Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

meta.7search google redirect issue


  • This topic is locked This topic is locked
17 replies to this topic

#1 shpejtim

shpejtim

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 24 December 2012 - 01:25 PM

Hi.

My laptop has the issue of every now and then a google search being redirected to a spam website, through meta.7search.com. Doing research, I've noticed it's a hijacking malware which seems pretty tricky to remove, and neither malwarebytes, nor AVG have been able to solve it, and rkill doesn't terminate the process temporarily either.

Here are the DDS.txt and Attach.txt files:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.5.1
Run by Farzan at 18:17:29 on 2012-12-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2908.1098 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\regedit.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uProxyServer = 190.111.17.161:8080
uProxyOverride = local
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\users\farzan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{58C1ABBE-66CD-486D-AE8F-32CBA020E8F5} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\farzan\appdata\roaming\mozilla\firefox\profiles\4es1sa6a.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.ftp - 190.111.17.161
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 190.111.17.161
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 190.111.17.161
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 190.111.17.161
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\farzan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-04 10:43; streamconverter@adminportal.eu; c:\users\farzan\appdata\roaming\mozilla\firefox\profiles\4es1sa6a.default\extensions\streamconverter@adminportal.eu.xpi
FF - ExtSQL: 2012-11-04 10:43; youtubeunblocker@unblocker.yt; c:\users\farzan\appdata\roaming\mozilla\firefox\profiles\4es1sa6a.default\extensions\youtubeunblocker@unblocker.yt.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-8-26 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-7-15 106496]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-18 112128]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-24 40776]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-11-18 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-18 99216]
S3 Rdpahci;Rdpahci; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-6-23 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-6-23 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-6-23 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2011-6-23 100224]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-9-5 40960]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-12-24 17:25:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-24 17:13:45 -------- d-----w- c:\users\farzan\appdata\roaming\GetRightToGo
2012-12-23 12:23:32 -------- d-----w- c:\program files\ESET
2012-12-12 17:43:13 -------- d-----w- c:\program files\Xming
2012-12-01 18:25:41 -------- d-----w- C:\sean
2012-11-27 20:38:15 -------- d--h--w- C:\$AVG
2012-11-27 20:34:45 -------- d-----w- c:\users\farzan\appdata\roaming\Malwarebytes
2012-11-27 20:34:36 -------- d-----w- c:\programdata\Malwarebytes
2012-11-27 20:34:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-27 20:34:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-11-12 04:47:48 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-11-08 11:31:17 5642 --sha-w- c:\programdata\KGyGaAvL.sys
.
============= FINISH: 18:18:43.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 24 December 2012 - 01:38 PM

Hello shpejtim,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 24 December 2012 - 02:45 PM

I don't currently have a flash drive, but I could probably obtain one if needed.

Cheers,

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 25 December 2012 - 02:22 PM

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 26 December 2012 - 08:41 AM

Hi,

Here is the FRST.txt log file

Cheers,

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 26-12-2012 13:34:32
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x]
HKLM\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [438272 2007-09-19] (TOSHIBA)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM\...\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-05-20] (TOSHIBA Corporation.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [509816 2008-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [727608 2008-09-24] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA [20480 2008-05-28] ( )
HKLM\...\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [184320 2007-12-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-09-26] (Chicony)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-10] (Toshiba)
HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START [105632 2009-12-16] (Corel)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
HKU\Farzan\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
HKU\Farzan\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [940944 2011-06-09] (Samsung)
HKU\Farzan\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-06-09] (Samsung Electronics Co., Ltd.)
HKU\Farzan\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-06-09] ()
HKU\Farzan\...\Run: [Google Update] "C:\Users\Farzan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-26] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2012-09-21] ()
2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
4 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-09-05] (TOSHIBA CORPORATION)
3 SmartFaceVWatchSrv; "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" [77824 2008-08-25] (Toshiba)
2 TempoMonitoringService; "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe" [99720 2008-08-26] (Toshiba Europe GmbH)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [431456 2008-08-18] (TOSHIBA Corporation)
2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [106496 2008-07-15] (TOSHIBA Corporation)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [53408 2009-12-16] (Ulead Systems, Inc.)
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]
2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]

==================== Drivers (Whitelisted) ====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-21] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-09] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-11] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-20] (MCCI)
3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-20] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-20] (MCCI Corporation)
3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-20] (MCCI Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 Rdpahci; [x]
3 Tosrfcom; [x]
3 TpChoice; C:\Windows\System32\DRIVERS\TpChoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-26 13:34 - 2012-12-26 13:34 - 00000000 ____D C:\FRST
2012-12-25 14:26 - 2012-12-25 14:26 - 00908046 ____A (Farbar) C:\Users\Farzan\Desktop\FRST.exe
2012-12-24 10:23 - 2012-12-24 10:23 - 00003059 ____A C:\Users\Farzan\Desktop\attach.rar
2012-12-24 10:18 - 2012-12-24 10:18 - 00014903 ____A C:\Users\Farzan\Desktop\dds.txt
2012-12-24 10:18 - 2012-12-24 10:18 - 00007707 ____A C:\Users\Farzan\Desktop\attach.txt
2012-12-24 10:12 - 2012-12-24 10:13 - 00688992 ____R (Swearware) C:\Users\Farzan\Desktop\dds.com
2012-12-24 09:14 - 2012-12-24 09:14 - 00000606 ____A C:\Users\Farzan\Desktop\Resume Exterminate It!.lnk
2012-12-24 09:13 - 2012-12-24 09:14 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\GetRightToGo
2012-12-24 09:13 - 2012-12-24 09:13 - 00361666 ____A (RegNow.com) C:\Users\Farzan\Desktop\Download_ExterminateItSetup-swpl.exe
2012-12-23 04:23 - 2012-12-23 04:23 - 00001470 ____A C:\Users\Farzan\Desktop\GooredFix.txt
2012-12-23 04:23 - 2012-12-23 04:23 - 00000000 ____D C:\Users\Farzan\Desktop\GooredFix Backups
2012-12-23 04:23 - 2012-12-23 04:23 - 00000000 ____D C:\Program Files\ESET
2012-12-23 04:22 - 2012-12-23 04:22 - 00071398 ____A (jpshortstuff) C:\Users\Farzan\Desktop\GooredFix.exe
2012-12-23 04:05 - 2012-12-23 04:08 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Farzan\Desktop\tdsskiller.exe
2012-12-23 03:48 - 2012-12-24 09:49 - 00002688 ____A C:\Users\Farzan\Desktop\Rkill.txt
2012-12-23 03:22 - 2012-12-23 03:33 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Farzan\Desktop\rkill.exe
2012-12-23 03:01 - 2012-12-23 03:01 - 00000000 ____D C:\Users\Farzan\Downloads\I Want Someone To Eat Cheese With 2006 LIMITED DVDRip XviD-rizla
2012-12-13 17:17 - 2012-12-13 17:17 - 05061166 ____A C:\Users\Farzan\Documents\Researchdraft.rar
2012-12-13 05:38 - 2012-12-13 13:18 - 00000000 ____D C:\Users\Farzan\Desktop\David
2012-12-13 05:38 - 2012-12-13 05:38 - 00485412 ____A C:\Users\Farzan\Desktop\David.zip
2012-12-12 09:43 - 2012-12-12 09:43 - 00000000 ____D C:\Program Files\Xming
2012-12-12 09:42 - 2012-12-12 09:42 - 02204914 ____A (Colin Harrison ) C:\Users\Farzan\Downloads\Xming-6-9-0-31-setup.exe
2012-12-12 07:05 - 2012-12-12 07:05 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-12-12 07:05 - 2012-12-12 07:05 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-12-11 12:01 - 2012-12-13 08:05 - 00719872 ____A C:\Users\Farzan\Documents\polymerspresentation.ppt
2012-12-08 15:32 - 2012-12-08 15:32 - 00407552 ____A C:\Users\Farzan\Documents\reggiecard.pub
2012-12-02 12:38 - 2012-12-02 12:38 - 00013824 ____A C:\Users\Farzan\Documents\powerlawvel.xls
2012-12-02 10:25 - 2012-12-02 10:35 - 01812480 ____A C:\Users\Farzan\Desktop\Research Presentation.ppt
2012-12-01 10:25 - 2012-12-01 14:23 - 00000000 ____D C:\sean
2012-12-01 06:45 - 2012-12-02 07:51 - 00558592 ____A C:\Users\Farzan\Documents\researchpres.ppt
2012-12-01 04:24 - 2012-12-02 04:24 - 00000000 ____D C:\Users\Farzan\Desktop\PuTTY
2012-11-30 05:15 - 2012-12-14 05:42 - 00000000 ____D C:\Users\Farzan\Documents\Researchdraft
2012-11-30 05:03 - 2012-11-30 05:15 - 00091814 ____A C:\Users\Farzan\Documents\research2.synctex.gz
2012-11-28 08:51 - 2012-11-28 08:53 - 00000000 ____D C:\Users\Farzan\Downloads\becky
2012-11-28 08:37 - 2012-11-30 05:15 - 00045652 ____A C:\Users\Farzan\Documents\research2.dvi
2012-11-28 08:37 - 2012-11-30 05:15 - 00043450 ____A C:\Users\Farzan\Documents\research2.log
2012-11-28 08:37 - 2012-11-30 05:15 - 00032327 ____A C:\Users\Farzan\Documents\research2.tex
2012-11-28 08:37 - 2012-11-30 05:15 - 00002691 ____A C:\Users\Farzan\Documents\research2.aux
2012-11-28 08:37 - 2012-11-30 05:15 - 00001372 ____A C:\Users\Farzan\Documents\research2.toc
2012-11-28 08:37 - 2012-11-30 05:15 - 00000000 ____A C:\Users\Farzan\Documents\research2.spl
2012-11-28 06:54 - 2012-11-28 08:36 - 00050083 ____A C:\Users\Farzan\Documents\research0.synctex.gz
2012-11-28 06:24 - 2012-11-28 08:36 - 00026100 ____A C:\Users\Farzan\Documents\research0.dvi
2012-11-28 06:24 - 2012-11-28 08:36 - 00001566 ____A C:\Users\Farzan\Documents\research0.aux
2012-11-28 06:24 - 2012-11-28 08:36 - 00000820 ____A C:\Users\Farzan\Documents\research0.toc
2012-11-28 06:24 - 2012-11-28 08:36 - 00000000 ____A C:\Users\Farzan\Documents\research0.spl
2012-11-27 13:55 - 2012-11-28 08:36 - 00019689 ____A C:\Users\Farzan\Documents\research0.tex
2012-11-27 13:02 - 2012-11-27 13:07 - 00005809 ____A C:\Users\Farzan\Documents\research1.log
2012-11-27 13:02 - 2012-11-27 13:07 - 00000777 ____A C:\Users\Farzan\Documents\research1.tex
2012-11-27 13:02 - 2012-11-27 13:07 - 00000009 ____A C:\Users\Farzan\Documents\research1.aux
2012-11-27 13:02 - 2012-11-27 13:07 - 00000000 ____A C:\Users\Farzan\Documents\research1.spl
2012-11-27 13:02 - 2012-11-27 13:02 - 00000300 ____A C:\Users\Farzan\Documents\research1.blg
2012-11-27 13:02 - 2012-11-27 13:02 - 00000000 ____A C:\Users\Farzan\Documents\research1.bbl
2012-11-27 12:38 - 2012-11-27 12:38 - 00000000 ___HD C:\$AVG
2012-11-27 12:34 - 2012-12-24 13:32 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-27 12:34 - 2012-11-27 12:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Farzan\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-27 12:34 - 2012-11-27 12:34 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-27 12:34 - 2012-11-27 12:34 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\Malwarebytes
2012-11-27 12:34 - 2012-11-27 12:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-27 12:34 - 2012-09-29 11:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-27 10:16 - 2012-11-27 10:20 - 00000698 ____A C:\Users\Farzan\Desktop\texput.log
2012-11-27 10:15 - 2012-11-27 10:20 - 00003368 ____A C:\Users\Farzan\Desktop\icldt.ins
2012-11-27 10:15 - 2012-11-27 10:17 - 00019022 ____A C:\Users\Farzan\Desktop\icldt.dtx
2012-11-27 09:49 - 2012-11-27 09:49 - 00204037 ____A C:\Users\Farzan\Documents\ICAb pub quiz xmas 2012.pptx

==================== One Month Modified Files and Folders ========

2012-12-26 05:31 - 2011-06-21 08:31 - 01181966 ____A C:\Windows\WindowsUpdate.log
2012-12-26 05:31 - 2006-11-02 05:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-26 05:31 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-26 05:31 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-26 05:31 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-26 05:31 - 2006-11-02 02:33 - 00755222 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-26 05:30 - 2011-07-26 01:31 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1324707172-971861642-3330005247-1000UA.job
2012-12-26 03:02 - 2011-06-21 08:42 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-12-26 02:59 - 2006-11-02 04:52 - 00062036 ____A C:\Windows\setupact.log
2012-12-25 14:26 - 2012-12-25 14:26 - 00908046 ____A (Farbar) C:\Users\Farzan\Desktop\FRST.exe
2012-12-24 13:32 - 2012-11-27 12:34 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-24 13:02 - 2008-01-20 18:47 - 00017796 ____A C:\Windows\PFRO.log
2012-12-24 13:02 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\security
2012-12-24 10:23 - 2012-12-24 10:23 - 00003059 ____A C:\Users\Farzan\Desktop\attach.rar
2012-12-24 10:18 - 2012-12-24 10:18 - 00014903 ____A C:\Users\Farzan\Desktop\dds.txt
2012-12-24 10:18 - 2012-12-24 10:18 - 00007707 ____A C:\Users\Farzan\Desktop\attach.txt
2012-12-24 10:13 - 2012-12-24 10:12 - 00688992 ____R (Swearware) C:\Users\Farzan\Desktop\dds.com
2012-12-24 09:49 - 2012-12-23 03:48 - 00002688 ____A C:\Users\Farzan\Desktop\Rkill.txt
2012-12-24 09:14 - 2012-12-24 09:14 - 00000606 ____A C:\Users\Farzan\Desktop\Resume Exterminate It!.lnk
2012-12-24 09:14 - 2012-12-24 09:13 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\GetRightToGo
2012-12-24 09:13 - 2012-12-24 09:13 - 00361666 ____A (RegNow.com) C:\Users\Farzan\Desktop\Download_ExterminateItSetup-swpl.exe
2012-12-23 04:23 - 2012-12-23 04:23 - 00001470 ____A C:\Users\Farzan\Desktop\GooredFix.txt
2012-12-23 04:23 - 2012-12-23 04:23 - 00000000 ____D C:\Users\Farzan\Desktop\GooredFix Backups
2012-12-23 04:23 - 2012-12-23 04:23 - 00000000 ____D C:\Program Files\ESET
2012-12-23 04:22 - 2012-12-23 04:22 - 00071398 ____A (jpshortstuff) C:\Users\Farzan\Desktop\GooredFix.exe
2012-12-23 04:10 - 2012-08-14 12:14 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\uTorrent
2012-12-23 04:08 - 2012-12-23 04:05 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Farzan\Desktop\tdsskiller.exe
2012-12-23 03:33 - 2012-12-23 03:22 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Farzan\Desktop\rkill.exe
2012-12-23 03:01 - 2012-12-23 03:01 - 00000000 ____D C:\Users\Farzan\Downloads\I Want Someone To Eat Cheese With 2006 LIMITED DVDRip XviD-rizla
2012-12-23 02:00 - 2011-07-26 01:31 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1324707172-971861642-3330005247-1000Core.job
2012-12-16 13:04 - 2012-10-08 07:10 - 00000600 ____A C:\Users\Farzan\AppData\Local\PUTTY.RND
2012-12-16 03:30 - 2011-07-19 07:49 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\vlc
2012-12-15 18:02 - 2011-06-21 09:04 - 00000000 ____D C:\Users\Farzan\Documents\Work
2012-12-15 07:17 - 2012-07-20 10:17 - 00000600 ____A C:\Users\Farzan\AppData\Roaming\winscp.rnd
2012-12-14 05:42 - 2012-11-30 05:15 - 00000000 ____D C:\Users\Farzan\Documents\Researchdraft
2012-12-13 20:41 - 2011-11-26 12:02 - 00000000 ____D C:\Games
2012-12-13 17:17 - 2012-12-13 17:17 - 05061166 ____A C:\Users\Farzan\Documents\Researchdraft.rar
2012-12-13 13:18 - 2012-12-13 05:38 - 00000000 ____D C:\Users\Farzan\Desktop\David
2012-12-13 08:05 - 2012-12-11 12:01 - 00719872 ____A C:\Users\Farzan\Documents\polymerspresentation.ppt
2012-12-13 05:38 - 2012-12-13 05:38 - 00485412 ____A C:\Users\Farzan\Desktop\David.zip
2012-12-13 04:18 - 2012-05-22 23:09 - 00000680 ____A C:\Users\Farzan\AppData\Local\d3d9caps.dat
2012-12-12 12:25 - 2012-10-08 07:02 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\FileZilla
2012-12-12 10:11 - 2012-10-12 02:37 - 00000000 ____D C:\Users\Farzan\Downloads\putty
2012-12-12 09:43 - 2012-12-12 09:43 - 00000000 ____D C:\Program Files\Xming
2012-12-12 09:42 - 2012-12-12 09:42 - 02204914 ____A (Colin Harrison ) C:\Users\Farzan\Downloads\Xming-6-9-0-31-setup.exe
2012-12-12 07:05 - 2012-12-12 07:05 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-12-12 07:05 - 2012-12-12 07:05 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-12-11 14:49 - 2012-10-08 09:43 - 00000000 ____D C:\Users\Farzan\Documents\Research
2012-12-08 15:32 - 2012-12-08 15:32 - 00407552 ____A C:\Users\Farzan\Documents\reggiecard.pub
2012-12-03 09:10 - 2012-11-25 02:52 - 00014848 ____A C:\Users\Farzan\Documents\Xmas Dinner.xls
2012-12-02 12:38 - 2012-12-02 12:38 - 00013824 ____A C:\Users\Farzan\Documents\powerlawvel.xls
2012-12-02 10:35 - 2012-12-02 10:25 - 01812480 ____A C:\Users\Farzan\Desktop\Research Presentation.ppt
2012-12-02 07:51 - 2012-12-01 06:45 - 00558592 ____A C:\Users\Farzan\Documents\researchpres.ppt
2012-12-02 04:24 - 2012-12-01 04:24 - 00000000 ____D C:\Users\Farzan\Desktop\PuTTY
2012-12-02 03:52 - 2012-09-20 08:22 - 00000000 ____D C:\Users\Farzan\Desktop\New Folder
2012-12-01 14:23 - 2012-12-01 10:25 - 00000000 ____D C:\sean
2012-11-30 05:15 - 2012-11-30 05:03 - 00091814 ____A C:\Users\Farzan\Documents\research2.synctex.gz
2012-11-30 05:15 - 2012-11-28 08:37 - 00045652 ____A C:\Users\Farzan\Documents\research2.dvi
2012-11-30 05:15 - 2012-11-28 08:37 - 00043450 ____A C:\Users\Farzan\Documents\research2.log
2012-11-30 05:15 - 2012-11-28 08:37 - 00032327 ____A C:\Users\Farzan\Documents\research2.tex
2012-11-30 05:15 - 2012-11-28 08:37 - 00002691 ____A C:\Users\Farzan\Documents\research2.aux
2012-11-30 05:15 - 2012-11-28 08:37 - 00001372 ____A C:\Users\Farzan\Documents\research2.toc
2012-11-30 05:15 - 2012-11-28 08:37 - 00000000 ____A C:\Users\Farzan\Documents\research2.spl
2012-11-30 03:33 - 2012-11-23 08:04 - 00637952 ____A C:\Users\Farzan\Documents\xmasdinner.pub
2012-11-29 13:56 - 2011-06-21 12:21 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\Skype
2012-11-28 08:53 - 2012-11-28 08:51 - 00000000 ____D C:\Users\Farzan\Downloads\becky
2012-11-28 08:36 - 2012-11-28 06:54 - 00050083 ____A C:\Users\Farzan\Documents\research0.synctex.gz
2012-11-28 08:36 - 2012-11-28 06:24 - 00026100 ____A C:\Users\Farzan\Documents\research0.dvi
2012-11-28 08:36 - 2012-11-28 06:24 - 00001566 ____A C:\Users\Farzan\Documents\research0.aux
2012-11-28 08:36 - 2012-11-28 06:24 - 00000820 ____A C:\Users\Farzan\Documents\research0.toc
2012-11-28 08:36 - 2012-11-28 06:24 - 00000000 ____A C:\Users\Farzan\Documents\research0.spl
2012-11-28 08:36 - 2012-11-27 13:55 - 00019689 ____A C:\Users\Farzan\Documents\research0.tex
2012-11-27 13:49 - 2012-07-17 08:46 - 00004918 ____A C:\Users\Farzan\Documents\test.synctex.gz
2012-11-27 13:49 - 2012-07-11 10:23 - 00017733 ____A C:\Users\Farzan\Documents\test.log
2012-11-27 13:49 - 2012-07-11 10:23 - 00000525 ____A C:\Users\Farzan\Documents\test.aux
2012-11-27 13:07 - 2012-11-27 13:02 - 00005809 ____A C:\Users\Farzan\Documents\research1.log
2012-11-27 13:07 - 2012-11-27 13:02 - 00000777 ____A C:\Users\Farzan\Documents\research1.tex
2012-11-27 13:07 - 2012-11-27 13:02 - 00000009 ____A C:\Users\Farzan\Documents\research1.aux
2012-11-27 13:07 - 2012-11-27 13:02 - 00000000 ____A C:\Users\Farzan\Documents\research1.spl
2012-11-27 13:02 - 2012-11-27 13:02 - 00000300 ____A C:\Users\Farzan\Documents\research1.blg
2012-11-27 13:02 - 2012-11-27 13:02 - 00000000 ____A C:\Users\Farzan\Documents\research1.bbl
2012-11-27 12:38 - 2012-11-27 12:38 - 00000000 ___HD C:\$AVG
2012-11-27 12:34 - 2012-11-27 12:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Farzan\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-27 12:34 - 2012-11-27 12:34 - 00000911 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-27 12:34 - 2012-11-27 12:34 - 00000000 ____D C:\Users\Farzan\AppData\Roaming\Malwarebytes
2012-11-27 12:34 - 2012-11-27 12:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-27 10:20 - 2012-11-27 10:16 - 00000698 ____A C:\Users\Farzan\Desktop\texput.log
2012-11-27 10:20 - 2012-11-27 10:15 - 00003368 ____A C:\Users\Farzan\Desktop\icldt.ins
2012-11-27 10:17 - 2012-11-27 10:15 - 00019022 ____A C:\Users\Farzan\Desktop\icldt.dtx
2012-11-27 09:49 - 2012-11-27 09:49 - 00204037 ____A C:\Users\Farzan\Documents\ICAb pub quiz xmas 2012.pptx


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-21 09:55:40
Restore point made on: 2012-12-22 04:59:37
Restore point made on: 2012-12-23 02:44:38
Restore point made on: 2012-12-24 06:32:10
Restore point made on: 2012-12-25 03:19:37

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3931.96 MB
Available physical RAM: 3409.78 MB
Total Pagefile: 3605.05 MB
Available Pagefile: 3459.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Partitions =============================

1 Drive c: (Vista) (Fixed) (Total:116.21 GB) (Free:25.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:115.21 GB) (Free:52.73 GB) NTFS
3 Drive e: (CD2) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
4 Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
5 Drive g: () (Removable) (Total:1.91 GB) (Free:1.74 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 116 GB 1501 MB
Partition 3 Primary 115 GB 118 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F WinRE NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Vista NTFS Partition 116 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 115 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1960 MB 312 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT Removable 1960 MB Healthy

=========================================================

Last Boot: 2012-12-26 03:02

==================== End Of Log ============================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 26 December 2012 - 11:54 AM

1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 26 December 2012 - 02:24 PM

Here are the log files from the 2 processes:

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 19:20:18
# Updated 25/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Farzan - FARZAN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Farzan\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Farzan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-GB)

File : C:\Users\Farzan\AppData\Roaming\Mozilla\Firefox\Profiles\4es1sa6a.default\prefs.js

Found : user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Farzan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1633 octets] - [26/12/2012 19:20:18]

########## EOF - C:\AdwCleaner[R1].txt - [1693 octets] ##########

=========================================================

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Farzan [Admin rights]
Mode : Scan -- Date : 12/26/2012 19:22:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (190.111.17.161:8080) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] 7d6e496b9e79e4c965b596d5842745d1
[BSP] 0b66eccbfc7017e818b5d681c2f25cd3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246786048 | Size: 117973 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] ec94add582287791882a796e4a41b2fd
[BSP] 5cc2b6bdaaaf46e9516eb4611d57181e : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 624 | Size: 1959 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12262012_02d1922.txt >>
RKreport[1]_S_12262012_02d1922.txt

#8 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 26 December 2012 - 02:45 PM

Having done about 10 or so searches, I haven't been redirected since doing those scans. But I don't know whether that translates to my laptop being fixed or not.

#9 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 26 December 2012 - 02:55 PM

Scratch that, just got redirected again...

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 26 December 2012 - 04:35 PM

1.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

2.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Fix Proxy
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Things to include in your next reply::
ADWCleaner log
Roguekiller log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 26 December 2012 - 05:04 PM

Here are the requested logs again.

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 21:42:04
# Updated 25/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Farzan - FARZAN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Farzan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Farzan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-GB)

File : C:\Users\Farzan\AppData\Roaming\Mozilla\Firefox\Profiles\4es1sa6a.default\prefs.js

Deleted : user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Farzan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1762 octets] - [26/12/2012 19:20:18]
AdwCleaner[S1].txt - [1713 octets] - [26/12/2012 21:42:04]

########## EOF - C:\AdwCleaner[S1].txt - [1773 octets] ##########

==============================================

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Farzan [Admin rights]
Mode : ProxyFix -- Date : 12/26/2012 21:51:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (190.111.17.161:8080) -> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤

Finished : << RKreport[4]_PR_12262012_02d2151.txt >>
RKreport[1]_S_12262012_02d1922.txt ; RKreport[2]_S_12262012_02d1926.txt ; RKreport[3]_D_12262012_02d1929.txt ; RKreport[4]_PR_12262012_02d2151.txt

My laptop is still experiencing the redirect problems

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 26 December 2012 - 05:22 PM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



Things to include in your next reply:;
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 shpejtim

shpejtim
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 29 December 2012 - 06:27 AM

Hi,

Here are the log files (I've had to attach the TDSSkiller one as it was too long)

ComboFix 12-12-29.02 - Farzan 29/12/2012 11:04:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2908.1917 [GMT 0:00]
Running from: c:\users\Farzan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EFCA9741C9.sys
c:\users\Farzan\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Farzan\Documents\~WRL1672.tmp
c:\windows\system32\muzapp.exe
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-29 11:10 . 2012-12-29 11:14 -------- d-----w- c:\users\Farzan\AppData\Local\temp
2012-12-29 11:10 . 2012-12-29 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-26 21:34 . 2012-12-26 21:34 -------- d-----w- C:\FRST
2012-12-24 17:13 . 2012-12-24 17:14 -------- d-----w- c:\users\Farzan\AppData\Roaming\GetRightToGo
2012-12-23 12:23 . 2012-12-23 12:23 -------- d-----w- c:\program files\ESET
2012-12-12 17:43 . 2012-12-12 17:43 -------- d-----w- c:\program files\Xming
2012-12-12 15:05 . 2012-12-12 15:05 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-01 18:25 . 2012-12-01 22:23 -------- d-----w- C:\sean
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-12 04:47 . 2012-11-12 04:47 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-11-08 11:31 . 2011-06-21 20:54 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-02 17:25 . 2011-06-21 16:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-07-04 430080]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-09 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-09 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"NDSTray.exe"="NDSTray.exe" [BU]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-05-20 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-08-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-09-24 727608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-13 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-13 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-13 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-9-21 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 09:55 1242448 ----a-w- c:\program files\Steam\steam.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1324707172-971861642-3330005247-1000Core.job
- c:\users\Farzan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 09:31]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1324707172-971861642-3330005247-1000UA.job
- c:\users\Farzan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Farzan\AppData\Roaming\Mozilla\Firefox\Profiles\4es1sa6a.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.ftp - 190.111.17.161
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 190.111.17.161
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 190.111.17.161
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 190.111.17.161
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-04 10:43; streamconverter@adminportal.eu; c:\users\Farzan\AppData\Roaming\Mozilla\Firefox\Profiles\4es1sa6a.default\extensions\streamconverter@adminportal.eu.xpi
FF - ExtSQL: 2012-11-04 10:43; youtubeunblocker@unblocker.yt; c:\users\Farzan\AppData\Roaming\Mozilla\Firefox\Profiles\4es1sa6a.default\extensions\youtubeunblocker@unblocker.yt.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-23264595.sys
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-29 11:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????$h7:????X?U???U???U???U?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1324707172-971861642-3330005247-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="e:\\FM Genie Scout 12\\games"
"ShortlistDir"="e:\\FM Genie Scout 12\\shortlists"
"FMPath"=""
"ScreenshotsDir"="e:\\FM Genie Scout 12"
"SaveDir"="e:\\FM Genie Scout 12\\"
"HistoryDir"="e:\\FM Genie Scout 12\\History Points"
"LangDB"="e:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Farzan\\Documents\\Sports Interactive\\Football Manager 2011\\games\\One.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a091
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000ce
"UniqueID"="E5-8B80-EE6F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000001
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000001
"GameLoadedCounter"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2920)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG10\avgwdsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\igfxext.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-12-29 11:18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-29 11:18
.
Pre-Run: 30,344,761,344 bytes free
Post-Run: 49,781,223,424 bytes free
.
- - End Of File - - 7FF8CB4B1803D87EDAF70686DD4DC831

==================================================

The computer seems to be running better now, there isn't a lag when I click on a link suggesting there's no more redirection, and I haven't been redirected in about 10 searches, but obviously it is a probability thing, so I'll keep using it as normal and will update you if the redirections begin again.

Cheers,

Attached Files



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 29 December 2012 - 11:25 AM

Hello,

Glad to here things are better. Let's run a couple other scanners to make sure no leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:48 PM

Posted 31 December 2012 - 12:25 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users