:08.0097 6100 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:43:08.0347 6100 ============================================================
11:43:08.0347 6100 Current date / time: 2012/04/18 11:43:08.0347
11:43:08.0347 6100 SystemInfo:
11:43:08.0347 6100
11:43:08.0347 6100 OS Version: 6.0.6001 ServicePack: 1.0
11:43:08.0347 6100 Product type: Workstation
11:43:08.0347 6100 ComputerName: BENS-LAPTOP
11:43:08.0362 6100 UserName: Ben
11:43:08.0362 6100 Windows directory: C:\Windows
11:43:08.0362 6100 System windows directory: C:\Windows
11:43:08.0362 6100 Processor architecture: Intel x86
11:43:08.0362 6100 Number of processors: 2
11:43:08.0362 6100 Page size: 0x1000
11:43:08.0362 6100 Boot type: Normal boot
11:43:08.0362 6100 ============================================================
11:43:14.0602 6100 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:43:14.0618 6100 \Device\Harddisk0\DR0:
11:43:14.0618 6100 MBR used
11:43:14.0618 6100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6FCA000
11:43:14.0618 6100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x72B8800, BlocksNum 0x6CDC000
11:43:14.0868 6100 Initialize success
11:43:14.0868 6100 ============================================================
11:43:19.0096 5436 ============================================================
11:43:19.0096 5436 Scan started
11:43:19.0096 5436 Mode: Manual;
11:43:19.0096 5436 ============================================================
11:43:21.0218 5436 ACPI - ok
11:43:21.0265 5436 adp94xx - ok
11:43:21.0296 5436 adpahci - ok
11:43:21.0311 5436 adpu160m - ok
11:43:21.0311 5436 adpu320 - ok
11:43:21.0592 5436 Advent AIO Network Discovery Service - ok
11:43:21.0608 5436 AeLookupSvc - ok
11:43:21.0655 5436 AFD - ok
11:43:21.0670 5436 AgereModemAudio - ok
11:43:21.0717 5436 AgereSoftModem - ok
11:43:21.0764 5436 agp440 - ok
11:43:21.0779 5436 aic78xx - ok
11:43:21.0795 5436 ALG - ok
11:43:21.0795 5436 aliide - ok
11:43:21.0811 5436 amdagp - ok
11:43:21.0811 5436 amdide - ok
11:43:21.0857 5436 AmdK7 - ok
11:43:21.0873 5436 AmdK8 - ok
11:43:21.0951 5436 ApfiltrService - ok
11:43:22.0091 5436 Appinfo - ok
11:43:22.0123 5436 Apple Mobile Device - ok
11:43:22.0185 5436 arc - ok
11:43:22.0216 5436 arcsas - ok
11:43:22.0232 5436 AsyncMac - ok
11:43:22.0247 5436 atapi - ok
11:43:22.0263 5436 athr - ok
11:43:22.0294 5436 AudioEndpointBuilder - ok
11:43:22.0294 5436 Audiosrv - ok
11:43:22.0419 5436 Automatic LiveUpdate Scheduler - ok
11:43:22.0528 5436 AVG Security Toolbar Service - ok
11:43:22.0559 5436 AVGIDSAgent - ok
11:43:22.0575 5436 AVGIDSDriver - ok
11:43:22.0575 5436 AVGIDSEH - ok
11:43:22.0591 5436 AVGIDSFilter - ok
11:43:22.0591 5436 AVGIDSShim - ok
11:43:22.0606 5436 Avgldx86 - ok
11:43:22.0637 5436 Avgmfx86 - ok
11:43:22.0653 5436 Avgrkx86 - ok
11:43:22.0684 5436 Avgtdix - ok
11:43:22.0700 5436 avgwd - ok
11:43:22.0840 5436 Beep - ok
11:43:22.0949 5436 BFE - ok
11:43:23.0043 5436 BITS - ok
11:43:23.0043 5436 blbdrive - ok
11:43:23.0199 5436 Bonjour Service - ok
11:43:23.0215 5436 bowser - ok
11:43:23.0246 5436 BrFiltLo - ok
11:43:23.0261 5436 BrFiltUp - ok
11:43:23.0261 5436 Browser - ok
11:43:23.0293 5436 Brserid - ok
11:43:23.0308 5436 BrSerWdm - ok
11:43:23.0308 5436 BrUsbMdm - ok
11:43:23.0324 5436 BrUsbSer - ok
11:43:23.0355 5436 BTHMODEM - ok
11:43:23.0433 5436 catchme - ok
11:43:23.0480 5436 cdfs - ok
11:43:23.0527 5436 cdrom - ok
11:43:23.0620 5436 CertPropSvc - ok
11:43:23.0636 5436 CFSvcs - ok
11:43:23.0651 5436 circlass - ok
11:43:23.0667 5436 CLFS - ok
11:43:23.0667 5436 clr_optimization_v2.0.50727_32 - ok
11:43:23.0714 5436 clr_optimization_v4.0.30319_32 - ok
11:43:23.0745 5436 CLTNetCnService - ok
11:43:23.0761 5436 CmBatt - ok
11:43:23.0776 5436 cmdide - ok
11:43:23.0792 5436 Compbatt - ok
11:43:23.0807 5436 COMSysApp - ok
11:43:23.0823 5436 crcdisk - ok
11:43:23.0854 5436 Crusoe - ok
11:43:23.0917 5436 CryptSvc - ok
11:43:23.0932 5436 DcomLaunch - ok
11:43:23.0932 5436 DfsC - ok
11:43:24.0073 5436 DFSR - ok
11:43:24.0151 5436 Dhcp - ok
11:43:24.0229 5436 disk - ok
11:43:24.0229 5436 Dnscache - ok
11:43:24.0260 5436 dot3svc - ok
11:43:24.0260 5436 DPS - ok
11:43:24.0275 5436 drmkaud - ok
11:43:24.0291 5436 DXGKrnl - ok
11:43:24.0291 5436 E1G60 - ok
11:43:24.0369 5436 EapHost - ok
11:43:24.0447 5436 Ecache - ok
11:43:24.0447 5436 eeCtrl - ok
11:43:24.0463 5436 ehRecvr - ok
11:43:24.0463 5436 ehSched - ok
11:43:24.0478 5436 ehstart - ok
11:43:24.0556 5436 elxstor - ok
11:43:24.0572 5436 EMDMgmt - ok
11:43:24.0587 5436 EventSystem - ok
11:43:24.0619 5436 exfat - ok
11:43:24.0634 5436 fastfat - ok
11:43:24.0650 5436 fdc - ok
11:43:24.0665 5436 fdPHost - ok
11:43:24.0665 5436 FDResPub - ok
11:43:24.0681 5436 FileInfo - ok
11:43:24.0681 5436 Filetrace - ok
11:43:24.0775 5436 flpydisk - ok
11:43:24.0775 5436 FltMgr - ok
11:43:24.0884 5436 FontCache3.0.0.0 - ok
11:43:24.0884 5436 Fs_Rec - ok
11:43:24.0899 5436 gagp30kx - ok
11:43:24.0899 5436 GEARAspiWDM - ok
11:43:24.0915 5436 getPlusHelper - ok
11:43:24.0931 5436 gpsvc - ok
11:43:24.0931 5436 gupdate1c9c1ace56c71e - ok
11:43:25.0024 5436 gupdatem - ok
11:43:25.0055 5436 gusvc - ok
11:43:25.0102 5436 HdAudAddService - ok
11:43:25.0102 5436 HDAudBus - ok
11:43:25.0118 5436 HidBth - ok
11:43:25.0118 5436 HidIr - ok
11:43:25.0133 5436 hidserv - ok
11:43:25.0133 5436 HidUsb - ok
11:43:25.0149 5436 hkmsvc - ok
11:43:25.0149 5436 HpCISSs - ok
11:43:25.0165 5436 HTTP - ok
11:43:25.0165 5436 i2omp - ok
11:43:25.0211 5436 i8042prt - ok
11:43:25.0211 5436 ialm - ok
11:43:25.0227 5436 iaStorV - ok
11:43:25.0227 5436 idsvc - ok
11:43:25.0258 5436 igfx - ok
11:43:25.0258 5436 iirsp - ok
11:43:25.0274 5436 IKEEXT - ok
11:43:25.0289 5436 IntcAzAudAddService - ok
11:43:25.0289 5436 intelide - ok
11:43:25.0336 5436 intelppm - ok
11:43:25.0352 5436 IPBusEnum - ok
11:43:25.0352 5436 IpFilterDriver - ok
11:43:25.0367 5436 iphlpsvc - ok
11:43:25.0367 5436 IpInIp - ok
11:43:25.0383 5436 IPMIDRV - ok
11:43:25.0399 5436 IPNAT - ok
11:43:25.0430 5436 iPod Service - ok
11:43:25.0445 5436 IRENUM - ok
11:43:25.0445 5436 isapnp - ok
11:43:25.0461 5436 iScsiPrt - ok
11:43:25.0477 5436 iteatapi - ok
11:43:25.0477 5436 iteraid - ok
11:43:25.0492 5436 kbdclass - ok
11:43:25.0492 5436 kbdhid - ok
11:43:25.0508 5436 KeyIso - ok
11:43:25.0508 5436 KR10I - ok
11:43:25.0523 5436 KR10N - ok
11:43:25.0523 5436 KSecDD - ok
11:43:25.0539 5436 KtmRm - ok
11:43:25.0539 5436 LanmanServer - ok
11:43:25.0555 5436 LanmanWorkstation - ok
11:43:25.0601 5436 Lbd - ok
11:43:25.0648 5436 LiveUpdate - ok
11:43:25.0742 5436 LiveUpdate Notice Ex - ok
11:43:25.0742 5436 LiveUpdate Notice Service - ok
11:43:25.0757 5436 lltdio - ok
11:43:25.0757 5436 lltdsvc - ok
11:43:25.0773 5436 lmhosts - ok
11:43:25.0820 5436 LPCFilter - ok
11:43:25.0835 5436 LSI_FC - ok
11:43:25.0835 5436 LSI_SAS - ok
11:43:25.0851 5436 LSI_SCSI - ok
11:43:25.0851 5436 luafv - ok
11:43:25.0882 5436 MBAMProtector - ok
11:43:25.0898 5436 MBAMService - ok
11:43:25.0898 5436 Mcx2Svc - ok
11:43:25.0913 5436 megasas - ok
11:43:25.0929 5436 MEMSWEEP2 - ok
11:43:25.0945 5436 MMCSS - ok
11:43:25.0945 5436 Modem - ok
11:43:25.0976 5436 monitor - ok
11:43:25.0976 5436 mouclass - ok
11:43:25.0991 5436 mouhid - ok
11:43:25.0991 5436 MountMgr - ok
11:43:26.0007 5436 mpio - ok
11:43:26.0007 5436 mpsdrv - ok
11:43:26.0023 5436 MpsSvc - ok
11:43:26.0023 5436 Mraid35x - ok
11:43:26.0038 5436 MRxDAV - ok
11:43:26.0038 5436 mrxsmb - ok
11:43:26.0054 5436 mrxsmb10 - ok
11:43:26.0054 5436 mrxsmb20 - ok
11:43:26.0069 5436 msahci - ok
11:43:26.0069 5436 msdsm - ok
11:43:26.0085 5436 MSDTC - ok
11:43:26.0101 5436 Msfs - ok
11:43:26.0163 5436 msisadrv - ok
11:43:26.0179 5436 MSiSCSI - ok
11:43:26.0179 5436 msiserver - ok
11:43:26.0225 5436 MSKSSRV - ok
11:43:26.0241 5436 MSPCLOCK - ok
11:43:26.0257 5436 MSPQM - ok
11:43:26.0272 5436 MsRPC - ok
11:43:26.0272 5436 mssmbios - ok
11:43:26.0288 5436 MSTEE - ok
11:43:26.0288 5436 Mup - ok
11:43:26.0303 5436 napagent - ok
11:43:26.0319 5436 NativeWifiP - ok
11:43:26.0335 5436 NDIS - ok
11:43:26.0335 5436 NdisTapi - ok
11:43:26.0350 5436 Ndisuio - ok
11:43:26.0350 5436 NdisWan - ok
11:43:26.0350 5436 NDProxy - ok
11:43:26.0366 5436 NetBIOS - ok
11:43:26.0366 5436 netbt - ok
11:43:26.0381 5436 Netlogon - ok
11:43:26.0381 5436 Netman - ok
11:43:26.0397 5436 netprofm - ok
11:43:26.0397 5436 NetTcpPortSharing - ok
11:43:26.0413 5436 NETw3v32 - ok
11:43:26.0553 5436 NETw4v32 - ok
11:43:26.0569 5436 nfrd960 - ok
11:43:26.0569 5436 NlaSvc - ok
11:43:26.0584 5436 Npfs - ok
11:43:26.0584 5436 nsi - ok
11:43:26.0600 5436 nsiproxy - ok
11:43:26.0600 5436 Ntfs - ok
11:43:26.0615 5436 ntrigdigi - ok
11:43:26.0615 5436 Null - ok
11:43:26.0678 5436 nvlddmkm - ok
11:43:26.0693 5436 nvraid - ok
11:43:26.0693 5436 nvstor - ok
11:43:26.0725 5436 nv_agp - ok
11:43:26.0725 5436 NwlnkFlt - ok
11:43:26.0740 5436 NwlnkFwd - ok
11:43:26.0756 5436 ohci1394 - ok
11:43:26.0756 5436 p2pimsvc - ok
11:43:26.0771 5436 p2psvc - ok
11:43:26.0771 5436 Parport - ok
11:43:26.0787 5436 partmgr - ok
11:43:26.0787 5436 Parvdm - ok
11:43:26.0818 5436 PcaSvc - ok
11:43:26.0818 5436 pci - ok
11:43:26.0834 5436 pciide - ok
11:43:26.0834 5436 pcmcia - ok
11:43:26.0865 5436 PEAUTH - ok
11:43:26.0881 5436 pla - ok
11:43:26.0896 5436 PlugPlay - ok
11:43:26.0896 5436 PNRPAutoReg - ok
11:43:26.0912 5436 PNRPsvc - ok
11:43:26.0912 5436 PolicyAgent - ok
11:43:26.0927 5436 PptpMiniport - ok
11:43:26.0927 5436 Processor - ok
11:43:26.0943 5436 ProfSvc - ok
11:43:26.0943 5436 ProtectedStorage - ok
11:43:26.0959 5436 PSched - ok
11:43:27.0052 5436 ql2300 - ok
11:43:27.0052 5436 ql40xx - ok
11:43:27.0068 5436 QWAVE - ok
11:43:27.0068 5436 QWAVEdrv - ok
11:43:27.0130 5436 RapportCerberus_34302 - ok
11:43:27.0161 5436 RapportEI - ok
11:43:27.0177 5436 RapportIaso - ok
11:43:27.0177 5436 RapportKELL - ok
11:43:27.0208 5436 RapportMgmtService - ok
11:43:27.0239 5436 RapportPG - ok
11:43:27.0255 5436 RasAcd - ok
11:43:27.0255 5436 RasAuto - ok
11:43:27.0271 5436 Rasl2tp - ok
11:43:27.0271 5436 RasMan - ok
11:43:27.0286 5436 RasPppoe - ok
11:43:27.0302 5436 RasSstp - ok
11:43:27.0302 5436 rdbss - ok
11:43:27.0317 5436 RDPCDD - ok
11:43:27.0317 5436 rdpdr - ok
11:43:27.0333 5436 RDPENCDD - ok
11:43:27.0349 5436 RDPWD - ok
11:43:27.0364 5436 RemoteAccess - ok
11:43:27.0380 5436 RemoteRegistry - ok
11:43:27.0395 5436 RpcLocator - ok
11:43:27.0395 5436 RpcSs - ok
11:43:27.0411 5436 rspndr - ok
11:43:27.0411 5436 RTL8169 - ok
11:43:27.0458 5436 s1018bus - ok
11:43:27.0473 5436 s1018mdfl - ok
11:43:27.0489 5436 s1018mdm - ok
11:43:27.0536 5436 s1018mgmt - ok
11:43:27.0536 5436 s1018nd5 - ok
11:43:27.0551 5436 s1018obex - ok
11:43:27.0551 5436 s1018unic - ok
11:43:27.0567 5436 SamSs - ok
11:43:27.0567 5436 sbp2port - ok
11:43:27.0661 5436 SBSDWSCService - ok
11:43:27.0676 5436 SCardSvr - ok
11:43:27.0676 5436 Schedule - ok
11:43:27.0676 5436 SCPolicySvc - ok
11:43:27.0692 5436 sdbus - ok
11:43:27.0692 5436 SDRSVC - ok
11:43:27.0707 5436 secdrv - ok
11:43:27.0707 5436 seclogon - ok
11:43:27.0723 5436 SENS - ok
11:43:27.0723 5436 Serenum - ok
11:43:27.0739 5436 Serial - ok
11:43:27.0739 5436 sermouse - ok
11:43:27.0754 5436 ServiceLayer - ok
11:43:27.0770 5436 SessionEnv - ok
11:43:27.0785 5436 sffdisk - ok
11:43:27.0785 5436 sffp_mmc - ok
11:43:27.0801 5436 sffp_sd - ok
11:43:27.0801 5436 sfloppy - ok
11:43:27.0801 5436 SharedAccess - ok
11:43:27.0817 5436 ShellHWDetection - ok
11:43:27.0817 5436 sisagp - ok
11:43:27.0832 5436 SiSRaid2 - ok
11:43:27.0832 5436 SiSRaid4 - ok
11:43:27.0848 5436 slsvc - ok
11:43:27.0879 5436 SLUINotify - ok
11:43:27.0879 5436 Smb - ok
11:43:27.0895 5436 SNMPTRAP - ok
11:43:27.0910 5436 spldr - ok
11:43:27.0910 5436 Spooler - ok
11:43:27.0910 5436 srv - ok
11:43:27.0926 5436 srv2 - ok
11:43:27.0926 5436 srvnet - ok
11:43:27.0941 5436 SSDPSRV - ok
11:43:27.0957 5436 SstpSvc - ok
11:43:27.0957 5436 stisvc - ok
11:43:27.0973 5436 swenum - ok
11:43:27.0973 5436 swprv - ok
11:43:27.0988 5436 Symc8xx - ok
11:43:27.0988 5436 Sym_hi - ok
11:43:28.0004 5436 Sym_u3 - ok
11:43:28.0004 5436 SysMain - ok
11:43:28.0004 5436 TabletInputService - ok
11:43:28.0019 5436 TapiSrv - ok
11:43:28.0019 5436 TBS - ok
11:43:28.0035 5436 Tcpip - ok
11:43:28.0035 5436 Tcpip6 - ok
11:43:28.0051 5436 tcpipreg - ok
11:43:28.0066 5436 tdcmdpst - ok
11:43:28.0066 5436 TDPIPE - ok
11:43:28.0082 5436 TDTCP - ok
11:43:28.0082 5436 tdx - ok
11:43:28.0082 5436 TermDD - ok
11:43:28.0097 5436 TermService - ok
11:43:28.0097 5436 Themes - ok
11:43:28.0113 5436 THREADORDER - ok
11:43:28.0129 5436 tifm21 - ok
11:43:28.0129 5436 TODDSrv - ok
11:43:28.0144 5436 TosCoSrv - ok
11:43:28.0144 5436 TOSHIBA Bluetooth Service - ok
11:43:28.0160 5436 Tosrfcom - ok
11:43:28.0160 5436 tosrfec - ok
11:43:28.0175 5436 TpChoice - ok
11:43:28.0191 5436 TrkWks - ok
11:43:28.0191 5436 TrustedInstaller - ok
11:43:28.0207 5436 tssecsrv - ok
11:43:28.0207 5436 tunmp - ok
11:43:28.0222 5436 tunnel - ok
11:43:28.0222 5436 TVALZ - ok
11:43:28.0238 5436 uagp35 - ok
11:43:28.0238 5436 udfs - ok
11:43:28.0253 5436 UI0Detect - ok
11:43:28.0269 5436 uliagpkx - ok
11:43:28.0269 5436 uliahci - ok
11:43:28.0285 5436 UlSata - ok
11:43:28.0285 5436 ulsata2 - ok
11:43:28.0300 5436 umbus - ok
11:43:28.0300 5436 upnphost - ok
11:43:28.0331 5436 USBAAPL - ok
11:43:28.0331 5436 usbaudio - ok
11:43:28.0347 5436 usbccgp - ok
11:43:28.0347 5436 usbcir - ok
11:43:28.0378 5436 usbehci - ok
11:43:28.0378 5436 usbhub - ok
11:43:28.0378 5436 usbohci - ok
11:43:28.0394 5436 usbprint - ok
11:43:28.0394 5436 USBSTOR - ok
11:43:28.0409 5436 usbuhci - ok
11:43:28.0409 5436 usbvideo - ok
11:43:28.0425 5436 UxSms - ok
11:43:28.0425 5436 vds - ok
11:43:28.0441 5436 vga - ok
11:43:28.0441 5436 VgaSave - ok
11:43:28.0456 5436 viaagp - ok
11:43:28.0456 5436 ViaC7 - ok
11:43:28.0472 5436 viaide - ok
11:43:28.0472 5436 volmgr - ok
11:43:28.0472 5436 volmgrx - ok
11:43:28.0487 5436 volsnap - ok
11:43:28.0487 5436 vsmraid - ok
11:43:28.0503 5436 VSS - ok
11:43:28.0550 5436 vToolbarUpdater10.2.0 - ok
11:43:28.0550 5436 W32Time - ok
11:43:28.0565 5436 WacomPen - ok
11:43:28.0565 5436 Wanarp - ok
11:43:28.0581 5436 Wanarpv6 - ok
11:43:28.0581 5436 wcncsvc - ok
11:43:28.0597 5436 WcsPlugInService - ok
11:43:28.0612 5436 Wd - ok
11:43:28.0612 5436 Wdf01000 - ok
11:43:28.0628 5436 WdiServiceHost - ok
11:43:28.0628 5436 WdiSystemHost - ok
11:43:28.0643 5436 WebClient - ok
11:43:28.0643 5436 Wecsvc - ok
11:43:28.0659 5436 wercplsupport - ok
11:43:28.0659 5436 WerSvc - ok
11:43:28.0675 5436 WinDefend - ok
11:43:28.0690 5436 WinHttpAutoProxySvc - ok
11:43:28.0690 5436 Winmgmt - ok
11:43:28.0706 5436 WinRM - ok
11:43:28.0721 5436 Wlansvc - ok
11:43:28.0721 5436 WmiAcpi - ok
11:43:28.0737 5436 wmiApSrv - ok
11:43:28.0737 5436 WMPNetworkSvc - ok
11:43:28.0753 5436 WPCSvc - ok
11:43:28.0753 5436 WPDBusEnum - ok
11:43:28.0768 5436 WpdUsb - ok
11:43:28.0768 5436 WPFFontCache_v0400 - ok
11:43:28.0768 5436 ws2ifsl - ok
11:43:28.0784 5436 wscsvc - ok
11:43:28.0784 5436 WSearch - ok
11:43:28.0799 5436 wuauserv - ok
11:43:28.0831 5436 WUDFRd - ok
11:43:28.0846 5436 wudfsvc - ok
11:43:28.0893 5436 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0
11:43:29.0002 5436 \Device\Harddisk0\DR0 - ok
11:43:29.0049 5436 Boot (0x1200) (d1fb0af2922baf63894a5f0277a12a9a) \Device\Harddisk0\DR0\Partition0
11:43:29.0049 5436 \Device\Harddisk0\DR0\Partition0 - ok
11:43:29.0080 5436 Boot (0x1200) (7de29909242d3ef4c5ebb147f7eb6fc0) \Device\Harddisk0\DR0\Partition1
11:43:29.0080 5436 \Device\Harddisk0\DR0\Partition1 - ok
11:43:29.0080 5436 ============================================================
11:43:29.0080 5436 Scan finished
11:43:29.0080 5436 ============================================================
11:43:29.0111 4376 Detected object count: 0
11:43:29.0111 4376 Actual detected object count: 0
11:43:56.0568 3488 ============================================================
11:43:56.0568 3488 Scan started
11:43:56.0568 3488 Mode: Manual;
11:43:56.0568 3488 ============================================================
11:43:56.0927 3488 ACPI - ok
11:43:56.0943 3488 adp94xx - ok
11:43:56.0943 3488 adpahci - ok
11:43:56.0958 3488 adpu160m - ok
11:43:56.0958 3488 adpu320 - ok
11:43:56.0974 3488 Advent AIO Network Discovery Service - ok
11:43:56.0990 3488 AeLookupSvc - ok
11:43:56.0990 3488 AFD - ok
11:43:57.0005 3488 AgereModemAudio - ok
11:43:57.0005 3488 AgereSoftModem - ok
11:43:57.0021 3488 agp440 - ok
11:43:57.0021 3488 aic78xx - ok
11:43:57.0021 3488 ALG - ok
11:43:57.0036 3488 aliide - ok
11:43:57.0036 3488 amdagp - ok
11:43:57.0052 3488 amdide - ok
11:43:57.0052 3488 AmdK7 - ok
11:43:57.0068 3488 AmdK8 - ok
11:43:57.0068 3488 ApfiltrService - ok
11:43:57.0083 3488 Appinfo - ok
11:43:57.0083 3488 Apple Mobile Device - ok
11:43:57.0099 3488 arc - ok
11:43:57.0099 3488 arcsas - ok
11:43:57.0114 3488 AsyncMac - ok
11:43:57.0114 3488 atapi - ok
11:43:57.0130 3488 athr - ok
11:43:57.0130 3488 AudioEndpointBuilder - ok
11:43:57.0146 3488 Audiosrv - ok
11:43:57.0146 3488 Automatic LiveUpdate Scheduler - ok
11:43:57.0161 3488 AVG Security Toolbar Service - ok
11:43:57.0161 3488 AVGIDSAgent - ok
11:43:57.0177 3488 AVGIDSDriver - ok
11:43:57.0177 3488 AVGIDSEH - ok
11:43:57.0192 3488 AVGIDSFilter - ok
11:43:57.0208 3488 AVGIDSShim - ok
11:43:57.0208 3488 Avgldx86 - ok
11:43:57.0224 3488 Avgmfx86 - ok
11:43:57.0224 3488 Avgrkx86 - ok
11:43:57.0224 3488 Avgtdix - ok
11:43:57.0239 3488 avgwd - ok
11:43:57.0255 3488 Beep - ok
11:43:57.0255 3488 BFE - ok
11:43:57.0255 3488 BITS - ok
11:43:57.0270 3488 blbdrive - ok
11:43:57.0286 3488 Bonjour Service - ok
11:43:57.0286 3488 bowser - ok
11:43:57.0286 3488 BrFiltLo - ok
11:43:57.0302 3488 BrFiltUp - ok
11:43:57.0302 3488 Browser - ok
11:43:57.0317 3488 Brserid - ok
11:43:57.0317 3488 BrSerWdm - ok
11:43:57.0333 3488 BrUsbMdm - ok
11:43:57.0333 3488 BrUsbSer - ok
11:43:57.0348 3488 BTHMODEM - ok
11:43:57.0364 3488 catchme - ok
11:43:57.0364 3488 cdfs - ok
11:43:57.0380 3488 cdrom - ok
11:43:57.0380 3488 CertPropSvc - ok
11:43:57.0380 3488 CFSvcs - ok
11:43:57.0395 3488 circlass - ok
11:43:57.0395 3488 CLFS - ok
11:43:57.0411 3488 clr_optimization_v2.0.50727_32 - ok
11:43:57.0411 3488 clr_optimization_v4.0.30319_32 - ok
11:43:57.0426 3488 CLTNetCnService - ok
11:43:57.0426 3488 CmBatt - ok
11:43:57.0442 3488 cmdide - ok
11:43:57.0442 3488 Compbatt - ok
11:43:57.0458 3488 COMSysApp - ok
11:43:57.0458 3488 crcdisk - ok
11:43:57.0473 3488 Crusoe - ok
11:43:57.0473 3488 CryptSvc - ok
11:43:57.0489 3488 DcomLaunch - ok
11:43:57.0489 3488 DfsC - ok
11:43:57.0504 3488 DFSR - ok
11:43:57.0520 3488 Dhcp - ok
11:43:57.0536 3488 disk - ok
11:43:57.0536 3488 Dnscache - ok
11:43:57.0551 3488 dot3svc - ok
11:43:57.0567 3488 DPS - ok
11:43:57.0567 3488 drmkaud - ok
11:43:57.0582 3488 DXGKrnl - ok
11:43:57.0598 3488 E1G60 - ok
11:43:57.0598 3488 EapHost - ok
11:43:57.0614 3488 Ecache - ok
11:43:57.0629 3488 eeCtrl - ok
11:43:57.0629 3488 ehRecvr - ok
11:43:57.0645 3488 ehSched - ok
11:43:57.0645 3488 ehstart - ok
11:43:57.0660 3488 elxstor - ok
11:43:57.0660 3488 EMDMgmt - ok
11:43:57.0692 3488 EventSystem - ok
11:43:57.0692 3488 exfat - ok
11:43:57.0707 3488 fastfat - ok
11:43:57.0707 3488 fdc - ok
11:43:57.0723 3488 fdPHost - ok
11:43:57.0738 3488 FDResPub - ok
11:43:57.0738 3488 FileInfo - ok
11:43:57.0738 3488 Filetrace - ok
11:43:57.0754 3488 flpydisk - ok
11:43:57.0754 3488 FltMgr - ok
11:43:57.0770 3488 FontCache3.0.0.0 - ok
11:43:57.0770 3488 Fs_Rec - ok
11:43:57.0785 3488 gagp30kx - ok
11:43:57.0785 3488 GEARAspiWDM - ok
11:43:57.0801 3488 getPlusHelper - ok
11:43:57.0801 3488 gpsvc - ok
11:43:57.0816 3488 gupdate1c9c1ace56c71e - ok
11:43:57.0816 3488 gupdatem - ok
11:43:57.0832 3488 gusvc - ok
11:43:57.0832 3488 HdAudAddService - ok
11:43:57.0832 3488 HDAudBus - ok
11:43:57.0848 3488 HidBth - ok
11:43:57.0848 3488 HidIr - ok
11:43:57.0863 3488 hidserv - ok
11:43:57.0863 3488 HidUsb - ok
11:43:57.0879 3488 hkmsvc - ok
11:43:57.0879 3488 HpCISSs - ok
11:43:57.0894 3488 HTTP - ok
11:43:57.0894 3488 i2omp - ok
11:43:57.0894 3488 i8042prt - ok
11:43:57.0910 3488 ialm - ok
11:43:57.0910 3488 iaStorV - ok
11:43:57.0926 3488 idsvc - ok
11:43:57.0941 3488 igfx - ok
11:43:57.0941 3488 iirsp - ok
11:43:57.0957 3488 IKEEXT - ok
11:43:57.0957 3488 IntcAzAudAddService - ok
11:43:57.0972 3488 intelide - ok
11:43:57.0972 3488 intelppm - ok
11:43:57.0988 3488 IPBusEnum - ok
11:43:57.0988 3488 IpFilterDriver - ok
11:43:58.0004 3488 iphlpsvc - ok
11:43:58.0019 3488 IpInIp - ok
11:43:58.0035 3488 IPMIDRV - ok
11:43:58.0035 3488 IPNAT - ok
11:43:58.0035 3488 iPod Service - ok
11:43:58.0050 3488 IRENUM - ok
11:43:58.0050 3488 isapnp - ok
11:43:58.0066 3488 iScsiPrt - ok
11:43:58.0066 3488 iteatapi - ok
11:43:58.0082 3488 iteraid - ok
11:43:58.0082 3488 kbdclass - ok
11:43:58.0097 3488 kbdhid - ok
11:43:58.0097 3488 KeyIso - ok
11:43:58.0113 3488 KR10I - ok
11:43:58.0113 3488 KR10N - ok
11:43:58.0128 3488 KSecDD - ok
11:43:58.0128 3488 KtmRm - ok
11:43:58.0144 3488 LanmanServer - ok
11:43:58.0144 3488 LanmanWorkstation - ok
11:43:58.0160 3488 Lbd - ok
11:43:58.0160 3488 LiveUpdate - ok
11:43:58.0175 3488 LiveUpdate Notice Ex - ok
11:43:58.0175 3488 LiveUpdate Notice Service - ok
11:43:58.0191 3488 lltdio - ok
11:43:58.0191 3488 lltdsvc - ok
11:43:58.0206 3488 lmhosts - ok
11:43:58.0206 3488 LPCFilter - ok
11:43:58.0222 3488 LSI_FC - ok
11:43:58.0222 3488 LSI_SAS - ok
11:43:58.0238 3488 LSI_SCSI - ok
11:43:58.0238 3488 luafv - ok
11:43:58.0253 3488 MBAMProtector - ok
11:43:58.0253 3488 MBAMService - ok
11:43:58.0269 3488 Mcx2Svc - ok
11:43:58.0269 3488 megasas - ok
11:43:58.0284 3488 MEMSWEEP2 - ok
11:43:58.0284 3488 MMCSS - ok
11:43:58.0300 3488 Modem - ok
11:43:58.0300 3488 monitor - ok
11:43:58.0316 3488 mouclass - ok
11:43:58.0331 3488 mouhid - ok
11:43:58.0331 3488 MountMgr - ok
11:43:58.0331 3488 mpio - ok
11:43:58.0347 3488 mpsdrv - ok
11:43:58.0347 3488 MpsSvc - ok
11:43:58.0362 3488 Mraid35x - ok
11:43:58.0362 3488 MRxDAV - ok
11:43:58.0378 3488 mrxsmb - ok
11:43:58.0378 3488 mrxsmb10 - ok
11:43:58.0394 3488 mrxsmb20 - ok
11:43:58.0394 3488 msahci - ok
11:43:58.0409 3488 msdsm - ok
11:43:58.0409 3488 MSDTC - ok
11:43:58.0425 3488 Msfs - ok
11:43:58.0440 3488 msisadrv - ok
11:43:58.0440 3488 MSiSCSI - ok
11:43:58.0456 3488 msiserver - ok
11:43:58.0456 3488 MSKSSRV - ok
11:43:58.0456 3488 MSPCLOCK - ok
11:43:58.0472 3488 MSPQM - ok
11:43:58.0472 3488 MsRPC - ok
11:43:58.0487 3488 mssmbios - ok
11:43:58.0503 3488 MSTEE - ok
11:43:58.0503 3488 Mup - ok
11:43:58.0518 3488 napagent - ok
11:43:58.0518 3488 NativeWifiP - ok
11:43:58.0534 3488 NDIS - ok
11:43:58.0534 3488 NdisTapi - ok
11:43:58.0534 3488 Ndisuio - ok
11:43:58.0550 3488 NdisWan - ok
11:43:58.0565 3488 NDProxy - ok
11:43:58.0565 3488 NetBIOS - ok
11:43:58.0565 3488 netbt - ok
11:43:58.0581 3488 Netlogon - ok
11:43:58.0581 3488 Netman - ok
11:43:58.0596 3488 netprofm - ok
11:43:58.0596 3488 NetTcpPortSharing - ok
11:43:58.0612 3488 NETw3v32 - ok
11:43:58.0612 3488 NETw4v32 - ok
11:43:58.0628 3488 nfrd960 - ok
11:43:58.0628 3488 NlaSvc - ok
11:43:58.0643 3488 Npfs - ok
11:43:58.0643 3488 nsi - ok
11:43:58.0659 3488 nsiproxy - ok
11:43:58.0659 3488 Ntfs - ok
11:43:58.0674 3488 ntrigdigi - ok
11:43:58.0674 3488 Null - ok
11:43:58.0690 3488 nvlddmkm - ok
11:43:58.0690 3488 nvraid - ok
11:43:58.0706 3488 nvstor - ok
11:43:58.0721 3488 nv_agp - ok
11:43:58.0721 3488 NwlnkFlt - ok
11:43:58.0737 3488 NwlnkFwd - ok
11:43:58.0737 3488 ohci1394 - ok
11:43:58.0752 3488 p2pimsvc - ok
11:43:58.0752 3488 p2psvc - ok
11:43:58.0768 3488 Parport - ok
11:43:58.0768 3488 partmgr - ok
11:43:58.0784 3488 Parvdm - ok
11:43:58.0784 3488 PcaSvc - ok
11:43:58.0799 3488 pci - ok
11:43:58.0815 3488 pciide - ok
11:43:58.0815 3488 pcmcia - ok
11:43:58.0830 3488 PEAUTH - ok
11:43:58.0846 3488 pla - ok
11:43:58.0862 3488 PlugPlay - ok
11:43:58.0862 3488 PNRPAutoReg - ok
11:43:58.0862 3488 PNRPsvc - ok
11:43:58.0877 3488 PolicyAgent - ok
11:43:58.0893 3488 PptpMiniport - ok
11:43:58.0908 3488 Processor - ok
11:43:58.0908 3488 ProfSvc - ok
11:43:58.0908 3488 ProtectedStorage - ok
11:43:58.0924 3488 PSched - ok
11:43:58.0924 3488 ql2300 - ok
11:43:58.0940 3488 ql40xx - ok
11:43:58.0940 3488 QWAVE - ok
11:43:58.0955 3488 QWAVEdrv - ok
11:43:58.0955 3488 RapportCerberus_34302 - ok
11:43:58.0971 3488 RapportEI - ok
11:43:58.0971 3488 RapportIaso - ok
11:43:58.0986 3488 RapportKELL - ok
11:43:58.0986 3488 RapportMgmtService - ok
11:43:59.0002 3488 RapportPG - ok
11:43:59.0002 3488 RasAcd - ok
11:43:59.0018 3488 RasAuto - ok
11:43:59.0049 3488 Rasl2tp - ok
11:43:59.0049 3488 RasMan - ok
11:43:59.0049 3488 RasPppoe - ok
11:43:59.0064 3488 RasSstp - ok
11:43:59.0064 3488 rdbss - ok
11:43:59.0080 3488 RDPCDD - ok
11:43:59.0096 3488 rdpdr - ok
11:43:59.0096 3488 RDPENCDD - ok
11:43:59.0111 3488 RDPWD - ok
11:43:59.0111 3488 RemoteAccess - ok
11:43:59.0127 3488 RemoteRegistry - ok
11:43:59.0127 3488 RpcLocator - ok
11:43:59.0142 3488 RpcSs - ok
11:43:59.0142 3488 rspndr - ok
11:43:59.0158 3488 RTL8169 - ok
11:43:59.0158 3488 s1018bus - ok
11:43:59.0174 3488 s1018mdfl - ok
11:43:59.0189 3488 s1018mdm - ok
11:43:59.0189 3488 s1018mgmt - ok
11:43:59.0189 3488 s1018nd5 - ok
11:43:59.0205 3488 s1018obex - ok
11:43:59.0205 3488 s1018unic - ok
11:43:59.0220 3488 SamSs - ok
11:43:59.0220 3488 sbp2port - ok
11:43:59.0236 3488 SBSDWSCService - ok
11:43:59.0236 3488 SCardSvr - ok
11:43:59.0252 3488 Schedule - ok
11:43:59.0252 3488 SCPolicySvc - ok
11:43:59.0267 3488 sdbus - ok
11:43:59.0283 3488 SDRSVC - ok
11:43:59.0283 3488 secdrv - ok
11:43:59.0298 3488 seclogon - ok
11:43:59.0298 3488 SENS - ok
11:43:59.0314 3488 Serenum - ok
11:43:59.0314 3488 Serial - ok
11:43:59.0330 3488 sermouse - ok
11:43:59.0330 3488 ServiceLayer - ok
11:43:59.0345 3488 SessionEnv - ok
11:43:59.0361 3488 sffdisk - ok
11:43:59.0361 3488 sffp_mmc - ok
11:43:59.0376 3488 sffp_sd - ok
11:43:59.0376 3488 sfloppy - ok
11:43:59.0392 3488 SharedAccess - ok
11:43:59.0392 3488 ShellHWDetection - ok
11:43:59.0392 3488 sisagp - ok
11:43:59.0408 3488 SiSRaid2 - ok
11:43:59.0408 3488 SiSRaid4 - ok
11:43:59.0423 3488 slsvc - ok
11:43:59.0423 3488 SLUINotify - ok
11:43:59.0439 3488 Smb - ok
11:43:59.0454 3488 SNMPTRAP - ok
11:43:59.0454 3488 spldr - ok
11:43:59.0470 3488 Spooler - ok
11:43:59.0470 3488 srv - ok
11:43:59.0486 3488 srv2 - ok
11:43:59.0486 3488 srvnet - ok
11:43:59.0501 3488 SSDPSRV - ok
11:43:59.0517 3488 SstpSvc - ok
11:43:59.0517 3488 stisvc - ok
11:43:59.0532 3488 swenum - ok
11:43:59.0532 3488 swprv - ok
11:43:59.0548 3488 Symc8xx - ok
11:43:59.0548 3488 Sym_hi - ok
11:43:59.0564 3488 Sym_u3 - ok
11:43:59.0564 3488 SysMain - ok
11:43:59.0579 3488 TabletInputService - ok
11:43:59.0595 3488 TapiSrv - ok
11:43:59.0595 3488 TBS - ok
11:43:59.0610 3488 Tcpip - ok
11:43:59.0610 3488 Tcpip6 - ok
11:43:59.0626 3488 tcpipreg - ok
11:43:59.0626 3488 tdcmdpst - ok
11:43:59.0626 3488 TDPIPE - ok
11:43:59.0642 3488 TDTCP - ok
11:43:59.0642 3488 tdx - ok
11:43:59.0657 3488 TermDD - ok
11:43:59.0657 3488 TermService - ok
11:43:59.0673 3488 Themes - ok
11:43:59.0688 3488 THREADORDER - ok
11:43:59.0688 3488 tifm21 - ok
11:43:59.0704 3488 TODDSrv - ok
11:43:59.0704 3488 TosCoSrv - ok
11:43:59.0720 3488 TOSHIBA Bluetooth Service - ok
11:43:59.0720 3488 Tosrfcom - ok
11:43:59.0720 3488 tosrfec - ok
11:43:59.0735 3488 TpChoice - ok
11:43:59.0751 3488 TrkWks - ok
11:43:59.0751 3488 TrustedInstaller - ok
11:43:59.0766 3488 tssecsrv - ok
11:43:59.0766 3488 tunmp - ok
11:43:59.0782 3488 tunnel - ok
11:43:59.0782 3488 TVALZ - ok
11:43:59.0798 3488 uagp35 - ok
11:43:59.0798 3488 udfs - ok
11:43:59.0813 3488 UI0Detect - ok
11:43:59.0813 3488 uliagpkx - ok
11:43:59.0829 3488 uliahci - ok
11:43:59.0829 3488 UlSata - ok
11:43:59.0844 3488 ulsata2 - ok
11:43:59.0844 3488 umbus - ok
11:43:59.0860 3488 upnphost - ok
11:43:59.0876 3488 USBAAPL - ok
11:43:59.0876 3488 usbaudio - ok
11:43:59.0891 3488 usbccgp - ok
11:43:59.0907 3488 usbcir - ok
11:43:59.0907 3488 usbehci - ok
11:43:59.0922 3488 usbhub - ok
11:43:59.0922 3488 usbohci - ok
11:43:59.0938 3488 usbprint - ok
11:43:59.0938 3488 USBSTOR - ok
11:43:59.0954 3488 usbuhci - ok
11:43:59.0954 3488 usbvideo - ok
11:43:59.0969 3488 UxSms - ok
11:43:59.0985 3488 vds - ok
11:43:59.0985 3488 vga - ok
11:44:00.0000 3488 VgaSave - ok
11:44:00.0000 3488 viaagp - ok
11:44:00.0016 3488 ViaC7 - ok
11:44:00.0016 3488 viaide - ok
11:44:00.0016 3488 volmgr - ok
11:44:00.0032 3488 volmgrx - ok
11:44:00.0063 3488 volsnap - ok
11:44:00.0078 3488 vsmraid - ok
11:44:00.0078 3488 VSS - ok
11:44:00.0094 3488 vToolbarUpdater10.2.0 - ok
11:44:00.0094 3488 W32Time - ok
11:44:00.0110 3488 WacomPen - ok
11:44:00.0110 3488 Wanarp - ok
11:44:00.0125 3488 Wanarpv6 - ok
11:44:00.0125 3488 wcncsvc - ok
11:44:00.0141 3488 WcsPlugInService - ok
11:44:00.0141 3488 Wd - ok
11:44:00.0156 3488 Wdf01000 - ok
11:44:00.0156 3488 WdiServiceHost - ok
11:44:00.0172 3488 WdiSystemHost - ok
11:44:00.0172 3488 WebClient - ok
11:44:00.0188 3488 Wecsvc - ok
11:44:00.0188 3488 wercplsupport - ok
11:44:00.0203 3488 WerSvc - ok
11:44:00.0203 3488 WinDefend - ok
11:44:00.0219 3488 WinHttpAutoProxySvc - ok
11:44:00.0234 3488 Winmgmt - ok
11:44:00.0234 3488 WinRM - ok
11:44:00.0250 3488 Wlansvc - ok
11:44:00.0266 3488 WmiAcpi - ok
11:44:00.0266 3488 wmiApSrv - ok
11:44:00.0281 3488 WMPNetworkSvc - ok
11:44:00.0297 3488 WPCSvc - ok
11:44:00.0312 3488 WPDBusEnum - ok
11:44:00.0312 3488 WpdUsb - ok
11:44:00.0328 3488 WPFFontCache_v0400 - ok
11:44:00.0328 3488 ws2ifsl - ok
11:44:00.0344 3488 wscsvc - ok
11:44:00.0344 3488 WSearch - ok
11:44:00.0359 3488 wuauserv - ok
11:44:00.0359 3488 WUDFRd - ok
11:44:00.0375 3488 wudfsvc - ok
11:44:00.0453 3488 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0
11:44:00.0515 3488 \Device\Harddisk0\DR0 - ok
11:44:00.0515 3488 Boot (0x1200) (d1fb0af2922baf63894a5f0277a12a9a) \Device\Harddisk0\DR0\Partition0
11:44:00.0515 3488 \Device\Harddisk0\DR0\Partition0 - ok
11:44:00.0546 3488 Boot (0x1200) (7de29909242d3ef4c5ebb147f7eb6fc0) \Device\Harddisk0\DR0\Partition1
11:44:00.0546 3488 \Device\Harddisk0\DR0\Partition1 - ok
11:44:00.0546 3488 ============================================================
11:44:00.0546 3488 Scan finished
11:44:00.0546 3488 ============================================================
11:44:00.0562 5848 Detected object count: 0
11:44:00.0562 5848 Actual detected object count: 0

#7 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 18 April 2012 - 06:31 AM

...And the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 11:48:41
-----------------------------
11:48:41.420 OS Version: Windows 6.0.6001 Service Pack 1
11:48:41.420 Number of processors: 2 586 0xF02
11:48:41.420 ComputerName: BENS-LAPTOP UserName: Ben
11:48:59.720 Initialize success
11:59:35.605 AVAST engine defs: 12041800
12:00:26.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:00:26.649 Disk 0 Vendor: TOSHIBA_MK1237GSX DL130M Size: 114473MB BusType: 3
12:00:26.675 Disk 0 MBR read successfully
12:00:26.678 Disk 0 MBR scan
12:00:26.765 Disk 0 Windows VISTA default MBR code
12:00:26.788 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:00:26.811 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57236 MB offset 3074048
12:00:26.846 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 55736 MB offset 120293376
12:00:26.870 Disk 0 scanning sectors +234440704
12:00:27.099 Disk 0 scanning C:\Windows\system32\drivers
12:01:04.395 Service scanning
12:02:09.110 Modules scanning
12:02:44.087 Disk 0 trace - called modules:
12:02:44.498 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
12:02:44.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86459ac8]
12:02:44.515 3 CLASSPNP.SYS[87c96745] -> nt!IofCallDriver -> [0x85be18d8]
12:02:44.523 5 acpi.sys[83e336a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bf8ba0]
12:02:46.552 AVAST engine scan C:\Windows
12:03:02.730 AVAST engine scan C:\Windows\system32
12:11:34.293 AVAST engine scan C:\Windows\system32\drivers
12:12:23.251 AVAST engine scan C:\Users\Ben
12:23:39.781 AVAST engine scan C:\ProgramData
12:27:31.342 Scan finished successfully
12:30:13.057 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
12:30:13.132 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 18 April 2012 - 07:52 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 21 April 2012 - 07:24 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 21 April 2012 - 10:10 AM

Hi, sorry I've not posted any feedback for a while, been working away but back tomorrow so can continue with the thread then (posting this from my phone). I appreciate your help and will feedback tomorrow :)

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 21 April 2012 - 01:37 PM

no problem and see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 22 April 2012 - 02:09 PM

Hello again Gringo, here is the new combofix log. Things appear to be fine, no redirects from any search engine

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1013.416 [GMT 1:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-22 18:26 . 2012-04-22 18:27 -------- d-----w- c:\users\Ben\AppData\Local\temp
2012-04-22 18:26 . 2012-04-22 18:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-22 18:26 . 2012-04-22 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-22 18:26 . 2012-04-22 18:26 -------- d-----w- c:\users\Cotton\AppData\Local\temp
2012-04-18 10:38 . 2006-11-28 19:12 155648 ----a-w- c:\windows\system32\igfxres.dll
2012-03-27 09:49 . 2012-03-27 11:46 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 13:09 . 2011-06-11 17:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2010-03-06 18:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-15 12:49 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-12 492912]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 185896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Conime"="c:\windows\system32\conime.exe" [2008-01-18 69120]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-10-18 2362880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 11:33]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-20 11:33]
.
2012-04-22 c:\windows\Tasks\User_Feed_Synchronization-{948899F2-D181-4499-AB3E-9D744B0E4B99}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\ylm6yfqa.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0205fac3-e007-4cda-8a74-baeec601b860%7D&mid=5c26f75c574d47d68a20d15f927ca576-5af1474a9e77cf5fec368b98c62baaeaa07aa7f5&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-15%2020%3A02%3A33&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.0.0.7
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 19:27
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\272F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-22 19:32:44
ComboFix-quarantined-files.txt 2012-04-22 18:32
ComboFix2.txt 2012-04-18 10:28
.
Pre-Run: 7,103,590,400 bytes free
Post-Run: 6,296,326,144 bytes free
.
- - End Of File - - D4E72E8DE1ED7AE3132FC38A6C0C9BA3

Edited by TrainDriver, 22 April 2012 - 02:09 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 22 April 2012 - 03:30 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TrainDriver

TrainDriver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 24 April 2012 - 07:40 AM

Hi, as requested...

Activation Assistant for the 2007 Microsoft Office suites
AdC4USelfUpdater
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
ADVENT AIO Printer
Advent Essentials
AGEIA PhysX v6.10.25
aioscnnr
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Audacity 1.2.6
AVG 2012
AVG PC Tuneup 2011
BBC iPlayer Desktop
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner (remove only)
CCS64 V3.4
CD/DVD Drive Acoustic Silencer
Desktop SMS
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Group-Bourdon Tool v2.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
K-Lite Codec Pack 3.4.5 Full
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PC Connectivity Solution
Plato Audio Recorder
PreReq
QuickTime
Rapport
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SimSig Sheffield V2.121.353
SimSig V2.103
SimSig V2.121
Sony Ericsson PC Companion 1.50.52
Sophos Anti-Rootkit 1.5.4
Spybot - Search & Destroy
Stellarium 0.10.4
System Requirements Lab
Tesco Download Manager - Install/Uninstall (v1.0.9.0)
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
WinRAR archiver
Yahoo! Install Manager

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 24 April 2012 - 07:43 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.0.9
µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users