Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infected Sony Laptop [Solved]

Started by Penpen , Oct 10 2012 02:47 AM

  • This topic is locked This topic is locked
58 replies to this topic

#1 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 10 October 2012 - 02:47 AM

Hiya,

I recently downloaded some stuff off the internet and my computer has not been the same since. I get popups advertising things and I also get adverts for women around youtube and facebook. If I go to my AVG toolbar, coupons come up in the bottom right hand corner. I have used hijack this ( i accidentally pressed the analyze this button once) and here are the results -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:38, on 2012/10/10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\SetGamma\SetGamma.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Users\Emi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\FeliCa Sensing\FeliSen.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Emi\Downloads\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: かんたん登録2 - {0DD41AE7-6196-42E7-BDE5-4F393997449E} - C:\PROGRA~1\JUSTSY~1\SIMPLE~1\AtInBnd.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: かんたん登録2 ツールバー - {833CFE4E-05BD-43A3-97A7-A4E80D742F0F} - C:\PROGRA~1\JUSTSY~1\SIMPLE~1\AtInBnd.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [E-Flyer] "C:\Program Files\Sony\E-Flyer\SubFlyer.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SetGamma] "C:\Program Files\Sony\SetGamma\SetGamma.exe"
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Users\Emi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S2D1C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: かざそうFeliCa.lnk = C:\Program Files\Sony\FeliCa Sensing\FeliSen.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint プレビュー - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint 印刷 - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint 印刷リストに追加 - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint 高速印刷 - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {91DFB26C-AFD7-47C2-A07D-D22AF3548169} (NamoWeCtl 6.0 for YahooJpn) - http://beauty.geocit...or/NamoWec6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Smart Network Service (BeService) - Sony Corporation - C:\Program Files\Sony\Smart Network\BeService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Users\Emi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TXVDrv Service (TxVDrvSvc) - Texim Corporarion. - C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13164 bytes

thanks very much for being here and i hope you can help.

    Advertisements

Register to Remove

#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 October 2012 - 04:28 AM

Hello Penpen and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 October 2012 - 04:40 AM

Hello again Penpen

I don’t see anything in that log but we’ll run some more scans to find the problem.

Spybot TeaTimer

Please disable this program and leave it disabled until we are done as it can interfere with some of the tools we use.
  • launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • on the left hand side, click on Tools, then click on the Resident Icon in the list.
  • uncheck the Resident TeaTimer (Protection of overall system settings) active box.
  • click on the System Startup icon in the List
  • uncheck the "TeaTimer" box and click OK at any prompts.
  • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
  • exit Spybot S&D.
(When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).

===============================================

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop.
  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the prescan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects.
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#4 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 10 October 2012 - 08:54 AM

Hiya, Thanks for helping me out with this. Im having trouble finding system startup in spybot. it keeps telling me that im not an administrator. shall i just try to uninstall spybot altogether? I havent been able to complete the system startup step. I havent done anything else.

#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 October 2012 - 09:04 AM

If you have unchecked the "Resident "TeaTimer" (Protection of overall system settings) active." box, you can exit Spybot and carry on with RogueKiller.

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 10 October 2012 - 09:14 AM

I didnt understand the right click -run as admin instruction but ive done the scan etc. here is the list

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Emi [Admin rights]
Mode : Scan -- Date : 10/10/2012 16:11:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {5D045FA4-E425-4FC5-BA6D-9D7D244241A8} : C:\Windows\System32\pcalua.exe -a C:\Users\Emi\Desktop\jt153c.exe -d C:\Users\Emi\Desktop -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1034GSX ATA Device +++++
--- User ---
[MBR] 876b7f45662db2e01a0803fce12a8459
[BSP] 5ecb647f66e1f840e77556d4f6b6ac9a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7629 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15626240 | Size: 87765 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 October 2012 - 09:35 AM

Good, that was OK so we'll look using some different scans.

Run DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.pif
DDS.com

  • disable any script blocking protection (How to Disable your Security Programs)
  • double click DDS icon to run the tool (may take up to 3 minutes to run)
  • when done, DDS.txt will open.
  • after a few moments, attach.txt will open in a second window.
  • save both reports to your desktop.
  • Post the contents of the DDS.txt and Attach.txt reports in your next reply
===================================================

Run aswMBR
  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.
Please include the following in your next post :

DDS.txt
Attach.txt
aswMBR log

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#8 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 10 October 2012 - 11:37 AM

Hi,I think I've done that, I'll copy and attach the results.

DDS


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_35
Run by Emi at 18:16:20 on 2012-10-10
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\SetGamma\SetGamma.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Users\Emi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\FeliCa Sensing\FeliSen.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Emi\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\JUSTSYSTEM\PersonalShelter\TxVDrvSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.searchonme.com/
uDefault_Page_URL = hxxp://www.vaio.sony.co.jp/Owner/2007a.html
uSearch Bar =
mStart Page = hxxp://search.searchonme.com/
mDefault_Page_URL = hxxp://www.vaio.sony.co.jp/Owner/2007a.html
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: かんたん登録2: {0dd41ae7-6196-42e7-bde5-4f393997449e} - c:\progra~1\justsy~1\simple~1\AtInBnd.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: かんたん登録2 ツールバー: {833cfe4e-05bd-43a3-97a7-a4e80d742f0f} - c:\progra~1\justsy~1\simple~1\AtInBnd.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [TomTomHOME.exe] "c:\users\emi\tomtom home 2\TomTomHOMERunner.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S2D1C.tmp" /EF "HKCU"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [E-Flyer] "c:\program files\sony\e-flyer\SubFlyer.exe"
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SetGamma] "c:\program files\sony\setgamma\SetGamma.exe"
mRun: [IME JPN 2007 Migration] c:\progra~1\common~1\micros~1\ime12\imejp\IMJPKLMG.EXE /Preload
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\emi\appdata\roaming\micros~1\windows\startm~1\programs\startup\かざそ~1.lnk - c:\program files\sony\felica sensing\FeliSen.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Easy-WebPrint プレビュー - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint 印刷 - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint 印刷リストに追加 - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint 高速印刷 - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Microsoft Excel にエクスポート(&X) - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\iflsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {91DFB26C-AFD7-47C2-A07D-D22AF3548169} - hxxp://beauty.geocities.yahoo.co.jp/namo/geocreator/NamoWec6.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{22CD1543-C312-4180-8903-388A87EEC278} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{85066FAF-0A01-4877-ADDD-EB81ECE91A6C} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\emi\appdata\roaming\mozilla\firefox\profiles\bw6pfu9s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.searchonme.com/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.jp/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6b855b23-dd4a-4f6c-b737-c53879777024%7D&mid=afed3f04354447d19335d153c6eea83c-51d981741c17b747ff9445feea4180c6105b265d&ds=AVG&v=11.1.0.12&lang=ja&pr=fr&d=2012-06-06%2010%3A11%3A01&sap=ku&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\emi\appdata\roaming\mozilla\firefox\profiles\bw6pfu9s.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\users\emi\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 27496]
R1 TxVDrv;TxVDrv;c:\windows\system32\drivers\TxVDrv.sys [2007-3-16 22272]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-9 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\users\emi\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 TxVDrvSvc;TXVDrv Service;c:\program files\justsystem\personalshelter\TxVDrvSvc.exe [2007-3-16 45056]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-2-21 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-2-21 43904]
R3 Sonyddpu;FeliCa Port/PaSoRi;c:\windows\system32\drivers\Sonyddpu.sys [2007-2-21 58112]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-2-21 30976]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-2-21 227328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250808]
S3 BeService;Smart Network Service;c:\program files\sony\smart network\BeService.exe [2007-3-16 413696]
S3 GDISpyDevice;GDISpyDevice;c:\windows\system32\GDISpy.sys [2008-4-22 38856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-3-16 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-3-16 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-3-16 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-09 15:40:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-09 15:40:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-05 21:33:14 -------- d-----w- c:\programdata\Premium
2012-10-05 21:32:52 -------- d-----w- c:\program files\SProtector
2012-10-05 21:31:54 -------- d-----w- c:\programdata\ADDICT-THING
2012-10-05 21:31:12 -------- d-----w- c:\programdata\InstallMate
2012-10-05 20:52:06 -------- d-----w- c:\users\emi\dwhelper
2012-10-03 21:11:46 -------- d-----w- c:\users\emi\appdata\local\Freecorder 6 Video
2012-10-03 21:10:41 -------- d-----w- c:\users\emi\appdata\roaming\Freecorder 6 Video
2012-10-03 21:09:21 -------- d-----w- c:\users\emi\appdata\local\Freecorder 6 Converter
2012-10-03 21:09:04 -------- d-----w- c:\users\emi\appdata\roaming\Freecorder 6 Converter
2012-10-03 21:07:42 -------- d-----w- c:\users\emi\appdata\local\Freecorder 6 Audio
2012-10-03 21:07:16 -------- d-----w- c:\users\emi\appdata\roaming\Freecorder 6 Audio
2012-10-03 21:06:38 -------- d-----w- c:\users\emi\appdata\local\Jaksta_Technologies_Pty_L
2012-10-03 21:00:49 -------- d-----w- c:\program files\Applian Technologies
2012-10-03 20:59:03 -------- d-----w- c:\programdata\Tarma Installer
2012-10-03 19:03:27 -------- d-----w- c:\users\emi\appdata\local\Abelssoft
2012-10-03 18:47:05 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-10-03 18:47:05 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-10-03 18:47:05 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-10-03 18:47:05 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-10-03 18:47:05 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-23 18:59:33 -------- d-----w- c:\users\emi\appdata\local\Unity
2012-09-15 11:15:18 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 11:11:45 -------- d-----w- c:\program files\iPod
2012-09-15 11:11:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 11:11:09 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-10-08 19:51:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:51:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 07:16:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-05 07:16:18 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-04 08:18:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 14:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 12:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-26 02:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 18:19:22.08 ===============





Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | N/A | 1333/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 86 GiB total, 16.701 GiB free.
D: is Removable
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\*ISATAP\0015
Manufacturer:
Name:
PNP Device ID: ROOT\*ISATAP\0015
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ADDICT-THING
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.3 - Japanese
Adobe Shockwave Player 11
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AQUAZONE OpenWater 体験版
ATLAS 翻訳パーソナル 2007 LE
AVG 2012
AVG PC Tuneup
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera RAW Plug-In for EPSON Creativity Suite
CANON iMAGE GATEWAY 無料会員登録 iP4300
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
CX4300_5500_DX4400 manual
DivXセットアップ
DSD Direct
DSD Playback Plug-in
Easy-WebPrint
Edy Viewer
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
FeliCa Port Software
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hoppysoft QTConverter 1.3.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
i-フィルター 4
iCloud
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
its-moNavi PC
iTunes
Java Auto Updater
Java™ 6 Update 35
Java™ 6 Update 6
Java™ 6 Update 7
LAN-Express AS IEEE 802.11 Wireless LAN
LAN Setting Utility
Microsoft .NET Framework 3.5 Language Pack SP1 - jpn
Microsoft .NET Framework 3.5 Language Pack SP1 - 日本語
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile JPN Language Pack
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended JPN Language Pack
Microsoft .NET Framework 4 Extended Language Pack - 日本語
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007 Help 更新プログラム (KB963678)
Microsoft Office Excel MUI (Japanese) 2007
Microsoft Office File Validation Add-In
Microsoft Office IME (Japanese) 2007
Microsoft Office Outlook 2007 Help 更新プログラム (KB963677)
Microsoft Office Outlook MUI (Japanese) 2007
Microsoft Office Personal 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Japanese) 2007
Microsoft Office Proofing (Japanese) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Japanese) 2007
Microsoft Office Word 2007 Help 更新プログラム (KB963665)
Microsoft Office Word MUI (Japanese) 2007
Microsoft Office ナビ 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft SQL Server セットアップ サポート ファイル (英語)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 15.0 (x86 ja)
Mozilla Firefox 15.0.1 (x86 ja)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.6.01
OpenOffice.org Installer 1.0
QuickTime
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Setting Utility Series
SFCard Viewer 2
SigmaTel Audio
Skype™ 5.10
Smart Network
So-netサービス紹介
SonicStage 4.2
SonicStage Mastering Studio
SonicStage Mastering Studio オーディオフィルタ機能
SonicStage Mastering Studio オーディオフィルタ機能 カスタムプリセット
SonicStage Mastering Studio プラグイン
Sony Snymsico for Vista
Sony Utilities DLL
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
sprotector 1.62
Spybot - Search & Destroy
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2597120) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VAIO Aqua Breeze Wallpaper
VAIO Azure Float Wallpaper
VAIO Camera Capture Utility
VAIO Camera Utility
VAIO Cozy Orange Wallpaper
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Guide Movie Components
VAIO Hardware Diagnostics
VAIO Media (再配布) 6.0
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Registration Tool 6.0
VAIO Photo 2007
VAIO Power Management
VAIO Teal Whisper Wallpaper
VAIO Update 4
VAIO Video & Photo Utilities
VAIO Video & Photo ユーティリティ
VAIO データリストアツール
VAIOナビ
VC80CRTRedist - 8.0.50727.6195
VLC media player 0.9.8a
Windows Media Player Firefox Plugin
WinDVD for VAIO
Wireless Switch Setting Utility
Yahoo!ツールバー
えいご漬け 改訂版(体験版)
エレコムらくちんプリント
かざしてログオン
かざそうFeliCa
かざポン for VAIO
かんたん登録2
スクリーンセーバーロック2
てきぱき家計簿マム5
ドラネットキッズ入学準備 体験版
ドラネット小学一年生 体験版
パーソナルシェルター
バイオの設定
バイオ電子マニュアル
バイオ電子マニュアル データベース
ホットスポット・ツール
ラベル屋さんHOME
一太郎ビューア
英単語名人10000
時事通信社 医学・健康コンテンツ
静止画色補正
筆ぐるめ Ver.14
.


aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 18:28:25
-----------------------------
18:28:25.041 OS Version: Windows 6.0.6000
18:28:25.042 Number of processors: 2 586 0xF02
18:28:25.043 ComputerName: EMI-PC UserName: Emi
18:28:47.931 Initialize success
18:29:30.591 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:29:30.595 Disk 0 Vendor: TOSHIBA_MK1034GSX AH201A Size: 95396MB BusType: 3
18:29:30.599 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000076
18:29:30.604 Disk 1 Vendor: ( Size: 95396MB BusType: 0
18:29:30.657 Disk 0 MBR read successfully
18:29:30.661 Disk 0 MBR scan
18:29:30.666 Disk 0 Windows VISTA default MBR code
18:29:30.700 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7629 MB offset 2048
18:29:30.732 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 87765 MB offset 15626240
18:29:30.784 Disk 0 scanning sectors +195369520
18:29:31.093 Disk 0 scanning C:\Windows\system32\drivers
18:29:45.646 Service scanning
18:30:19.793 Modules scanning
18:30:52.438 Disk 0 trace - called modules:
18:30:52.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll acpi.sys ataport.SYS intelide.sys
18:30:52.548 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dc8ad8]
18:30:52.555 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x8451a928]
18:30:52.562 5 acpi.sys[8066932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84505030]
18:30:52.572 Scan finished successfully
18:31:20.448 Disk 0 MBR has been saved successfully to "C:\Users\Emi\Documents\MBR.dat"
18:31:20.454 The log file has been saved successfully to "C:\Users\Emi\Documents\aswMBR.txt"

#9 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 10 October 2012 - 04:44 PM

Hi Penpen

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply
===================================================

Download Malwarebytes-Anti-Malware

Click here.
  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

AdwCleaner log
Mbam.txt

Can you tell me if there is any change.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#10 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 11 October 2012 - 02:50 AM

Hi again, I managed to download AdwCleaner, but when I tried to run this, there was a little window popped up telling me ` windows host process(Rundll32) has stopped the action' and didn't seem to work. Could you help me with this? Thank you!

    Advertisements

Register to Remove

#11 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 11 October 2012 - 04:14 AM

Can you try running it in safe mode:
  • restart your computer.
  • when the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows Advanced Boot Options menu
  • select the option for Safe Mode using the arrow keys
  • then press Enter on your keyboard to boot into Safe Mode.

You should then be presented with the Windows Login screen. Log in to Windows and try running it again

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#12 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 11 October 2012 - 06:55 AM

Hi Satchfan
I managed to do those instructions. The adverts for women on youtube and facebook have gone and AVG toolbar which I didn't want have gone when I create a new tab, so it is looking a lot better. However, I'm still getting hotlink in my yahoo-email( underline some titles in blue and adverts appear when an arrow goes on them). Also, if I go to a certain website such as clarks, coupons come up in the bottom right hand corner, which is very similar to the one I had with AVG toolbar top page.
Anyway, here are the results:



AdwCleaner
# AdwCleaner v2.004 - Logfile created 10/11/2012 at 11:37:04
# Updated 06/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium (32 bits)
# User : Emi - EMI-PC
# Boot Mode : Safe mode
# Running from : C:\Users\Emi\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Emi\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Folder Deleted : C:\Users\Emi\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Emi\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Emi\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\bw6pfu9s.default\extensions\avg@toolbar
Folder Deleted : C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\bw6pfu9s.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17037

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (ja)

Profile name : default
File : C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\bw6pfu9s.default\prefs.js

C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\bw6pfu9s.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.506f531d51474.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.5071f293e68ec.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.5071f587bdd2f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 22);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A82933984C9344EAF1C75B6E19C1DD1F");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "19");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 22);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 60542870);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.ClearCacheDate", 11);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.DisplayEULA", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.EnableDCA", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.FirstLaunchShown", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.LoadLayoutDate.1", 11);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.MultiSearch.KeywordHistory", "nexus%25207%7C%25[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.SearchBoxAutoExpand", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.ShowRecommendedOptions", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.StateReportDate", "1349944673866");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.beforeInstallSaved", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.beforeinstall.homepage", "hxxp%3A//www.yahoo.co[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.beforeinstall.search", "AVG%20Secure%20Search")[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.comp.search.MultiSearch.engine_im
g", "aHR0cDovL[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.comp.search.MultiSearch.engine_ur
l", "aHR0cDovL[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.comp.search.MultiSearch.text", "%u30A6%u30A7%u3[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.customNewTab", false);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.helpUsImprove", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.hideOthers", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.processAddrBar", false);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.restoreSearch", false);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.rows", 1);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.runcmd.", "1348068635824");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.searchHistory", true);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.showFirstLaunchOptions", false);
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.tb_lang", "ja");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.tool_id", "1");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.user_id", "103364249");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.user_key", "002a5629f905a5dfb8b8c8de65e217eb561[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.user_layouts", "1");
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.user_lnames", "%u697D%u5929%u30C4%u30FC%u30EB%u[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.xml_service_url", "df9d74e0be0b3087f8b4164d1c36[...]
Deleted : user_pref("freecause8b5bea8c61944c7ca440d5ca181480c3.yahooSearch", false);
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B6b855b23-dd4a-4f6c-b737-c53879777024%[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [14484 octets] - [11/10/2012 11:37:04]

########## EOF - C:\AdwCleaner[S2].txt - [14545 octets] ##########




mbam
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.07

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
Emi :: EMI-PC [administrator]

2012/10/11 12:00:09
mbam-log-2012-10-11 (12-00-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205600
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Emi\Downloads\-&.mp3.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emi\Downloads\_ DREAMS COME TRUE.mp3.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emi\Local Settings\Temporary Internet Files\Content.IE5\P92RDM9N\5071f587d7bc5[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Users\Emi\Local Settings\Temporary Internet Files\Content.IE5\UO535R4K\506f531d6afbc[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.

(end)

#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 11 October 2012 - 07:16 AM

As you say, it got rid of some so we'll use the big guns to try and see what else is there.

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, as they may otherwise interfere with our tools. See here for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#14 Penpen

Penpen

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 11 October 2012 - 03:33 PM

hello, we have run the scan and it asked us if we wanted to quarantine some infected files so we pressed yes. It deleted 56 infected files or so. we are unable to find the .txt document you requested. Also I noticed that there are still some ads on youtube...

#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 11 October 2012 - 03:43 PM

Please just post the log.

ComboFix logs are located at c:\combofix.txt,

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·