Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up ad - Redirect Virus


  • Please log in to reply
33 replies to this topic

#1 memond13

memond13

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 03:13 PM

Hello,
I too have this virus and would like help:

From user - lwolfe63 at http://www.bleepingcomputer.com/forums/topic454045.html

have a pop up ad virus on my computer that I can't identify nor get rid of. I am using Windows 7 and in any browser, ads start popping up in the lower right hand corner of my browser. Sometimes it looks like a cell phone, sometimes it looks like and ad and sometimes is shows a video screen and says "you are missing a plugin to play videos" and wants me to click on an Update button. I cannot get rid of this - I have tried Malwarbytes, Spybot Search and Destry, Ad-Aware but nothing has worked. Please help me! I have attached screenshots of all three types of ads. Thanks in advance.
Resized to 38% (was 1605 x 903) - Click image to enlargePosted Image

Resized to 38% (was 1614 x 909) - Click image to enlargePosted Image

Resized to 38% (was 1620 x 909) - Click image to enlargePosted Image

I will follow the directions from the above thread and post the logs. The first step may be clean as I started that before contacting you. Thanks narenxp!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 PM

Posted 05 September 2012 - 03:13 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 03:16 PM

Log from TDSSKiller

I ran it once before, so if you need me to get that log, just let me know where to find it and I will. It did find a threat the first time.

15:41:08.0763 6424 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:41:09.0184 6424 ============================================================
15:41:09.0184 6424 Current date / time: 2012/09/05 15:41:09.0184
15:41:09.0184 6424 SystemInfo:
15:41:09.0184 6424
15:41:09.0184 6424 OS Version: 6.0.6002 ServicePack: 2.0
15:41:09.0184 6424 Product type: Workstation
15:41:09.0184 6424 ComputerName: MIKE-PC
15:41:09.0200 6424 UserName: Mike
15:41:09.0200 6424 Windows directory: C:\Windows
15:41:09.0200 6424 System windows directory: C:\Windows
15:41:09.0200 6424 Running under WOW64
15:41:09.0200 6424 Processor architecture: Intel x64
15:41:09.0200 6424 Number of processors: 2
15:41:09.0200 6424 Page size: 0x1000
15:41:09.0200 6424 Boot type: Normal boot
15:41:09.0200 6424 ============================================================
15:41:09.0933 6424 BG loaded
15:41:10.0807 6424 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:41:10.0851 6424 ============================================================
15:41:10.0851 6424 \Device\Harddisk0\DR0:
15:41:10.0876 6424 MBR partitions:
15:41:10.0876 6424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x23D12800
15:41:10.0876 6424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x26513031, BlocksNum 0x24343E90
15:41:10.0876 6424 ============================================================
15:41:10.0902 6424 Initialize success
15:41:10.0902 6424 ============================================================
15:41:16.0289 1360 ============================================================
15:41:16.0289 1360 Scan started
15:41:16.0289 1360 Mode: Manual;
15:41:16.0289 1360 ============================================================
15:41:17.0599 1360 ================ Scan system memory ========================
15:41:17.0599 1360 System memory - ok
15:41:17.0599 1360 ================ Scan services =============================
15:41:17.0646 1360 ACPI - ok
15:41:17.0661 1360 adp94xx - ok
15:41:17.0661 1360 adpahci - ok
15:41:17.0661 1360 adpu160m - ok
15:41:17.0677 1360 adpu320 - ok
15:41:17.0693 1360 AeLookupSvc - ok
15:41:17.0693 1360 AFD - ok
15:41:17.0708 1360 AgereModemAudio - ok
15:41:17.0708 1360 AgereSoftModem - ok
15:41:17.0724 1360 agp440 - ok
15:41:17.0724 1360 aic78xx - ok
15:41:17.0739 1360 ALG - ok
15:41:17.0755 1360 aliide - ok
15:41:17.0755 1360 amdide - ok
15:41:17.0771 1360 AmdK8 - ok
15:41:17.0771 1360 Appinfo - ok
15:41:17.0786 1360 arc - ok
15:41:17.0802 1360 arcsas - ok
15:41:17.0833 1360 aspnet_state - ok
15:41:17.0849 1360 AsyncMac - ok
15:41:17.0864 1360 atapi - ok
15:41:17.0864 1360 AudioEndpointBuilder - ok
15:41:17.0880 1360 AudioSrv - ok
15:41:17.0895 1360 BFE - ok
15:41:17.0911 1360 BITS - ok
15:41:17.0911 1360 blbdrive - ok
15:41:17.0927 1360 bowser - ok
15:41:17.0927 1360 BrFiltLo - ok
15:41:17.0942 1360 BrFiltUp - ok
15:41:17.0958 1360 Browser - ok
15:41:17.0958 1360 Brserid - ok
15:41:17.0973 1360 BrSerWdm - ok
15:41:17.0973 1360 BrUsbMdm - ok
15:41:17.0973 1360 BrUsbSer - ok
15:41:17.0989 1360 BTHMODEM - ok
15:41:17.0989 1360 cdfs - ok
15:41:18.0005 1360 cdrom - ok
15:41:18.0005 1360 CertPropSvc - ok
15:41:18.0020 1360 circlass - ok
15:41:18.0020 1360 CLFS - ok
15:41:18.0020 1360 clr_optimization_v2.0.50727_32 - ok
15:41:18.0036 1360 clr_optimization_v2.0.50727_64 - ok
15:41:18.0036 1360 clr_optimization_v4.0.30319_32 - ok
15:41:18.0051 1360 clr_optimization_v4.0.30319_64 - ok
15:41:18.0067 1360 cmdide - ok
15:41:18.0067 1360 Compbatt - ok
15:41:18.0083 1360 COMSysApp - ok
15:41:18.0098 1360 crcdisk - ok
15:41:18.0098 1360 CryptSvc - ok
15:41:18.0114 1360 ctxusbm - ok
15:41:18.0129 1360 DcomLaunch - ok
15:41:18.0129 1360 DfsC - ok
15:41:18.0129 1360 DFSR - ok
15:41:18.0145 1360 Dhcp - ok
15:41:18.0145 1360 disk - ok
15:41:18.0161 1360 Dnscache - ok
15:41:18.0176 1360 dot3svc - ok
15:41:18.0176 1360 Dot4 - ok
15:41:18.0192 1360 Dot4Print - ok
15:41:18.0207 1360 dot4usb - ok
15:41:18.0223 1360 DPS - ok
15:41:18.0223 1360 drmkaud - ok
15:41:18.0239 1360 dsNcAdpt - ok
15:41:18.0239 1360 DXGKrnl - ok
15:41:18.0254 1360 E1G60 - ok
15:41:18.0254 1360 EapHost - ok
15:41:18.0270 1360 Ecache - ok
15:41:18.0270 1360 eDataSecurity Service - ok
15:41:18.0285 1360 ehRecvr - ok
15:41:18.0285 1360 ehSched - ok
15:41:18.0301 1360 ehstart - ok
15:41:18.0301 1360 elxstor - ok
15:41:18.0317 1360 EMDMgmt - ok
15:41:18.0317 1360 ErrDev - ok
15:41:18.0332 1360 ETService - ok
15:41:18.0348 1360 EventSystem - ok
15:41:18.0348 1360 exfat - ok
15:41:18.0363 1360 fastfat - ok
15:41:18.0379 1360 fdc - ok
15:41:18.0379 1360 fdPHost - ok
15:41:18.0395 1360 FDResPub - ok
15:41:18.0395 1360 FileInfo - ok
15:41:18.0410 1360 Filetrace - ok
15:41:18.0410 1360 flpydisk - ok
15:41:18.0426 1360 FltMgr - ok
15:41:18.0426 1360 FontCache - ok
15:41:18.0441 1360 FontCache3.0.0.0 - ok
15:41:18.0441 1360 ForceWare Intelligent Application Manager (IAM) - ok
15:41:18.0457 1360 Fs_Rec - ok
15:41:18.0457 1360 gagp30kx - ok
15:41:18.0473 1360 gpsvc - ok
15:41:18.0473 1360 gupdate - ok
15:41:18.0488 1360 gupdatem - ok
15:41:18.0488 1360 gusvc - ok
15:41:18.0504 1360 HdAudAddService - ok
15:41:18.0504 1360 HDAudBus - ok
15:41:18.0519 1360 HidBth - ok
15:41:18.0519 1360 HidIr - ok
15:41:18.0535 1360 hidserv - ok
15:41:18.0535 1360 HidUsb - ok
15:41:18.0551 1360 hkmsvc - ok
15:41:18.0551 1360 HpCISSs - ok
15:41:18.0566 1360 hpqcxs08 - ok
15:41:18.0582 1360 hpqddsvc - ok
15:41:18.0597 1360 HTTP - ok
15:41:18.0597 1360 i2omp - ok
15:41:18.0629 1360 i8042prt - ok
15:41:18.0629 1360 iaStorV - ok
15:41:18.0660 1360 idsvc - ok
15:41:18.0675 1360 iirsp - ok
15:41:18.0675 1360 IKEEXT - ok
15:41:18.0707 1360 int15 - ok
15:41:18.0707 1360 IntcAzAudAddService - ok
15:41:18.0722 1360 intelide - ok
15:41:18.0722 1360 intelppm - ok
15:41:18.0738 1360 IPBusEnum - ok
15:41:18.0738 1360 IpFilterDriver - ok
15:41:18.0753 1360 iphlpsvc - ok
15:41:18.0769 1360 IpInIp - ok
15:41:18.0800 1360 IPMIDRV - ok
15:41:18.0800 1360 IPNAT - ok
15:41:18.0831 1360 IRENUM - ok
15:41:18.0831 1360 isapnp - ok
15:41:18.0863 1360 iScsiPrt - ok
15:41:18.0878 1360 iteatapi - ok
15:41:18.0878 1360 ITEIO.SYS - ok
15:41:18.0894 1360 iteraid - ok
15:41:18.0925 1360 kbdclass - ok
15:41:18.0925 1360 kbdhid - ok
15:41:18.0941 1360 KeyIso - ok
15:41:18.0941 1360 KSecDD - ok
15:41:18.0956 1360 ksthunk - ok
15:41:18.0956 1360 KtmRm - ok
15:41:19.0019 1360 LanmanServer - ok
15:41:19.0050 1360 LanmanWorkstation - ok
15:41:19.0065 1360 LightScribeService - ok
15:41:19.0065 1360 lltdio - ok
15:41:19.0081 1360 lltdsvc - ok
15:41:19.0143 1360 lmhosts - ok
15:41:19.0190 1360 LSI_FC - ok
15:41:19.0206 1360 LSI_SAS - ok
15:41:19.0206 1360 LSI_SCSI - ok
15:41:19.0221 1360 luafv - ok
15:41:19.0221 1360 massfilter_hs - ok
15:41:19.0237 1360 Mcx2Svc - ok
15:41:19.0253 1360 megasas - ok
15:41:19.0268 1360 MegaSR - ok
15:41:19.0284 1360 MLITS Pulse Service - ok
15:41:19.0284 1360 MMCSS - ok
15:41:19.0299 1360 Modem - ok
15:41:19.0299 1360 monitor - ok
15:41:19.0315 1360 mouclass - ok
15:41:19.0331 1360 mouhid - ok
15:41:19.0346 1360 MountMgr - ok
15:41:19.0440 1360 mpio - ok
15:41:19.0487 1360 mpsdrv - ok
15:41:19.0533 1360 MpsSvc - ok
15:41:19.0549 1360 Mraid35x - ok
15:41:19.0565 1360 MRxDAV - ok
15:41:19.0565 1360 mrxsmb - ok
15:41:19.0580 1360 mrxsmb10 - ok
15:41:19.0580 1360 mrxsmb20 - ok
15:41:19.0596 1360 msahci - ok
15:41:19.0596 1360 msdsm - ok
15:41:19.0674 1360 MSDTC - ok
15:41:19.0705 1360 Msfs - ok
15:41:19.0705 1360 msisadrv - ok
15:41:19.0861 1360 MSiSCSI - ok
15:41:19.0877 1360 msiserver - ok
15:41:19.0877 1360 MSKSSRV - ok
15:41:19.0923 1360 MSPCLOCK - ok
15:41:19.0970 1360 MSPQM - ok
15:41:20.0017 1360 MsRPC - ok
15:41:20.0033 1360 mssmbios - ok
15:41:20.0064 1360 MSTEE - ok
15:41:20.0064 1360 Mup - ok
15:41:20.0095 1360 napagent - ok
15:41:20.0126 1360 NativeWifiP - ok
15:41:20.0157 1360 NDIS - ok
15:41:20.0189 1360 NdisTapi - ok
15:41:20.0204 1360 Ndisuio - ok
15:41:20.0204 1360 NdisWan - ok
15:41:20.0220 1360 NDProxy - ok
15:41:20.0220 1360 NEOFLTR_650_15255 - ok
15:41:20.0235 1360 Net Driver HPZ12 - ok
15:41:20.0251 1360 NetBIOS - ok
15:41:20.0251 1360 netbt - ok
15:41:20.0267 1360 Netlogon - ok
15:41:20.0282 1360 Netman - ok
15:41:20.0298 1360 NetMsmqActivator - ok
15:41:20.0298 1360 NetPipeActivator - ok
15:41:20.0313 1360 netprofm - ok
15:41:20.0313 1360 NetTcpActivator - ok
15:41:20.0329 1360 NetTcpPortSharing - ok
15:41:20.0345 1360 nfrd960 - ok
15:41:20.0360 1360 NitroReaderDriverReadSpool2 - ok
15:41:20.0376 1360 NlaSvc - ok
15:41:20.0391 1360 Npfs - ok
15:41:20.0407 1360 nsi - ok
15:41:20.0407 1360 nsiproxy - ok
15:41:20.0423 1360 nSvcIp - ok
15:41:20.0438 1360 Ntfs - ok
15:41:20.0438 1360 NTIDrvr - ok
15:41:20.0469 1360 Null - ok
15:41:20.0485 1360 NVENETFD - ok
15:41:20.0485 1360 NVHDA - ok
15:41:20.0501 1360 nvlddmkm - ok
15:41:20.0516 1360 NVNET - ok
15:41:20.0532 1360 nvraid - ok
15:41:20.0532 1360 nvstor - ok
15:41:20.0532 1360 nvstor64 - ok
15:41:20.0547 1360 nvsvc - ok
15:41:20.0563 1360 nvUpdatusService - ok
15:41:20.0563 1360 nv_agp - ok
15:41:20.0579 1360 NwlnkFlt - ok
15:41:20.0594 1360 NwlnkFwd - ok
15:41:20.0610 1360 odserv - ok
15:41:20.0610 1360 ohci1394 - ok
15:41:20.0625 1360 ose - ok
15:41:20.0641 1360 osppsvc - ok
15:41:20.0657 1360 p2pimsvc - ok
15:41:20.0688 1360 p2psvc - ok
15:41:20.0703 1360 Parport - ok
15:41:20.0703 1360 partmgr - ok
15:41:20.0719 1360 PcaSvc - ok
15:41:20.0719 1360 pci - ok
15:41:20.0735 1360 pciide - ok
15:41:20.0735 1360 pcmcia - ok
15:41:20.0750 1360 PEAUTH - ok
15:41:20.0766 1360 PerfHost - ok
15:41:20.0797 1360 PGP RDD Service - ok
15:41:20.0813 1360 PGPdisk - ok
15:41:20.0813 1360 pgpfs - ok
15:41:20.0828 1360 PGPsdkDriver - ok
15:41:20.0844 1360 PGPserv - ok
15:41:20.0844 1360 PGPwded - ok
15:41:20.0859 1360 Pgpwdefs - ok
15:41:20.0859 1360 pla - ok
15:41:20.0891 1360 PlugPlay - ok
15:41:20.0891 1360 Pml Driver HPZ12 - ok
15:41:20.0906 1360 PNRPAutoReg - ok
15:41:20.0906 1360 PNRPsvc - ok
15:41:20.0922 1360 PolicyAgent - ok
15:41:20.0937 1360 PptpMiniport - ok
15:41:20.0937 1360 Processor - ok
15:41:20.0953 1360 ProfSvc - ok
15:41:20.0953 1360 ProtectedStorage - ok
15:41:20.0984 1360 PSched - ok
15:41:21.0000 1360 PSDFilter - ok
15:41:21.0000 1360 PSDNServ - ok
15:41:21.0015 1360 psdvdisk - ok
15:41:21.0015 1360 QBCFMonitorService - ok
15:41:21.0047 1360 QBFCService - ok
15:41:21.0047 1360 ql2300 - ok
15:41:21.0062 1360 ql40xx - ok
15:41:21.0078 1360 QWAVE - ok
15:41:21.0093 1360 QWAVEdrv - ok
15:41:21.0093 1360 RasAcd - ok
15:41:21.0125 1360 RasAuto - ok
15:41:21.0125 1360 Rasl2tp - ok
15:41:21.0140 1360 RasMan - ok
15:41:21.0156 1360 RasPppoe - ok
15:41:21.0171 1360 RasSstp - ok
15:41:21.0187 1360 rdbss - ok
15:41:21.0187 1360 RDPCDD - ok
15:41:21.0203 1360 rdpdr - ok
15:41:21.0218 1360 RDPENCDD - ok
15:41:21.0234 1360 RDPWD - ok
15:41:21.0249 1360 RemoteAccess - ok
15:41:21.0265 1360 RemoteRegistry - ok
15:41:21.0265 1360 RpcLocator - ok
15:41:21.0281 1360 RpcSs - ok
15:41:21.0296 1360 rspndr - ok
15:41:21.0312 1360 SamSs - ok
15:41:21.0312 1360 sbp2port - ok
15:41:21.0327 1360 SCardSvr - ok
15:41:21.0343 1360 Schedule - ok
15:41:21.0359 1360 SCPolicySvc - ok
15:41:21.0359 1360 SDRSVC - ok
15:41:21.0374 1360 secdrv - ok
15:41:21.0390 1360 seclogon - ok
15:41:21.0421 1360 SENS - ok
15:41:21.0437 1360 Serenum - ok
15:41:21.0437 1360 Serial - ok
15:41:21.0452 1360 sermouse - ok
15:41:21.0468 1360 SessionEnv - ok
15:41:21.0483 1360 sffdisk - ok
15:41:21.0499 1360 sffp_mmc - ok
15:41:21.0499 1360 sffp_sd - ok
15:41:21.0515 1360 sfloppy - ok
15:41:21.0546 1360 SharedAccess - ok
15:41:21.0546 1360 ShellHWDetection - ok
15:41:21.0561 1360 SiSRaid2 - ok
15:41:21.0561 1360 SiSRaid4 - ok
15:41:21.0577 1360 slsvc - ok
15:41:21.0593 1360 SLUINotify - ok
15:41:21.0608 1360 Smb - ok
15:41:21.0624 1360 SNMPTRAP - ok
15:41:21.0624 1360 spldr - ok
15:41:21.0639 1360 Spooler - ok
15:41:21.0639 1360 srv - ok
15:41:21.0655 1360 srv2 - ok
15:41:21.0655 1360 srvnet - ok
15:41:21.0671 1360 SSDPSRV - ok
15:41:21.0686 1360 SstpSvc - ok
15:41:21.0702 1360 stisvc - ok
15:41:21.0702 1360 swenum - ok
15:41:21.0717 1360 swprv - ok
15:41:21.0733 1360 Symc8xx - ok
15:41:21.0749 1360 Sym_hi - ok
15:41:21.0749 1360 Sym_u3 - ok
15:41:21.0764 1360 SysMain - ok
15:41:21.0764 1360 TabletInputService - ok
15:41:21.0780 1360 TapiSrv - ok
15:41:21.0780 1360 TBS - ok
15:41:21.0795 1360 Tcpip - ok
15:41:21.0811 1360 Tcpip6 - ok
15:41:21.0827 1360 tcpipreg - ok
15:41:21.0842 1360 TDPIPE - ok
15:41:21.0842 1360 TDTCP - ok
15:41:21.0858 1360 tdx - ok
15:41:21.0858 1360 TermDD - ok
15:41:21.0873 1360 TermService - ok
15:41:21.0873 1360 Themes - ok
15:41:21.0889 1360 THREADORDER - ok
15:41:21.0905 1360 TrkWks - ok
15:41:21.0905 1360 TrustedInstaller - ok
15:41:21.0920 1360 tssecsrv - ok
15:41:21.0936 1360 tunmp - ok
15:41:21.0936 1360 tunnel - ok
15:41:21.0951 1360 uagp35 - ok
15:41:21.0967 1360 UBHelper - ok
15:41:21.0967 1360 udfs - ok
15:41:21.0983 1360 UI0Detect - ok
15:41:21.0998 1360 uliagpkx - ok
15:41:21.0998 1360 uliahci - ok
15:41:22.0014 1360 UlSata - ok
15:41:22.0029 1360 ulsata2 - ok
15:41:22.0029 1360 umbus - ok
15:41:22.0045 1360 upnphost - ok
15:41:22.0061 1360 usbccgp - ok
15:41:22.0076 1360 usbcir - ok
15:41:22.0076 1360 usbehci - ok
15:41:22.0092 1360 usbhub - ok
15:41:22.0092 1360 usbohci - ok
15:41:22.0107 1360 usbprint - ok
15:41:22.0107 1360 usbscan - ok
15:41:22.0139 1360 USBSTOR - ok
15:41:22.0139 1360 usbuhci - ok
15:41:22.0139 1360 UxSms - ok
15:41:22.0154 1360 vds - ok
15:41:22.0154 1360 vga - ok
15:41:22.0170 1360 VgaSave - ok
15:41:22.0170 1360 viaide - ok
15:41:22.0185 1360 volmgr - ok
15:41:22.0185 1360 volmgrx - ok
15:41:22.0201 1360 volsnap - ok
15:41:22.0201 1360 vpnva - ok
15:41:22.0217 1360 vsmraid - ok
15:41:22.0217 1360 VSS - ok
15:41:22.0232 1360 W32Time - ok
15:41:22.0248 1360 WacomPen - ok
15:41:22.0248 1360 Wanarp - ok
15:41:22.0263 1360 Wanarpv6 - ok
15:41:22.0263 1360 wcncsvc - ok
15:41:22.0279 1360 WcsPlugInService - ok
15:41:22.0279 1360 Wd - ok
15:41:22.0279 1360 Wdf01000 - ok
15:41:22.0295 1360 WdiServiceHost - ok
15:41:22.0295 1360 WdiSystemHost - ok
15:41:22.0310 1360 WebClient - ok
15:41:22.0310 1360 Wecsvc - ok
15:41:22.0326 1360 wercplsupport - ok
15:41:22.0326 1360 WerSvc - ok
15:41:22.0341 1360 WinDefend - ok
15:41:22.0357 1360 WinHttpAutoProxySvc - ok
15:41:22.0357 1360 Winmgmt - ok
15:41:22.0373 1360 WinRM - ok
15:41:22.0388 1360 Wlansvc - ok
15:41:22.0388 1360 WmiAcpi - ok
15:41:22.0404 1360 wmiApSrv - ok
15:41:22.0404 1360 WMPNetworkSvc - ok
15:41:22.0419 1360 WPCSvc - ok
15:41:22.0419 1360 WPDBusEnum - ok
15:41:22.0435 1360 WPFFontCache_v0400 - ok
15:41:22.0435 1360 ws2ifsl - ok
15:41:22.0451 1360 wscsvc - ok
15:41:22.0451 1360 WSearch - ok
15:41:22.0466 1360 wuauserv - ok
15:41:22.0466 1360 WUDFRd - ok
15:41:22.0497 1360 wudfsvc - ok
15:41:22.0513 1360 ================ Scan global ===============================
15:41:22.0575 1360 [Global] - ok
15:41:22.0575 1360 ================ Scan MBR ==================================
15:41:22.0591 1360 [ D6AE2662C2CFEEFEE286D0A3948E2BF7 ] \Device\Harddisk0\DR0
15:41:22.0716 1360 \Device\Harddisk0\DR0 - ok
15:41:22.0716 1360 ================ Scan VBR ==================================
15:41:22.0716 1360 [ 0DB85FF2C73DBB916CEAC3FB6A8741E1 ] \Device\Harddisk0\DR0\Partition1
15:41:22.0716 1360 \Device\Harddisk0\DR0\Partition1 - ok
15:41:22.0763 1360 [ 95C5391B857A6A889E2AA884E437AFEE ] \Device\Harddisk0\DR0\Partition2
15:41:22.0778 1360 \Device\Harddisk0\DR0\Partition2 - ok
15:41:22.0794 1360 ============================================================
15:41:22.0794 1360 Scan finished
15:41:22.0794 1360 ============================================================
15:41:22.0809 1328 Detected object count: 0
15:41:22.0809 1328 Actual detected object count: 0
15:43:37.0396 6460 ============================================================
15:43:37.0396 6460 Scan started
15:43:37.0396 6460 Mode: Manual; TDLFS;
15:43:37.0396 6460 ============================================================
15:43:37.0414 6460 ================ Scan system memory ========================
15:43:37.0414 6460 System memory - ok
15:43:37.0414 6460 ================ Scan services =============================
15:43:37.0461 6460 ACPI - ok
15:43:37.0468 6460 adp94xx - ok
15:43:37.0477 6460 adpahci - ok
15:43:37.0483 6460 adpu160m - ok
15:43:37.0491 6460 adpu320 - ok
15:43:37.0501 6460 AeLookupSvc - ok
15:43:37.0509 6460 AFD - ok
15:43:37.0516 6460 AgereModemAudio - ok
15:43:37.0525 6460 AgereSoftModem - ok
15:43:37.0531 6460 agp440 - ok
15:43:37.0539 6460 aic78xx - ok
15:43:37.0547 6460 ALG - ok
15:43:37.0556 6460 aliide - ok
15:43:37.0563 6460 amdide - ok
15:43:37.0573 6460 AmdK8 - ok
15:43:37.0580 6460 Appinfo - ok
15:43:37.0589 6460 arc - ok
15:43:37.0596 6460 arcsas - ok
15:43:37.0622 6460 aspnet_state - ok
15:43:37.0629 6460 AsyncMac - ok
15:43:37.0636 6460 atapi - ok
15:43:37.0644 6460 AudioEndpointBuilder - ok
15:43:37.0651 6460 AudioSrv - ok
15:43:37.0663 6460 BFE - ok
15:43:37.0672 6460 BITS - ok
15:43:37.0679 6460 blbdrive - ok
15:43:37.0686 6460 bowser - ok
15:43:37.0695 6460 BrFiltLo - ok
15:43:37.0701 6460 BrFiltUp - ok
15:43:37.0709 6460 Browser - ok
15:43:37.0716 6460 Brserid - ok
15:43:37.0723 6460 BrSerWdm - ok
15:43:37.0730 6460 BrUsbMdm - ok
15:43:37.0737 6460 BrUsbSer - ok
15:43:37.0744 6460 BTHMODEM - ok
15:43:37.0756 6460 cdfs - ok
15:43:37.0762 6460 cdrom - ok
15:43:37.0769 6460 CertPropSvc - ok
15:43:37.0777 6460 circlass - ok
15:43:37.0783 6460 CLFS - ok
15:43:37.0791 6460 clr_optimization_v2.0.50727_32 - ok
15:43:37.0798 6460 clr_optimization_v2.0.50727_64 - ok
15:43:37.0806 6460 clr_optimization_v4.0.30319_32 - ok
15:43:37.0813 6460 clr_optimization_v4.0.30319_64 - ok
15:43:37.0820 6460 cmdide - ok
15:43:37.0828 6460 Compbatt - ok
15:43:37.0836 6460 COMSysApp - ok
15:43:37.0844 6460 crcdisk - ok
15:43:37.0857 6460 CryptSvc - ok
15:43:37.0863 6460 ctxusbm - ok
15:43:37.0876 6460 DcomLaunch - ok
15:43:37.0882 6460 DfsC - ok
15:43:37.0890 6460 DFSR - ok
15:43:37.0896 6460 Dhcp - ok
15:43:37.0903 6460 disk - ok
15:43:37.0911 6460 Dnscache - ok
15:43:37.0917 6460 dot3svc - ok
15:43:37.0925 6460 Dot4 - ok
15:43:37.0932 6460 Dot4Print - ok
15:43:37.0940 6460 dot4usb - ok
15:43:37.0948 6460 DPS - ok
15:43:37.0957 6460 drmkaud - ok
15:43:37.0964 6460 dsNcAdpt - ok
15:43:37.0971 6460 DXGKrnl - ok
15:43:37.0979 6460 E1G60 - ok
15:43:37.0986 6460 EapHost - ok
15:43:37.0994 6460 Ecache - ok
15:43:38.0002 6460 eDataSecurity Service - ok
15:43:38.0011 6460 ehRecvr - ok
15:43:38.0018 6460 ehSched - ok
15:43:38.0026 6460 ehstart - ok
15:43:38.0033 6460 elxstor - ok
15:43:38.0045 6460 EMDMgmt - ok
15:43:38.0053 6460 ErrDev - ok
15:43:38.0065 6460 ETService - ok
15:43:38.0076 6460 EventSystem - ok
15:43:38.0084 6460 exfat - ok
15:43:38.0092 6460 fastfat - ok
15:43:38.0099 6460 fdc - ok
15:43:38.0107 6460 fdPHost - ok
15:43:38.0115 6460 FDResPub - ok
15:43:38.0124 6460 FileInfo - ok
15:43:38.0131 6460 Filetrace - ok
15:43:38.0140 6460 flpydisk - ok
15:43:38.0147 6460 FltMgr - ok
15:43:38.0157 6460 FontCache - ok
15:43:38.0163 6460 FontCache3.0.0.0 - ok
15:43:38.0171 6460 ForceWare Intelligent Application Manager (IAM) - ok
15:43:38.0179 6460 Fs_Rec - ok
15:43:38.0186 6460 gagp30kx - ok
15:43:38.0194 6460 gpsvc - ok
15:43:38.0202 6460 gupdate - ok
15:43:38.0210 6460 gupdatem - ok
15:43:38.0218 6460 gusvc - ok
15:43:38.0226 6460 HdAudAddService - ok
15:43:38.0233 6460 HDAudBus - ok
15:43:38.0241 6460 HidBth - ok
15:43:38.0247 6460 HidIr - ok
15:43:38.0254 6460 hidserv - ok
15:43:38.0262 6460 HidUsb - ok
15:43:38.0268 6460 hkmsvc - ok
15:43:38.0276 6460 HpCISSs - ok
15:43:38.0283 6460 hpqcxs08 - ok
15:43:38.0291 6460 hpqddsvc - ok
15:43:38.0298 6460 HTTP - ok
15:43:38.0305 6460 i2omp - ok
15:43:38.0315 6460 i8042prt - ok
15:43:38.0325 6460 iaStorV - ok
15:43:38.0335 6460 idsvc - ok
15:43:38.0343 6460 iirsp - ok
15:43:38.0350 6460 IKEEXT - ok
15:43:38.0361 6460 int15 - ok
15:43:38.0368 6460 IntcAzAudAddService - ok
15:43:38.0376 6460 intelide - ok
15:43:38.0383 6460 intelppm - ok
15:43:38.0391 6460 IPBusEnum - ok
15:43:38.0397 6460 IpFilterDriver - ok
15:43:38.0403 6460 iphlpsvc - ok
15:43:38.0409 6460 IpInIp - ok
15:43:38.0415 6460 IPMIDRV - ok
15:43:38.0425 6460 IPNAT - ok
15:43:38.0433 6460 IRENUM - ok
15:43:38.0442 6460 isapnp - ok
15:43:38.0449 6460 iScsiPrt - ok
15:43:38.0455 6460 iteatapi - ok
15:43:38.0463 6460 ITEIO.SYS - ok
15:43:38.0470 6460 iteraid - ok
15:43:38.0479 6460 kbdclass - ok
15:43:38.0486 6460 kbdhid - ok
15:43:38.0494 6460 KeyIso - ok
15:43:38.0502 6460 KSecDD - ok
15:43:38.0510 6460 ksthunk - ok
15:43:38.0519 6460 KtmRm - ok
15:43:38.0527 6460 LanmanServer - ok
15:43:38.0537 6460 LanmanWorkstation - ok
15:43:38.0549 6460 LightScribeService - ok
15:43:38.0558 6460 lltdio - ok
15:43:38.0565 6460 lltdsvc - ok
15:43:38.0572 6460 lmhosts - ok
15:43:38.0584 6460 LSI_FC - ok
15:43:38.0592 6460 LSI_SAS - ok
15:43:38.0601 6460 LSI_SCSI - ok
15:43:38.0609 6460 luafv - ok
15:43:38.0616 6460 massfilter_hs - ok
15:43:38.0643 6460 Mcx2Svc - ok
15:43:38.0650 6460 megasas - ok
15:43:38.0657 6460 MegaSR - ok
15:43:38.0665 6460 MLITS Pulse Service - ok
15:43:38.0671 6460 MMCSS - ok
15:43:38.0679 6460 Modem - ok
15:43:38.0686 6460 monitor - ok
15:43:38.0693 6460 mouclass - ok
15:43:38.0700 6460 mouhid - ok
15:43:38.0709 6460 MountMgr - ok
15:43:38.0714 6460 mpio - ok
15:43:38.0721 6460 mpsdrv - ok
15:43:38.0730 6460 MpsSvc - ok
15:43:38.0737 6460 Mraid35x - ok
15:43:38.0745 6460 MRxDAV - ok
15:43:38.0751 6460 mrxsmb - ok
15:43:38.0759 6460 mrxsmb10 - ok
15:43:38.0766 6460 mrxsmb20 - ok
15:43:38.0773 6460 msahci - ok
15:43:38.0781 6460 msdsm - ok
15:43:38.0787 6460 MSDTC - ok
15:43:38.0801 6460 Msfs - ok
15:43:38.0809 6460 msisadrv - ok
15:43:38.0815 6460 MSiSCSI - ok
15:43:38.0822 6460 msiserver - ok
15:43:38.0830 6460 MSKSSRV - ok
15:43:38.0837 6460 MSPCLOCK - ok
15:43:38.0845 6460 MSPQM - ok
15:43:38.0852 6460 MsRPC - ok
15:43:38.0862 6460 mssmbios - ok
15:43:38.0869 6460 MSTEE - ok
15:43:38.0877 6460 Mup - ok
15:43:38.0884 6460 napagent - ok
15:43:38.0893 6460 NativeWifiP - ok
15:43:38.0899 6460 NDIS - ok
15:43:38.0906 6460 NdisTapi - ok
15:43:38.0914 6460 Ndisuio - ok
15:43:38.0921 6460 NdisWan - ok
15:43:38.0929 6460 NDProxy - ok
15:43:38.0936 6460 NEOFLTR_650_15255 - ok
15:43:38.0945 6460 Net Driver HPZ12 - ok
15:43:38.0952 6460 NetBIOS - ok
15:43:38.0960 6460 netbt - ok
15:43:38.0967 6460 Netlogon - ok
15:43:38.0973 6460 Netman - ok
15:43:38.0981 6460 NetMsmqActivator - ok
15:43:38.0988 6460 NetPipeActivator - ok
15:43:38.0996 6460 netprofm - ok
15:43:39.0003 6460 NetTcpActivator - ok
15:43:39.0011 6460 NetTcpPortSharing - ok
15:43:39.0018 6460 nfrd960 - ok
15:43:39.0027 6460 NitroReaderDriverReadSpool2 - ok
15:43:39.0033 6460 NlaSvc - ok
15:43:39.0043 6460 Npfs - ok
15:43:39.0049 6460 nsi - ok
15:43:39.0056 6460 nsiproxy - ok
15:43:39.0064 6460 nSvcIp - ok
15:43:39.0074 6460 Ntfs - ok
15:43:39.0082 6460 NTIDrvr - ok
15:43:39.0089 6460 Null - ok
15:43:39.0099 6460 NVENETFD - ok
15:43:39.0106 6460 NVHDA - ok
15:43:39.0114 6460 nvlddmkm - ok
15:43:39.0120 6460 NVNET - ok
15:43:39.0131 6460 nvraid - ok
15:43:39.0138 6460 nvstor - ok
15:43:39.0145 6460 nvstor64 - ok
15:43:39.0152 6460 nvsvc - ok
15:43:39.0161 6460 nvUpdatusService - ok
15:43:39.0167 6460 nv_agp - ok
15:43:39.0174 6460 NwlnkFlt - ok
15:43:39.0182 6460 NwlnkFwd - ok
15:43:39.0189 6460 odserv - ok
15:43:39.0197 6460 ohci1394 - ok
15:43:39.0204 6460 ose - ok
15:43:39.0212 6460 osppsvc - ok
15:43:39.0222 6460 p2pimsvc - ok
15:43:39.0230 6460 p2psvc - ok
15:43:39.0236 6460 Parport - ok
15:43:39.0244 6460 partmgr - ok
15:43:39.0251 6460 PcaSvc - ok
15:43:39.0258 6460 pci - ok
15:43:39.0266 6460 pciide - ok
15:43:39.0273 6460 pcmcia - ok
15:43:39.0281 6460 PEAUTH - ok
15:43:39.0291 6460 PerfHost - ok
15:43:39.0311 6460 PGP RDD Service - ok
15:43:39.0317 6460 PGPdisk - ok
15:43:39.0324 6460 pgpfs - ok
15:43:39.0335 6460 PGPsdkDriver - ok
15:43:39.0344 6460 PGPserv - ok
15:43:39.0350 6460 PGPwded - ok
15:43:39.0357 6460 Pgpwdefs - ok
15:43:39.0364 6460 pla - ok
15:43:39.0371 6460 PlugPlay - ok
15:43:39.0379 6460 Pml Driver HPZ12 - ok
15:43:39.0386 6460 PNRPAutoReg - ok
15:43:39.0395 6460 PNRPsvc - ok
15:43:39.0400 6460 PolicyAgent - ok
15:43:39.0412 6460 PptpMiniport - ok
15:43:39.0419 6460 Processor - ok
15:43:39.0437 6460 ProfSvc - ok
15:43:39.0446 6460 ProtectedStorage - ok
15:43:39.0452 6460 PSched - ok
15:43:39.0459 6460 PSDFilter - ok
15:43:39.0466 6460 PSDNServ - ok
15:43:39.0474 6460 psdvdisk - ok
15:43:39.0482 6460 QBCFMonitorService - ok
15:43:39.0489 6460 QBFCService - ok
15:43:39.0497 6460 ql2300 - ok
15:43:39.0504 6460 ql40xx - ok
15:43:39.0513 6460 QWAVE - ok
15:43:39.0519 6460 QWAVEdrv - ok
15:43:39.0528 6460 RasAcd - ok
15:43:39.0534 6460 RasAuto - ok
15:43:39.0540 6460 Rasl2tp - ok
15:43:39.0548 6460 RasMan - ok
15:43:39.0555 6460 RasPppoe - ok
15:43:39.0563 6460 RasSstp - ok
15:43:39.0569 6460 rdbss - ok
15:43:39.0579 6460 RDPCDD - ok
15:43:39.0587 6460 rdpdr - ok
15:43:39.0596 6460 RDPENCDD - ok
15:43:39.0605 6460 RDPWD - ok
15:43:39.0613 6460 RemoteAccess - ok
15:43:39.0620 6460 RemoteRegistry - ok
15:43:39.0629 6460 RpcLocator - ok
15:43:39.0635 6460 RpcSs - ok
15:43:39.0641 6460 rspndr - ok
15:43:39.0649 6460 SamSs - ok
15:43:39.0656 6460 sbp2port - ok
15:43:39.0664 6460 SCardSvr - ok
15:43:39.0671 6460 Schedule - ok
15:43:39.0679 6460 SCPolicySvc - ok
15:43:39.0689 6460 SDRSVC - ok
15:43:39.0697 6460 secdrv - ok
15:43:39.0704 6460 seclogon - ok
15:43:39.0712 6460 SENS - ok
15:43:39.0718 6460 Serenum - ok
15:43:39.0726 6460 Serial - ok
15:43:39.0733 6460 sermouse - ok
15:43:39.0750 6460 SessionEnv - ok
15:43:39.0757 6460 sffdisk - ok
15:43:39.0765 6460 sffp_mmc - ok
15:43:39.0772 6460 sffp_sd - ok
15:43:39.0780 6460 sfloppy - ok
15:43:39.0786 6460 SharedAccess - ok
15:43:39.0793 6460 ShellHWDetection - ok
15:43:39.0801 6460 SiSRaid2 - ok
15:43:39.0808 6460 SiSRaid4 - ok
15:43:39.0816 6460 slsvc - ok
15:43:39.0823 6460 SLUINotify - ok
15:43:39.0831 6460 Smb - ok
15:43:39.0847 6460 SNMPTRAP - ok
15:43:39.0853 6460 spldr - ok
15:43:39.0859 6460 Spooler - ok
15:43:39.0867 6460 srv - ok
15:43:39.0873 6460 srv2 - ok
15:43:39.0882 6460 srvnet - ok
15:43:39.0888 6460 SSDPSRV - ok
15:43:39.0896 6460 SstpSvc - ok
15:43:39.0903 6460 stisvc - ok
15:43:39.0910 6460 swenum - ok
15:43:39.0918 6460 swprv - ok
15:43:39.0922 6460 Symc8xx - ok
15:43:39.0929 6460 Sym_hi - ok
15:43:39.0936 6460 Sym_u3 - ok
15:43:39.0943 6460 SysMain - ok
15:43:39.0951 6460 TabletInputService - ok
15:43:39.0958 6460 TapiSrv - ok
15:43:39.0967 6460 TBS - ok
15:43:39.0974 6460 Tcpip - ok
15:43:39.0984 6460 Tcpip6 - ok
15:43:39.0990 6460 tcpipreg - ok
15:43:39.0999 6460 TDPIPE - ok
15:43:40.0005 6460 TDTCP - ok
15:43:40.0014 6460 tdx - ok
15:43:40.0020 6460 TermDD - ok
15:43:40.0027 6460 TermService - ok
15:43:40.0034 6460 Themes - ok
15:43:40.0040 6460 THREADORDER - ok
15:43:40.0049 6460 TrkWks - ok
15:43:40.0056 6460 TrustedInstaller - ok
15:43:40.0067 6460 tssecsrv - ok
15:43:40.0074 6460 tunmp - ok
15:43:40.0081 6460 tunnel - ok
15:43:40.0088 6460 uagp35 - ok
15:43:40.0097 6460 UBHelper - ok
15:43:40.0103 6460 udfs - ok
15:43:40.0122 6460 UI0Detect - ok
15:43:40.0131 6460 uliagpkx - ok
15:43:40.0136 6460 uliahci - ok
15:43:40.0143 6460 UlSata - ok
15:43:40.0151 6460 ulsata2 - ok
15:43:40.0157 6460 umbus - ok
15:43:40.0166 6460 upnphost - ok
15:43:40.0176 6460 usbccgp - ok
15:43:40.0184 6460 usbcir - ok
15:43:40.0191 6460 usbehci - ok
15:43:40.0199 6460 usbhub - ok
15:43:40.0206 6460 usbohci - ok
15:43:40.0214 6460 usbprint - ok
15:43:40.0220 6460 usbscan - ok
15:43:40.0227 6460 USBSTOR - ok
15:43:40.0235 6460 usbuhci - ok
15:43:40.0241 6460 UxSms - ok
15:43:40.0249 6460 vds - ok
15:43:40.0256 6460 vga - ok
15:43:40.0263 6460 VgaSave - ok
15:43:40.0271 6460 viaide - ok
15:43:40.0278 6460 volmgr - ok
15:43:40.0286 6460 volmgrx - ok
15:43:40.0292 6460 volsnap - ok
15:43:40.0311 6460 vpnva - ok
15:43:40.0320 6460 vsmraid - ok
15:43:40.0326 6460 VSS - ok
15:43:40.0336 6460 W32Time - ok
15:43:40.0348 6460 WacomPen - ok
15:43:40.0355 6460 Wanarp - ok
15:43:40.0364 6460 Wanarpv6 - ok
15:43:40.0369 6460 wcncsvc - ok
15:43:40.0376 6460 WcsPlugInService - ok
15:43:40.0384 6460 Wd - ok
15:43:40.0390 6460 Wdf01000 - ok
15:43:40.0399 6460 WdiServiceHost - ok
15:43:40.0405 6460 WdiSystemHost - ok
15:43:40.0411 6460 WebClient - ok
15:43:40.0419 6460 Wecsvc - ok
15:43:40.0423 6460 wercplsupport - ok
15:43:40.0432 6460 WerSvc - ok
15:43:40.0438 6460 WinDefend - ok
15:43:40.0453 6460 WinHttpAutoProxySvc - ok
15:43:40.0459 6460 Winmgmt - ok
15:43:40.0468 6460 WinRM - ok
15:43:40.0484 6460 Wlansvc - ok
15:43:40.0490 6460 WmiAcpi - ok
15:43:40.0501 6460 wmiApSrv - ok
15:43:40.0508 6460 WMPNetworkSvc - ok
15:43:40.0517 6460 WPCSvc - ok
15:43:40.0523 6460 WPDBusEnum - ok
15:43:40.0533 6460 WPFFontCache_v0400 - ok
15:43:40.0538 6460 ws2ifsl - ok
15:43:40.0545 6460 wscsvc - ok
15:43:40.0553 6460 WSearch - ok
15:43:40.0566 6460 wuauserv - ok
15:43:40.0572 6460 WUDFRd - ok
15:43:40.0578 6460 wudfsvc - ok
15:43:40.0593 6460 ================ Scan global ===============================
15:43:40.0606 6460 [Global] - ok
15:43:40.0609 6460 ================ Scan MBR ==================================
15:43:40.0619 6460 [ D6AE2662C2CFEEFEE286D0A3948E2BF7 ] \Device\Harddisk0\DR0
15:43:41.0108 6460 \Device\Harddisk0\DR0 - ok
15:43:41.0108 6460 ================ Scan VBR ==================================
15:43:41.0135 6460 [ 0DB85FF2C73DBB916CEAC3FB6A8741E1 ] \Device\Harddisk0\DR0\Partition1
15:43:41.0135 6460 \Device\Harddisk0\DR0\Partition1 - ok
15:43:41.0156 6460 [ 95C5391B857A6A889E2AA884E437AFEE ] \Device\Harddisk0\DR0\Partition2
15:43:41.0182 6460 \Device\Harddisk0\DR0\Partition2 - ok
15:43:41.0183 6460 ============================================================
15:43:41.0183 6460 Scan finished
15:43:41.0183 6460 ============================================================
15:43:41.0194 6444 Detected object count: 0
15:43:41.0194 6444 Actual detected object count: 0
16:14:53.0202 2304 ============================================================
16:14:53.0202 2304 Scan started
16:14:53.0202 2304 Mode: Manual; TDLFS;
16:14:53.0202 2304 ============================================================
16:14:53.0213 2304 ================ Scan system memory ========================
16:14:53.0213 2304 System memory - ok
16:14:53.0214 2304 ================ Scan services =============================
16:14:53.0239 2304 ACPI - ok
16:14:53.0248 2304 adp94xx - ok
16:14:53.0255 2304 adpahci - ok
16:14:53.0263 2304 adpu160m - ok
16:14:53.0270 2304 adpu320 - ok
16:14:53.0281 2304 AeLookupSvc - ok
16:14:53.0288 2304 AFD - ok
16:14:53.0296 2304 AgereModemAudio - ok
16:14:53.0303 2304 AgereSoftModem - ok
16:14:53.0311 2304 agp440 - ok
16:14:53.0318 2304 aic78xx - ok
16:14:53.0327 2304 ALG - ok
16:14:53.0333 2304 aliide - ok
16:14:53.0340 2304 amdide - ok
16:14:53.0348 2304 AmdK8 - ok
16:14:53.0355 2304 Appinfo - ok
16:14:53.0363 2304 arc - ok
16:14:53.0370 2304 arcsas - ok
16:14:53.0394 2304 aspnet_state - ok
16:14:53.0401 2304 AsyncMac - ok
16:14:53.0408 2304 atapi - ok
16:14:53.0416 2304 AudioEndpointBuilder - ok
16:14:53.0423 2304 AudioSrv - ok
16:14:53.0434 2304 BFE - ok
16:14:53.0440 2304 BITS - ok
16:14:53.0448 2304 blbdrive - ok
16:14:53.0454 2304 bowser - ok
16:14:53.0462 2304 BrFiltLo - ok
16:14:53.0469 2304 BrFiltUp - ok
16:14:53.0477 2304 Browser - ok
16:14:53.0484 2304 Brserid - ok
16:14:53.0491 2304 BrSerWdm - ok
16:14:53.0499 2304 BrUsbMdm - ok
16:14:53.0505 2304 BrUsbSer - ok
16:14:53.0513 2304 BTHMODEM - ok
16:14:53.0523 2304 cdfs - ok
16:14:53.0531 2304 cdrom - ok
16:14:53.0538 2304 CertPropSvc - ok
16:14:53.0545 2304 circlass - ok
16:14:53.0553 2304 CLFS - ok
16:14:53.0562 2304 clr_optimization_v2.0.50727_32 - ok
16:14:53.0569 2304 clr_optimization_v2.0.50727_64 - ok
16:14:53.0576 2304 clr_optimization_v4.0.30319_32 - ok
16:14:53.0584 2304 clr_optimization_v4.0.30319_64 - ok
16:14:53.0591 2304 cmdide - ok
16:14:53.0598 2304 Compbatt - ok
16:14:53.0605 2304 COMSysApp - ok
16:14:53.0614 2304 crcdisk - ok
16:14:53.0624 2304 CryptSvc - ok
16:14:53.0631 2304 ctxusbm - ok
16:14:53.0641 2304 DcomLaunch - ok
16:14:53.0648 2304 DfsC - ok
16:14:53.0655 2304 DFSR - ok
16:14:53.0662 2304 Dhcp - ok
16:14:53.0669 2304 disk - ok
16:14:53.0678 2304 Dnscache - ok
16:14:53.0684 2304 dot3svc - ok
16:14:53.0690 2304 Dot4 - ok
16:14:53.0698 2304 Dot4Print - ok
16:14:53.0705 2304 dot4usb - ok
16:14:53.0712 2304 DPS - ok
16:14:53.0719 2304 drmkaud - ok
16:14:53.0726 2304 dsNcAdpt - ok
16:14:53.0732 2304 DXGKrnl - ok
16:14:53.0739 2304 E1G60 - ok
16:14:53.0748 2304 EapHost - ok
16:14:53.0757 2304 Ecache - ok
16:14:53.0765 2304 eDataSecurity Service - ok
16:14:53.0772 2304 ehRecvr - ok
16:14:53.0779 2304 ehSched - ok
16:14:53.0787 2304 ehstart - ok
16:14:53.0795 2304 elxstor - ok
16:14:53.0804 2304 EMDMgmt - ok
16:14:53.0812 2304 ErrDev - ok
16:14:53.0822 2304 ETService - ok
16:14:53.0834 2304 EventSystem - ok
16:14:53.0841 2304 exfat - ok
16:14:53.0849 2304 fastfat - ok
16:14:53.0856 2304 fdc - ok
16:14:53.0863 2304 fdPHost - ok
16:14:53.0870 2304 FDResPub - ok
16:14:53.0878 2304 FileInfo - ok
16:14:53.0885 2304 Filetrace - ok
16:14:53.0892 2304 flpydisk - ok
16:14:53.0900 2304 FltMgr - ok
16:14:53.0907 2304 FontCache - ok
16:14:53.0915 2304 FontCache3.0.0.0 - ok
16:14:53.0922 2304 ForceWare Intelligent Application Manager (IAM) - ok
16:14:53.0930 2304 Fs_Rec - ok
16:14:53.0936 2304 gagp30kx - ok
16:14:53.0943 2304 gpsvc - ok
16:14:53.0951 2304 gupdate - ok
16:14:53.0955 2304 gupdatem - ok
16:14:53.0963 2304 gusvc - ok
16:14:53.0969 2304 HdAudAddService - ok
16:14:53.0978 2304 HDAudBus - ok
16:14:53.0984 2304 HidBth - ok
16:14:53.0991 2304 HidIr - ok
16:14:53.0999 2304 hidserv - ok
16:14:54.0005 2304 HidUsb - ok
16:14:54.0013 2304 hkmsvc - ok
16:14:54.0026 2304 HpCISSs - ok
16:14:54.0037 2304 hpqcxs08 - ok
16:14:54.0043 2304 hpqddsvc - ok
16:14:54.0051 2304 HTTP - ok
16:14:54.0058 2304 i2omp - ok
16:14:54.0067 2304 i8042prt - ok
16:14:54.0075 2304 iaStorV - ok
16:14:54.0083 2304 idsvc - ok
16:14:54.0094 2304 iirsp - ok
16:14:54.0098 2304 IKEEXT - ok
16:14:54.0109 2304 int15 - ok
16:14:54.0117 2304 IntcAzAudAddService - ok
16:14:54.0124 2304 intelide - ok
16:14:54.0132 2304 intelppm - ok
16:14:54.0140 2304 IPBusEnum - ok
16:14:54.0147 2304 IpFilterDriver - ok
16:14:54.0154 2304 iphlpsvc - ok
16:14:54.0161 2304 IpInIp - ok
16:14:54.0169 2304 IPMIDRV - ok
16:14:54.0176 2304 IPNAT - ok
16:14:54.0183 2304 IRENUM - ok
16:14:54.0190 2304 isapnp - ok
16:14:54.0198 2304 iScsiPrt - ok
16:14:54.0205 2304 iteatapi - ok
16:14:54.0213 2304 ITEIO.SYS - ok
16:14:54.0219 2304 iteraid - ok
16:14:54.0226 2304 kbdclass - ok
16:14:54.0233 2304 kbdhid - ok
16:14:54.0240 2304 KeyIso - ok
16:14:54.0248 2304 KSecDD - ok
16:14:54.0254 2304 ksthunk - ok
16:14:54.0261 2304 KtmRm - ok
16:14:54.0269 2304 LanmanServer - ok
16:14:54.0276 2304 LanmanWorkstation - ok
16:14:54.0287 2304 LightScribeService - ok
16:14:54.0293 2304 lltdio - ok
16:14:54.0302 2304 lltdsvc - ok
16:14:54.0308 2304 lmhosts - ok
16:14:54.0323 2304 LSI_FC - ok
16:14:54.0334 2304 LSI_SAS - ok
16:14:54.0343 2304 LSI_SCSI - ok
16:14:54.0349 2304 luafv - ok
16:14:54.0355 2304 massfilter_hs - ok
16:14:54.0363 2304 Mcx2Svc - ok
16:14:54.0370 2304 megasas - ok
16:14:54.0377 2304 MegaSR - ok
16:14:54.0385 2304 MLITS Pulse Service - ok
16:14:54.0392 2304 MMCSS - ok
16:14:54.0400 2304 Modem - ok
16:14:54.0407 2304 monitor - ok
16:14:54.0414 2304 mouclass - ok
16:14:54.0421 2304 mouhid - ok
16:14:54.0430 2304 MountMgr - ok
16:14:54.0435 2304 mpio - ok
16:14:54.0442 2304 mpsdrv - ok
16:14:54.0450 2304 MpsSvc - ok
16:14:54.0458 2304 Mraid35x - ok
16:14:54.0465 2304 MRxDAV - ok
16:14:54.0473 2304 mrxsmb - ok
16:14:54.0481 2304 mrxsmb10 - ok
16:14:54.0488 2304 mrxsmb20 - ok
16:14:54.0495 2304 msahci - ok
16:14:54.0503 2304 msdsm - ok
16:14:54.0511 2304 MSDTC - ok
16:14:54.0524 2304 Msfs - ok
16:14:54.0534 2304 msisadrv - ok
16:14:54.0543 2304 MSiSCSI - ok
16:14:54.0550 2304 msiserver - ok
16:14:54.0558 2304 MSKSSRV - ok
16:14:54.0568 2304 MSPCLOCK - ok
16:14:54.0577 2304 MSPQM - ok
16:14:54.0585 2304 MsRPC - ok
16:14:54.0595 2304 mssmbios - ok
16:14:54.0603 2304 MSTEE - ok
16:14:54.0609 2304 Mup - ok
16:14:54.0618 2304 napagent - ok
16:14:54.0624 2304 NativeWifiP - ok
16:14:54.0632 2304 NDIS - ok
16:14:54.0639 2304 NdisTapi - ok
16:14:54.0646 2304 Ndisuio - ok
16:14:54.0653 2304 NdisWan - ok
16:14:54.0660 2304 NDProxy - ok
16:14:54.0668 2304 NEOFLTR_650_15255 - ok
16:14:54.0675 2304 Net Driver HPZ12 - ok
16:14:54.0682 2304 NetBIOS - ok
16:14:54.0689 2304 netbt - ok
16:14:54.0696 2304 Netlogon - ok
16:14:54.0703 2304 Netman - ok
16:14:54.0710 2304 NetMsmqActivator - ok
16:14:54.0718 2304 NetPipeActivator - ok
16:14:54.0725 2304 netprofm - ok
16:14:54.0732 2304 NetTcpActivator - ok
16:14:54.0740 2304 NetTcpPortSharing - ok
16:14:54.0748 2304 nfrd960 - ok
16:14:54.0754 2304 NitroReaderDriverReadSpool2 - ok
16:14:54.0761 2304 NlaSvc - ok
16:14:54.0769 2304 Npfs - ok
16:14:54.0776 2304 nsi - ok
16:14:54.0783 2304 nsiproxy - ok
16:14:54.0790 2304 nSvcIp - ok
16:14:54.0801 2304 Ntfs - ok
16:14:54.0808 2304 NTIDrvr - ok
16:14:54.0816 2304 Null - ok
16:14:54.0823 2304 NVENETFD - ok
16:14:54.0830 2304 NVHDA - ok
16:14:54.0838 2304 nvlddmkm - ok
16:14:54.0844 2304 NVNET - ok
16:14:54.0855 2304 nvraid - ok
16:14:54.0862 2304 nvstor - ok
16:14:54.0869 2304 nvstor64 - ok
16:14:54.0876 2304 nvsvc - ok
16:14:54.0884 2304 nvUpdatusService - ok
16:14:54.0891 2304 nv_agp - ok
16:14:54.0899 2304 NwlnkFlt - ok
16:14:54.0906 2304 NwlnkFwd - ok
16:14:54.0913 2304 odserv - ok
16:14:54.0921 2304 ohci1394 - ok
16:14:54.0928 2304 ose - ok
16:14:54.0936 2304 osppsvc - ok
16:14:54.0946 2304 p2pimsvc - ok
16:14:54.0954 2304 p2psvc - ok
16:14:54.0961 2304 Parport - ok
16:14:54.0969 2304 partmgr - ok
16:14:54.0975 2304 PcaSvc - ok
16:14:54.0983 2304 pci - ok
16:14:54.0990 2304 pciide - ok
16:14:54.0997 2304 pcmcia - ok
16:14:55.0004 2304 PEAUTH - ok
16:14:55.0015 2304 PerfHost - ok
16:14:55.0033 2304 PGP RDD Service - ok
16:14:55.0039 2304 PGPdisk - ok
16:14:55.0046 2304 pgpfs - ok
16:14:55.0057 2304 PGPsdkDriver - ok
16:14:55.0065 2304 PGPserv - ok
16:14:55.0072 2304 PGPwded - ok
16:14:55.0080 2304 Pgpwdefs - ok
16:14:55.0089 2304 pla - ok
16:14:55.0096 2304 PlugPlay - ok
16:14:55.0103 2304 Pml Driver HPZ12 - ok
16:14:55.0110 2304 PNRPAutoReg - ok
16:14:55.0118 2304 PNRPsvc - ok
16:14:55.0124 2304 PolicyAgent - ok
16:14:55.0136 2304 PptpMiniport - ok
16:14:55.0142 2304 Processor - ok
16:14:55.0150 2304 ProfSvc - ok
16:14:55.0157 2304 ProtectedStorage - ok
16:14:55.0163 2304 PSched - ok
16:14:55.0171 2304 PSDFilter - ok
16:14:55.0178 2304 PSDNServ - ok
16:14:55.0185 2304 psdvdisk - ok
16:14:55.0192 2304 QBCFMonitorService - ok
16:14:55.0200 2304 QBFCService - ok
16:14:55.0207 2304 ql2300 - ok
16:14:55.0215 2304 ql40xx - ok
16:14:55.0222 2304 QWAVE - ok
16:14:55.0229 2304 QWAVEdrv - ok
16:14:55.0237 2304 RasAcd - ok
16:14:55.0243 2304 RasAuto - ok
16:14:55.0251 2304 Rasl2tp - ok
16:14:55.0258 2304 RasMan - ok
16:14:55.0265 2304 RasPppoe - ok
16:14:55.0272 2304 RasSstp - ok
16:14:55.0279 2304 rdbss - ok
16:14:55.0287 2304 RDPCDD - ok
16:14:55.0297 2304 rdpdr - ok
16:14:55.0305 2304 RDPENCDD - ok
16:14:55.0317 2304 RDPWD - ok
16:14:55.0323 2304 RemoteAccess - ok
16:14:55.0330 2304 RemoteRegistry - ok
16:14:55.0337 2304 RpcLocator - ok
16:14:55.0344 2304 RpcSs - ok
16:14:55.0351 2304 rspndr - ok
16:14:55.0358 2304 SamSs - ok
16:14:55.0366 2304 sbp2port - ok
16:14:55.0373 2304 SCardSvr - ok
16:14:55.0379 2304 Schedule - ok
16:14:55.0387 2304 SCPolicySvc - ok
16:14:55.0394 2304 SDRSVC - ok
16:14:55.0401 2304 secdrv - ok
16:14:55.0408 2304 seclogon - ok
16:14:55.0415 2304 SENS - ok
16:14:55.0422 2304 Serenum - ok
16:14:55.0429 2304 Serial - ok
16:14:55.0437 2304 sermouse - ok
16:14:55.0454 2304 SessionEnv - ok
16:14:55.0461 2304 sffdisk - ok
16:14:55.0469 2304 sffp_mmc - ok
16:14:55.0477 2304 sffp_sd - ok
16:14:55.0484 2304 sfloppy - ok
16:14:55.0491 2304 SharedAccess - ok
16:14:55.0498 2304 ShellHWDetection - ok
16:14:55.0505 2304 SiSRaid2 - ok
16:14:55.0512 2304 SiSRaid4 - ok
16:14:55.0520 2304 slsvc - ok
16:14:55.0527 2304 SLUINotify - ok
16:14:55.0534 2304 Smb - ok
16:14:55.0547 2304 SNMPTRAP - ok
16:14:55.0559 2304 spldr - ok
16:14:55.0563 2304 Spooler - ok
16:14:55.0571 2304 srv - ok
16:14:55.0577 2304 srv2 - ok
16:14:55.0585 2304 srvnet - ok
16:14:55.0592 2304 SSDPSRV - ok
16:14:55.0598 2304 SstpSvc - ok
16:14:55.0606 2304 stisvc - ok
16:14:55.0613 2304 swenum - ok
16:14:55.0620 2304 swprv - ok
16:14:55.0627 2304 Symc8xx - ok
16:14:55.0635 2304 Sym_hi - ok
16:14:55.0641 2304 Sym_u3 - ok
16:14:55.0648 2304 SysMain - ok
16:14:55.0656 2304 TabletInputService - ok
16:14:55.0662 2304 TapiSrv - ok
16:14:55.0671 2304 TBS - ok
16:14:55.0677 2304 Tcpip - ok
16:14:55.0685 2304 Tcpip6 - ok
16:14:55.0692 2304 tcpipreg - ok
16:14:55.0699 2304 TDPIPE - ok
16:14:55.0707 2304 TDTCP - ok
16:14:55.0713 2304 tdx - ok
16:14:55.0721 2304 TermDD - ok
16:14:55.0728 2304 TermService - ok
16:14:55.0736 2304 Themes - ok
16:14:55.0742 2304 THREADORDER - ok
16:14:55.0749 2304 TrkWks - ok
16:14:55.0757 2304 TrustedInstaller - ok
16:14:55.0768 2304 tssecsrv - ok
16:14:55.0774 2304 tunmp - ok
16:14:55.0781 2304 tunnel - ok
16:14:55.0789 2304 uagp35 - ok
16:14:55.0796 2304 UBHelper - ok
16:14:55.0803 2304 udfs - ok
16:14:55.0818 2304 UI0Detect - ok
16:14:55.0824 2304 uliagpkx - ok
16:14:55.0831 2304 uliahci - ok
16:14:55.0839 2304 UlSata - ok
16:14:55.0846 2304 ulsata2 - ok
16:14:55.0854 2304 umbus - ok
16:14:55.0861 2304 upnphost - ok
16:14:55.0872 2304 usbccgp - ok
16:14:55.0879 2304 usbcir - ok
16:14:55.0886 2304 usbehci - ok
16:14:55.0893 2304 usbhub - ok
16:14:55.0900 2304 usbohci - ok
16:14:55.0908 2304 usbprint - ok
16:14:55.0915 2304 usbscan - ok
16:14:55.0922 2304 USBSTOR - ok
16:14:55.0929 2304 usbuhci - ok
16:14:55.0937 2304 UxSms - ok
16:14:55.0943 2304 vds - ok
16:14:55.0950 2304 vga - ok
16:14:55.0958 2304 VgaSave - ok
16:14:55.0965 2304 viaide - ok
16:14:55.0972 2304 volmgr - ok
16:14:55.0976 2304 volmgrx - ok
16:14:55.0983 2304 volsnap - ok
16:14:56.0002 2304 vpnva - ok
16:14:56.0008 2304 vsmraid - ok
16:14:56.0014 2304 VSS - ok
16:14:56.0024 2304 W32Time - ok
16:14:56.0035 2304 WacomPen - ok
16:14:56.0042 2304 Wanarp - ok
16:14:56.0049 2304 Wanarpv6 - ok
16:14:56.0056 2304 wcncsvc - ok
16:14:56.0063 2304 WcsPlugInService - ok
16:14:56.0070 2304 Wd - ok
16:14:56.0077 2304 Wdf01000 - ok
16:14:56.0084 2304 WdiServiceHost - ok
16:14:56.0092 2304 WdiSystemHost - ok
16:14:56.0098 2304 WebClient - ok
16:14:56.0108 2304 Wecsvc - ok
16:14:56.0116 2304 wercplsupport - ok
16:14:56.0123 2304 WerSvc - ok
16:14:56.0130 2304 WinDefend - ok
16:14:56.0144 2304 WinHttpAutoProxySvc - ok
16:14:56.0152 2304 Winmgmt - ok
16:14:56.0159 2304 WinRM - ok
16:14:56.0173 2304 Wlansvc - ok
16:14:56.0180 2304 WmiAcpi - ok
16:14:56.0191 2304 wmiApSrv - ok
16:14:56.0198 2304 WMPNetworkSvc - ok
16:14:56.0206 2304 WPCSvc - ok
16:14:56.0212 2304 WPDBusEnum - ok
16:14:56.0219 2304 WPFFontCache_v0400 - ok
16:14:56.0227 2304 ws2ifsl - ok
16:14:56.0236 2304 wscsvc - ok
16:14:56.0241 2304 WSearch - ok
16:14:56.0251 2304 wuauserv - ok
16:14:56.0259 2304 WUDFRd - ok
16:14:56.0266 2304 wudfsvc - ok
16:14:56.0279 2304 ================ Scan global ===============================
16:14:56.0299 2304 [Global] - ok
16:14:56.0303 2304 ================ Scan MBR ==================================
16:14:56.0318 2304 [ D6AE2662C2CFEEFEE286D0A3948E2BF7 ] \Device\Harddisk0\DR0
16:14:56.0498 2304 \Device\Harddisk0\DR0 - ok
16:14:56.0499 2304 ================ Scan VBR ==================================
16:14:56.0502 2304 [ 0DB85FF2C73DBB916CEAC3FB6A8741E1 ] \Device\Harddisk0\DR0\Partition1
16:14:56.0503 2304 \Device\Harddisk0\DR0\Partition1 - ok
16:14:56.0522 2304 [ 95C5391B857A6A889E2AA884E437AFEE ] \Device\Harddisk0\DR0\Partition2
16:14:56.0522 2304 \Device\Harddisk0\DR0\Partition2 - ok
16:14:56.0523 2304 ============================================================
16:14:56.0523 2304 Scan finished
16:14:56.0523 2304 ============================================================
16:14:56.0534 1552 Detected object count: 0
16:14:56.0534 1552 Actual detected object count: 0

#4 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 03:55 PM

The Avast Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-05 15:44:29
-----------------------------
15:44:29.775 OS Version: Windows x64 6.0.6002 Service Pack 2
15:44:29.775 Number of processors: 2 586 0xF0D
15:44:29.775 ComputerName: MIKE-PC UserName: Mike
15:44:32.224 Initialize success
16:54:11.033 AVAST engine defs: 12090501
16:54:42.158 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
16:54:42.161 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
16:54:42.172 Disk 0 MBR read successfully
16:54:42.174 Disk 0 MBR scan
16:54:42.179 Disk 0 unknown MBR code
16:54:42.212 Disk 0 Partition 1 00 27 Hidden NTFS WinRE 20480 MB offset 2048
16:54:42.232 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 293413 MB offset 41945088
16:54:42.250 Disk 0 Partition 3 00 07 HPFS/NTFS 296583 MB offset 642854961
16:54:42.271 Disk 0 scanning C:\Windows\system32\drivers
16:54:42.274 Service scanning
16:55:07.792 Modules scanning
16:55:07.800 Disk 0 trace - called modules:
16:55:07.822 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
16:55:07.827 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d27790]
16:55:07.832 3 CLASSPNP.SYS[fffffa6000d99c33] -> nt!IofCallDriver -> [0xfffffa8004b83c00]
16:55:07.837 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\00000054[0xfffffa8004b832d0]
16:55:12.690 AVAST engine scan C:\Windows
16:55:12.709 AVAST engine scan C:\Windows\system32
16:55:12.718 AVAST engine scan C:\Windows\system32\drivers
16:55:12.725 AVAST engine scan C:\Users\Mike
16:55:12.745 AVAST engine scan C:\ProgramData
16:55:12.750 Scan finished successfully
16:55:38.646 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
16:55:38.653 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

#5 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 05:07 PM

List of found threats:

C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0011.dta Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_15.38.21\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 PM

Posted 05 September 2012 - 05:14 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 07:18 PM

Mini toolbox -

MiniToolBox by Farbar Version: 23-07-2012
Ran by Mike (administrator) on 05-09-2012 at 20:16:03
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































188.119.151.111 www.google-analytics.com.
188.119.151.111 ad-emea.doubleclick.net.
188.119.151.111 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mike-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dnanico1.aniconet.com
dnanico1.aniconet.com
dnanico1.aniconet.com
dnanico1.aniconet.com
dnanico1.aniconet.com
dnanico1.aniconet.com
dnanico1.aniconet.com
farmfamily.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2
Physical Address. . . . . . . . . : 00-21-97-63-BE-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dbf:1e1d:a69c:268%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.36(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 05, 2012 7:20:17 PM
Lease Expires . . . . . . . . . . : Thursday, September 06, 2012 7:20:17 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889623
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-39-F6-FA-00-21-97-63-BE-26
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com.dnanico1.aniconet.com
Addresses: 63.251.179.13
8.15.7.117



Pinging google.com [173.194.43.40] with 32 bytes of data:

Reply from 173.194.43.40: bytes=32 time=36ms TTL=55

Reply from 173.194.43.40: bytes=32 time=36ms TTL=55



Ping statistics for 173.194.43.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 36ms, Average = 36ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com.dnanico1.aniconet.com
Addresses: 63.251.179.13
8.15.7.117



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=151ms TTL=50

Reply from 98.139.183.24: bytes=32 time=79ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 151ms, Average = 115ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 97 63 be 26 ...... NVIDIA nForce 10/100/1000 Mbps Ethernet #2
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.36 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.36 276
192.168.1.36 255.255.255.255 On-link 192.168.1.36 276
192.168.1.255 255.255.255.255 On-link 192.168.1.36 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.36 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.36 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::dbf:1e1d:a69c:268/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\PGPlsp.dll [62520] (Symantec Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\PGPlsp.dll [62520] (Symantec Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\PGPlsp.dll [72344] (Symantec Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\PGPlsp.dll [72344] (Symantec Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2012 07:21:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 06:20:25 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.62.0.87, time stamp 0x4fc6d5ba, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000005, fault offset 0x0002ab11,
process id 0xcc0, application start time 0xmbam.exe0.

Error: (09/05/2012 03:42:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 03:32:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 03:25:17 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Adobe Reader 8.1.0; Hr = 0x800423f4).

Error: (09/05/2012 03:25:17 PM) (Source: SPP) (User: )
Description: Shadow copy creation failed because of error reported by ASR Writer.

More info: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted. (0x800703ED).

Error: (09/05/2012 03:24:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Adobe Reader 8.1.0; Hr = 0x800423f4).

Error: (09/05/2012 03:24:58 PM) (Source: SPP) (User: )
Description: Shadow copy creation failed because of error reported by ASR Writer.

More info: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted. (0x800703ED).

Error: (09/05/2012 03:07:02 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed AVG 2012; Hr = 0x800423f4).

Error: (09/05/2012 03:07:02 PM) (Source: SPP) (User: )
Description: Shadow copy creation failed because of error reported by ASR Writer.

More info: The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted. (0x800703ED).


System errors:
=============
Error: (09/05/2012 07:26:10 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (09/05/2012 03:25:19 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/05/2012 03:25:19 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/05/2012 03:25:19 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/05/2012 02:59:00 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.0.1526.0{64E8EC1F-601E-454C-BE4E-6B0F8FE76F32}2012-09-05T18:57:58.676Z2147650952Trojan:DOS/Alureon.E5Severe8Trojanhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=214765095210353%%818C:\Windows\System32\winlogon.exeNT AUTHORITY\SYSTEMboot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\1%%8451%%8130%%82232%%8090x80070032The request is not supported. 324To finish removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. NT AUTHORITY\SYSTEMAV: 1.135.449.0, AS: 1.135.449.0, NIS: 11.159.0.0AM: 1.1.8704.0, NIS: 2.0.8001.0

Error: (09/05/2012 02:52:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.0.1526.0{35B1A434-E473-476F-BD5B-D382C4B5D255}2012-09-05T18:51:45.901Z2147650952Trojan:DOS/Alureon.E5Severe8Trojanhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=214765095210353%%818C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMboot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\1%%8451%%8130%%82232%%8090x80070032The request is not supported. 324To finish removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. NT AUTHORITY\SYSTEMAV: 1.135.449.0, AS: 1.135.449.0, NIS: 11.159.0.0AM: 1.1.8704.0, NIS: 2.0.8001.0

Error: (09/05/2012 02:16:09 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (09/05/2012 02:15:39 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/31/2012 05:09:31 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.0.1526.0{5DB12B24-0A16-4A9A-9680-6616120BC55A}2012-08-29T21:01:00.499Z2147650952Trojan:DOS/Alureon.E5Severe8Trojanhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=214765095210453%%818C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMboot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17)1%%8451%%8130%%82233%%8080x800704ecThis program is blocked by group policy. For more information, contact your system administrator. 324To finish removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Mike-PC\MikeAV: 1.135.143.0, AS: 1.135.143.0, NIS: 11.159.0.0AM: 1.1.8704.0, NIS: 2.0.8001.0

Error: (08/29/2012 05:01:18 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.0.1526.0{7467705B-B4ED-407C-8AEC-FABDD73AE43E}2012-08-29T21:00:33.793Z2147650952Trojan:DOS/Alureon.E5Severe8Trojanhttp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.E&threatid=214765095210352%%820C:\Windows\System32\winlogon.exeNT AUTHORITY\SYSTEMboot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17)1%%8451%%8130%%82232%%8090x80070032The request is not supported. 324To finish removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. NT AUTHORITY\SYSTEMAV: 1.135.74.0, AS: 1.135.74.0, NIS: 11.159.0.0AM: 1.1.8704.0, NIS: 2.0.8001.0


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 1.0.0)
Agere Systems PCI-SV92EX Soft Modem
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
AVG 2012 (Version: 12.0.2437)
CCleaner (Version: 3.07)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
Juniper Citrix Services Client (Version: 6.5.0.14599)
Juniper Networks Cache Cleaner 6.3.0 (Version: 6.3.0.13881)
Juniper Networks Cache Cleaner 6.5.0 (Version: 6.5.0.15255)
Juniper Networks Secure Meeting 6.0.0 (Version: 6.0.0.12141)
Juniper Networks Setup Client (Version: 2.1.2.5973)
LSI PCI-SV92EX Soft Modem (Version: 2.2.100)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Nitro Reader 2 (Version: 2.4.1.15)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
PE585QAEncoder-64 (Version: 6.00.1918)
PGP Desktop (Version: 10.2.0.1672)
ZTE Handset USB Driver
ZTE Handset USB Driver (Version: 5.2066.1.9B04)

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 4094.32 MB
Available physical RAM: 1586.29 MB
Total Pagefile: 8393.93 MB
Available Pagefile: 5695.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.21 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:286.54 GB) (Free:230.08 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:289.63 GB) (Free:289.52 GB) NTFS

========================= Users: ========================================

User accounts for \\MIKE-PC

Administrator ASPNET Guest
Michelle Michelle2 Mike
UpdatusUser


**** End of log ****

#8 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 07:22 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Mike (administrator) on 05-09-2012 at 20:20:47
Running from "C:\Users\Mike\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:13] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 09:27] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-06-09 10:56] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-24 08:57] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 20:24] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-24 08:57] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#9 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 07:26 PM

# AdwCleaner v2.000 - Logfile created 09/05/2012 at 20:23:33
# Updated 30/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\Mike\AppData\Local\Temp\avg@toolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Mike\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-2940986081-1837407284-1162204830-1007\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v4.0.1 (en-US)

Profile name : default
File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ob8qm8k3.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B725948d7-3fe8-4194-8eab-7fbdf954bd93[...]

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\r3pjb7v1.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2771 octets] - [05/09/2012 20:23:33]

########## EOF - C:\AdwCleaner[S2].txt - [2831 octets] ##########

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 PM

Posted 05 September 2012 - 07:27 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#11 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 07:43 PM

I'm getting a message on Hosts Fixit:

the installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738.

Also, when I right click on cmd, there isn't an option to "run as administrator". Is that an issue?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 PM

Posted 05 September 2012 - 07:44 PM

Download hosts fixit again and try

#13 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 07:48 PM

Same error

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:54 PM

Posted 05 September 2012 - 07:50 PM

Press Windows+R key and type

cmd and click ok,run these two commands

cd c:\windows\system32
regsvr32 vbscript.dll


Now run the fixit

Edited by narenxp, 05 September 2012 - 07:51 PM.


#15 memond13

memond13
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 05 September 2012 - 07:54 PM

It said it succeeded, but I get the same error.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users