Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After remove of Incredibar, blinking screen in safe mode


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jacy66

Jacy66

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 30 March 2013 - 05:14 PM

N,B.: This post replace "Slow computer in normal mode" in "Am I infected? What do I do?" category

 

As requested, here is my dds.txt and attach.txt files

 

It all started when computer became slow... I than ran spybot S&D which reported IncrediBar (can't even remember if it was a trojan, hijack or anything else)... 

 

Got ride of it... thinking it was an easy one but... it doesn't solve my problem...

 

Cannot even get in normal mode anymore...

 

dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 10.4.0
Run by Alex at 18:01:59 on 2013-03-30
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.4094.3403 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Steam] "D:\Steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat
uRunOnce: [Report] C:\AdwCleaner[S3].txt
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{715945EE-1768-4611-B9EB-7A9C6EE5F924} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{83C2A1CC-B5E3-4CAA-BF7E-63AA73AF74B9} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E3FF274B-D41C-4DF1-9EDC-EA3E7400B34C} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
LSA: Notification Packages =  scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2008-12-9 16440]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-29 39768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-28 4745216]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2008-12-9 14904]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-23 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-3-9 42000]
S2 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-3-9 900360]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-29 990896]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2009-8-13 556544]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2008-9-19 30192]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-5-23 89920]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-03-30 15:06:42 2490 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-03-30 13:46:37 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-03-29 15:17:26 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-03-14 07:04:58 72013344 ----a-w- C:\Windows\System32\mrt.exe
2013-02-27 03:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-02-26 01:55:50 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-14 07:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-02-08 08:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-02-08 08:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-02-08 08:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-02-08 08:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-02-08 08:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-02-01 04:09:32 1032192 ----a-w- C:\Windows\System32\wininet.dll
2013-02-01 04:09:20 1428992 ----a-w- C:\Windows\System32\urlmon.dll
2013-02-01 04:09:20 108544 ----a-w- C:\Windows\System32\url.dll
2013-02-01 04:08:03 1129984 ----a-w- C:\Windows\System32\mstime.dll
2013-02-01 04:07:55 761856 ----a-w- C:\Windows\System32\mshtmled.dll
2013-02-01 04:07:55 623616 ----a-w- C:\Windows\System32\msfeeds.dll
2013-02-01 04:07:55 5725696 ----a-w- C:\Windows\System32\mshtml.dll
2013-02-01 04:07:29 32256 ----a-w- C:\Windows\System32\jsproxy.dll
2013-02-01 04:07:18 224768 ----a-w- C:\Windows\System32\ieui.dll
2013-02-01 04:07:17 7050752 ----a-w- C:\Windows\System32\ieframe.dll
2013-02-01 04:07:17 375808 ----a-w- C:\Windows\System32\iertutil.dll
2013-02-01 04:07:17 249856 ----a-w- C:\Windows\System32\iepeers.dll
2013-02-01 04:07:16 422400 ----a-w- C:\Windows\System32\ieapfltr.dll
2013-02-01 03:51:59 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-01 03:51:49 1176576 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-02-01 03:51:49 106496 ----a-w- C:\Windows\SysWow64\url.dll
2013-02-01 03:50:26 671232 ----a-w- C:\Windows\SysWow64\mstime.dll
2013-02-01 03:50:15 479232 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-02-01 03:50:14 3621888 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-02-01 03:50:13 498688 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-02-01 03:49:53 27648 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-02-01 03:49:44 6118400 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-02-01 03:49:44 380928 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2013-02-01 03:49:44 270336 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-02-01 03:49:44 193024 ----a-w- C:\Windows\SysWow64\iepeers.dll
2013-02-01 03:49:44 180736 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-02-01 02:51:51 485376 ----a-w- C:\Windows\System32\html.iec
2013-02-01 02:14:02 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-01 02:13:09 389632 ----a-w- C:\Windows\SysWow64\html.iec
2013-02-01 01:48:04 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys
2012-09-10 04:30:38 293776 ----a-w- C:\Program Files (x86)\iTunesOutlookAddIn.dll
2012-09-10 04:30:34 421776 ----a-w- C:\Program Files (x86)\iTunesHelper.exe
2012-09-10 04:30:34 403344 ----a-w- C:\Program Files (x86)\iTunesAdmin.dll
2012-09-10 04:30:34 156560 ----a-w- C:\Program Files (x86)\iTunesHelper.dll
2012-09-10 04:30:28 9777040 ----a-w- C:\Program Files (x86)\iTunes.exe
2012-09-10 04:30:24 21131152 ----a-w- C:\Program Files (x86)\iTunes.dll
2012-09-10 04:30:22 776216 ----a-w- C:\Program Files (x86)\gnsdk_sdkmanager.dll
2012-09-10 04:30:22 3008536 ----a-w- C:\Program Files (x86)\gnsdk_dsp.dll
2012-09-10 04:30:22 262680 ----a-w- C:\Program Files (x86)\gnsdk_submit.dll
2012-09-10 04:30:22 219672 ----a-w- C:\Program Files (x86)\gnsdk_musicid.dll
2012-08-09 00:15:32 112528 ----a-w- C:\Program Files (x86)\ITDetector.ocx
2008-07-02 03:28:38 61440 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
.
============= FINISH: 18:03:27.19 ===============
 

Attached Files


Edited by Jacy66, 30 March 2013 - 05:26 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 30 March 2013 - 05:57 PM

Greetings Jacy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 30 March 2013 - 06:21 PM

Hi Jacy,

Thank you for patiently waiting while I review your information.

Please consider and perform the below.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Clean Boot
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Did your computer boot into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 31 March 2013 - 03:43 PM

Hi there,

 

I was monitoring my post all evening yesterday and did'nt saw your reply... that's why it took me so long before I react... I wonder why I did not receive an email notification...

 

Anyway, now I can see your answer (sorry for the extra mail I've sent you... didn't meen to rush you... :orange: )

 

 

I'm aware of the risk for the bit torrent... and I will make sure my son (yes, it is my son's computer!!!) will remove it (or manage his pc by himself!) :nono: as soon as this issue is fixed!

 

I followed your instruction and I was able to boot in normal mode... tried a little Google search and it works fine.

 

What is the next step? I imagine we are not done, right?

 

Thanks,
Jacy


Edited by Jacy66, 31 March 2013 - 04:09 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 31 March 2013 - 06:26 PM

Hi Jacy,

I noticed yesterday you were not listed as following the post but it appears you are all set up now. Hopefully you will receive the email notifications.

It appears one of the third party programs we disabled during the Clean Boot step is prohibiting your computer from booting into Normal Mode. For starters let's gather a little more information to see if we are provided any clues.

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

List last 10 Event Viewer log
List Installed Programs

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniToolBox log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 31 March 2013 - 06:48 PM

I finally figure out how to get the email notification!!!

 

Here we go:

 

Mini ToolBox .log:

 

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Alex (administrator) on 31-03-2013 at 19:42:00
Running from "C:\Users\Alex\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/31/2013 04:41:03 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/31/2013 04:41:03 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/31/2013 04:38:38 PM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (03/31/2013 04:38:38 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/31/2013 04:38:38 PM) (Source: Perflib) (User: )
Description: EmdCache4

Error: (03/31/2013 04:38:38 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/30/2013 06:06:17 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/30/2013 06:06:17 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/30/2013 05:52:36 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/30/2013 05:52:36 PM) (Source: LoadPerf) (User: )
Description: Performance16


System errors:
=============
Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: AFD
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
tmtdi
Wanarpv6

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: Trend Micro Proxy ServiceTrend Micro TDI Driver%%31

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (03/31/2013 04:33:08 PM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-26 20:36:02.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:02.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:01.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:01.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:01.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:01.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:01.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:00.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:00.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 20:36:00.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 6.0.0.59)
ASUS Power4Gear eXtreme (Version: 1.0.19)
AVG 2013 (Version: 13.0.3161)
AVG 2013 (Version: 13.0.3267)
AVG 2013 (Version: 2013.0.3267)
BCool Gadget (Version: 1.0)
BitTorrent (Version: 6.2.0)
Bonjour (Version: 3.0.0.10)
Dolby Control Center (Version: 1.1.0601)
Dropbox (Version: 1.6.16)
HitmanPro 3.7 (Version: 3.7.2.190)
iTunes (Version: 10.7.0.21)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
NVIDIA Drivers
Synaptics Pointing Device Driver (Version: 10.1.8.0)
Trend Micro AntiVirus (Version: 17.0)
USB 2.0 1.3M UVC WebCam
VistaGlazz 1.2 (Version: 1.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Zune (Version: 04.00.0740.00)
Zune Language Pack (ES) (Version: 04.00.0740.00)
Zune Language Pack (FR) (Version: 04.00.0740.00)

**** End of log ****



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 31 March 2013 - 10:32 PM

Hi Jacy,

Nothing definitive there so we will do it through trial and error. What I would like you to do is repeat the steps to get into the Services tab like you did in the Clean Boot step.  Enable half of the items you previously unchecked and then try to boot into Normal Mode.  That will tell you if the trouble is contained in the top half or bottom half of the list.  Then you can troubleshoot from there.  For example, if you can't boot into Normal Mode with the top half checked then uncheck them all again and start checking them one item at a time, trying to boot into Normal Mode each time you add a checked an item.  Hopefully you will be able to identify the culprit.

 

Let me know what you find.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 01 April 2013 - 08:00 PM

Hi Gary,

 

I'm down to 3 services that causes Normal Mode to "spin"... which are:

 

SBSD Security Center Service

Secunia PSI Agent

Secunia Update Agent

 

When either of these are checked, doesn't work... I don't know if it makes sens to you but nothing obvious for me   :mellow:

 

Thanks,

Jacy

n.b. Don't know if this can help you but... when I started with 1st half of list only: it works fine, then with 2nd half only: works too !!!

So I did it adding services to 1st half... 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 01 April 2013 - 08:21 PM

Hi Jacy,

Thanks for all your effort. I would like you to do this please.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Spybot Search & Destroy (which is no longer recommended by BleepingComputer)
Secunia (all versions)
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
  • Reboot your computer into Normal Mode
  • Reverse the Clean Boot steps, making sure to unhide the Microsoft services and placing a checkmark in all the remaining services (if it is not that way already)
  • Attempt to boot into Normal Mode again
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program(s) uninstall properly?
  • Can you now boot successfully into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 01 April 2013 - 09:35 PM

Hello,

 

I followed your instructions using revo uninstall for both SpyBot S$D and Secunia and they did removed nicely!

 

Rebooting in normal mode was ok too.

 

Then I was too confidente in the "Reverse the Clean Boot steps" and tried a "normal startup"... result: normal mode "spin" again... But I had the time to get an "Adobe Reader update ready" prompt!

 

Back in msconfig, I reboot in selective startup with "all services" and normal mode is fine!

 

Should I try with "load startup items" checked?

 

Thank you,

Jacy 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 01 April 2013 - 09:39 PM

Yes please
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 01 April 2013 - 09:56 PM

Works fine... what is the difference between that and normal startup?

 

Now do I give it another try with "normal startup"?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 AM

Posted 01 April 2013 - 10:03 PM

Greetings,

No, Selective Startup is what we want, not Normal Startup. It is a more controlled startup loading only those things we want to load. Things are looking good.

Let's run 2 scans to look for leftover items. ESET will take a bit of time and I will not be online when it finally completes. But I am looking forward to seeing what I hope to be good reports in the morning. :thumbsup2:

Please do this.

===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?

Edited by Oh My, 01 April 2013 - 10:25 PM.
Format

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 01 April 2013 - 11:16 PM

Malwarebytes anti-malware was already installed on the pc... I used this program... is it ok?  Oups... pasting the log, I realize it is in Frech... if you need, I will uninstall and reinstall English version...  I'm getting on ESET

 

Here is the log, nothing was reported:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Version de la base de données: v2013.03.29.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Alex :: ALEX- [administrateur]

02/04/2013 12:01:11 AM
mbam-log-2013-04-02 (00-01-11).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P
Options d'examen désactivées:
Elément(s) analysé(s): 215313
Temps écoulé: 6 minute(s), 57 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)



#15 Jacy66

Jacy66
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 02 April 2013 - 06:05 AM

 Morning,

 

Hum... still have a little something...

 

Here is ESET log:

 

C:\Users\All Users\Bcool\507ac314526e4.ocx Win32/Adware.MultiPlug.D application 
C:\Users\All Users\Bcool\507ac3145271c.html Win32/Adware.MultiPlug.H application 
C:\Users\All Users\Bcool\jckaglmpflmgpnmmipoopbbcpdnckdac.crx Win32/Adware.MultiPlug.H application 
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Users\All Users\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Users\All Users\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A application 

C:\$RECYCLE.BIN\S-1-5-21-1908558985-1049518700-345209532-1000\$RFBFEY8\Recovery\IncrediBar6.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1908558985-1049518700-345209532-1000\$RFBFEY8\Recovery\Wajam32.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1908558985-1049518700-345209532-1000\$RFBFEY8\Recovery\Wajam61.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1908558985-1049518700-345209532-1000\$RFBFEY8\Recovery\Wajam62.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1908558985-1049518700-345209532-1000\$RFBFEY8\Recovery\YontooPagerage32.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security\TmpxTmp\htt78E9.tmp a variant of Win32/Adware.Gamevance.AS application cleaned by deleting - quarantined
C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\ProgramData\Bcool\507ac314526e4.ocx Win32/Adware.MultiPlug.D application cleaned by deleting - quarantined
C:\ProgramData\Bcool\507ac3145271c.html Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\ProgramData\Bcool\jckaglmpflmgpnmmipoopbbcpdnckdac.crx Win32/Adware.MultiPlug.H application deleted - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\118V0G1O\optimizerpro[1] a variant of Win32/SpeedingUpMyPC.B application cleaned by deleting - quarantined
C:\Users\Alex\AppData\Local\Temp\YontooLayers\background.html JS/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Alex\Documents\Azureus Downloads\MS Office Publisher 2007\MS Office Publisher 2007.iso a variant of Win32/Kryptik.CVD trojan deleted - quarantined
C:\Users\Alex\Downloads\cbsidlm-tr1_9-Daemon_Tools_Lite-ORG2-10778842.exe multiple threats cleaned by deleting - quarantined
C:\Users\Alex\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\Download\trojankiller2093-setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
 

Jacy






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users