also @ TechSpot: Next iPad rumored to be 33% lighter and thinner thanks to new touchscreen tech

SCVHost.exe Trojan :/

Discussion in 'Virus and Malware Removal' started by Amaze, Nov 26, 2012.

Post New Reply
Page 2 of 4

  1. Amaze Newcomer, in training Posts: 86

    23:00:01.0194 3688 VaultSvc - ok
    23:00:01.0240 3688 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    23:00:01.0256 3688 vdrvroot - ok
    23:00:01.0303 3688 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    23:00:01.0443 3688 vds - ok
    23:00:01.0459 3688 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    23:00:01.0490 3688 vga - ok
    23:00:01.0506 3688 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    23:00:01.0537 3688 VgaSave - ok
    23:00:01.0568 3688 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    23:00:01.0599 3688 vhdmp - ok
    23:00:01.0630 3688 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    23:00:01.0662 3688 viaide - ok
    23:00:01.0677 3688 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    23:00:01.0693 3688 volmgr - ok
    23:00:01.0740 3688 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    23:00:01.0771 3688 volmgrx - ok
    23:00:01.0802 3688 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
    23:00:01.0880 3688 volsnap - ok
    23:00:01.0911 3688 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    23:00:01.0942 3688 vsmraid - ok
    23:00:02.0036 3688 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    23:00:02.0067 3688 VSS - ok
    23:00:02.0098 3688 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    23:00:02.0130 3688 vwifibus - ok
    23:00:02.0176 3688 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    23:00:02.0208 3688 vwififlt - ok
    23:00:02.0270 3688 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    23:00:02.0301 3688 W32Time - ok
    23:00:02.0332 3688 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    23:00:02.0348 3688 WacomPen - ok
    23:00:02.0410 3688 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    23:00:02.0426 3688 WANARP - ok
    23:00:02.0442 3688 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    23:00:02.0442 3688 Wanarpv6 - ok
    23:00:02.0566 3688 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    23:00:02.0613 3688 WatAdminSvc - ok
    23:00:02.0707 3688 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    23:00:02.0754 3688 wbengine - ok
    23:00:02.0785 3688 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    23:00:02.0800 3688 WbioSrvc - ok
    23:00:02.0832 3688 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    23:00:02.0863 3688 wcncsvc - ok
    23:00:02.0878 3688 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    23:00:02.0925 3688 WcsPlugInService - ok
    23:00:02.0972 3688 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    23:00:02.0972 3688 Wd - ok
    23:00:03.0050 3688 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    23:00:03.0097 3688 Wdf01000 - ok
    23:00:03.0128 3688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    23:00:03.0144 3688 WdiServiceHost - ok
    23:00:03.0159 3688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    23:00:03.0175 3688 WdiSystemHost - ok
    23:00:03.0206 3688 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    23:00:03.0237 3688 WebClient - ok
    23:00:03.0284 3688 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    23:00:03.0331 3688 Wecsvc - ok
    23:00:03.0378 3688 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    23:00:03.0393 3688 wercplsupport - ok
    23:00:03.0440 3688 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    23:00:03.0440 3688 WerSvc - ok
    23:00:03.0518 3688 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    23:00:03.0565 3688 WfpLwf - ok
    23:00:03.0580 3688 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    23:00:03.0596 3688 WIMMount - ok
    23:00:03.0643 3688 WinDefend - ok
    23:00:03.0674 3688 WinHttpAutoProxySvc - ok
    23:00:03.0752 3688 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    23:00:03.0768 3688 Winmgmt - ok
    23:00:03.0877 3688 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    23:00:03.0955 3688 WinRM - ok
    23:00:04.0064 3688 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    23:00:04.0142 3688 Wlansvc - ok
    23:00:04.0220 3688 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    23:00:04.0236 3688 wlcrasvc - ok
    23:00:04.0392 3688 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:00:04.0438 3688 wlidsvc - ok
    23:00:04.0470 3688 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    23:00:04.0485 3688 WmiAcpi - ok
    23:00:04.0579 3688 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    23:00:04.0610 3688 wmiApSrv - ok
    23:00:04.0657 3688 WMPNetworkSvc - ok
    23:00:04.0719 3688 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    23:00:04.0735 3688 WPCSvc - ok
    23:00:04.0766 3688 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    23:00:04.0797 3688 WPDBusEnum - ok
    23:00:04.0844 3688 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    23:00:04.0875 3688 ws2ifsl - ok
    23:00:04.0906 3688 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
    23:00:04.0922 3688 wscsvc - ok
    23:00:04.0922 3688 WSearch - ok
    23:00:05.0062 3688 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    23:00:05.0125 3688 wuauserv - ok
    23:00:05.0172 3688 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    23:00:05.0187 3688 WudfPf - ok
    23:00:05.0265 3688 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    23:00:05.0296 3688 WUDFRd - ok
    23:00:05.0328 3688 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    23:00:05.0343 3688 wudfsvc - ok
    23:00:05.0390 3688 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    23:00:05.0406 3688 WwanSvc - ok
    23:00:05.0562 3688 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    23:00:05.0608 3688 YahooAUService - ok
    23:00:05.0655 3688 ================ Scan global ===============================
    23:00:05.0702 3688 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    23:00:05.0749 3688 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    23:00:05.0780 3688 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    23:00:05.0827 3688 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    23:00:05.0889 3688 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    23:00:05.0905 3688 [Global] - ok
    23:00:05.0905 3688 ================ Scan MBR ==================================
    23:00:05.0920 3688 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    23:00:05.0920 3688 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    23:00:05.0983 3688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:00:05.0983 3688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    23:00:05.0983 3688 ================ Scan VBR ==================================
    23:00:06.0014 3688 [ 0E8181833307AF9717CE06CA6178D97C ] \Device\Harddisk0\DR0\Partition1
    23:00:06.0014 3688 \Device\Harddisk0\DR0\Partition1 - ok
    23:00:06.0014 3688 ============================================================
    23:00:06.0014 3688 Scan finished
    23:00:06.0014 3688 ============================================================
    23:00:06.0061 4808 Detected object count: 1
    23:00:06.0061 4808 Actual detected object count: 1
    23:00:46.0044 4808 \Device\Harddisk0\DR0\# - copied to quarantine
    23:00:46.0059 4808 \Device\Harddisk0\DR0 - copied to quarantine
    23:00:46.0153 4808 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:00:46.0168 4808 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:00:46.0200 4808 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    23:00:46.0215 4808 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    23:00:46.0262 4808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:00:46.0293 4808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:00:46.0309 4808 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:00:46.0340 4808 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:00:46.0356 4808 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:00:46.0387 4808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:00:46.0418 4808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:00:46.0434 4808 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:00:46.0449 4808 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:00:46.0480 4808 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:00:46.0527 4808 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    23:00:46.0621 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:00:46.0621 4808 \Device\Harddisk0\DR0 - ok
    23:00:47.0292 4808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    Amaze, Nov 26, 2012
    #21

  2. Amaze Newcomer, in training Posts: 86

    After the reboot, got the same RunDLL error, and MBAM picked up the same trojan again that its been picking up after every reboot.
    Amaze, Nov 26, 2012
    #22

  3. Amaze Newcomer, in training Posts: 86

    BTW- is it normal for IE to constantly "stop working" if the character limit is reached?

    I think I had to recover the webpage at least 12 times to get the logs posted
    Amaze, Nov 26, 2012
    #23

  4. Broni Malware Annihilator Posts: 39,313   +175

    Your computer is most likely still infected.
    We just got rid of TDL rootkit.

    Re-run MBAM and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
    Broni, Nov 26, 2012
    #24

  5. Amaze Newcomer, in training Posts: 86

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.26.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MYERS :: MYERS-PC [administrator]
    Protection: Enabled
    11/27/2012 12:53:07 PM
    mbam-log-2012-11-27 (19-06-55).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 503383
    Time elapsed: 6 hour(s), 1 minute(s), 49 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> No action taken.
    HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> No action taken.
    Registry Values Detected: 1
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin -> No action taken.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 2
    C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> No action taken.
    C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> No action taken.
    Files Detected: 5
    C:\Users\MYERS\Downloads\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen\Keygen\Keygen.exe (RiskWare.Tool.HCK) -> No action taken.
    C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> No action taken.
    C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> No action taken.
    C:\Users\MYERS\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
    C:\Users\MYERS\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
    (end)
    Amaze, Nov 27, 2012
    #25

  6. Amaze Newcomer, in training Posts: 86

    RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : MYERS [Admin rights]
    Mode : Remove -- Date : 11/27/2012 06:33:10
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][NOTFOUND] HKCU\[...]\Run : Diagnostics (rundll32.exe "C:\Users\MYERS\AppData\Local\Google\Diagnostics\aepiwjvks.dll",StartupW) -> DELETED
    [RUN][NOTFOUND] HKUS\S-1-5-21-1447072285-3693872449-3215407428-1000_Classes[...]\Run : Diagnostics (rundll32.exe "C:\Users\MYERS\AppData\Local\Google\Diagnostics\aepiwjvks.dll",StartupW) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\82988245 (C:\windows\system32\drivers\20673455.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\82988245 (C:\windows\system32\drivers\20673455.sys) -> DELETED
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts
    127.0.0.1 secure.tune-up.com

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3275GSX SATA Disk Device +++++
    --- User ---
    [MBR] f15bde6cfeb2a07fac1798f7125cda38
    [BSP] e4b67e3f6960bb73f78a032d786d7473 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289710 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596400128 | Size: 14034 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_11272012_02d0633.txt >>
    RKreport[1]_S_11272012_02d0631.txt ; RKreport[2]_D_11272012_02d0633.txt
    Amaze, Nov 27, 2012
    #26
     

  7. Amaze Newcomer, in training Posts: 86

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-27 06:36:02
    -----------------------------
    06:36:02.124 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:36:02.124 Number of processors: 2 586 0x200
    06:36:02.124 ComputerName: MYERS-PC UserName: MYERS
    06:36:04.667 Initialize success
    06:37:14.286 AVAST engine defs: 12112700
    06:38:20.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
    06:38:20.352 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
    06:38:20.367 Disk 0 MBR read successfully
    06:38:20.383 Disk 0 MBR scan
    06:38:20.398 Disk 0 Windows VISTA default MBR code
    06:38:20.414 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    06:38:20.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
    06:38:20.492 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
    06:38:20.570 Disk 0 scanning C:\windows\system32\drivers
    06:38:45.811 Service scanning
    06:39:42.423 Modules scanning
    06:39:42.439 Disk 0 trace - called modules:
    06:39:42.501 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    06:39:43.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fe45d0]
    06:39:43.047 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8002eb8040]
    06:39:43.063 5 amd_xata.sys[fffff880011098b4] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8002eb2060]
    06:39:45.013 AVAST engine scan C:\windows
    06:39:51.425 AVAST engine scan C:\windows\system32
    06:48:08.584 AVAST engine scan C:\windows\system32\drivers
    06:48:30.034 AVAST engine scan C:\Users\MYERS
    06:48:59.939 Disk 0 MBR has been saved successfully to "C:\Users\MYERS\Desktop\MBR.dat"
    06:48:59.954 The log file has been saved successfully to "C:\Users\MYERS\Desktop\aswMBR.txt"
    Amaze, Nov 27, 2012
    #27

  8. Broni Malware Annihilator Posts: 39,313   +175

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
    Broni, Nov 27, 2012
    #28

  9. Amaze Newcomer, in training Posts: 86

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-27 06:49:51
    -----------------------------
    06:49:51.514 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:49:51.514 Number of processors: 2 586 0x200
    06:49:51.514 ComputerName: MYERS-PC UserName: MYERS
    06:49:53.558 Initialize success
    06:50:13.635 AVAST engine defs: 12112700
    06:50:20.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
    06:50:20.015 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
    06:50:20.062 Disk 0 MBR read successfully
    06:50:20.078 Disk 0 MBR scan
    06:50:20.093 Disk 0 Windows VISTA default MBR code
    06:50:20.109 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    06:50:20.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
    06:50:20.218 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
    06:50:20.312 Disk 0 scanning C:\windows\system32\drivers
    06:50:39.703 Service scanning
    06:51:36.895 Modules scanning
    06:51:36.895 Disk 0 trace - called modules:
    06:51:36.941 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    06:51:36.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fe45d0]
    06:51:36.957 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8002eb8040]
    06:51:36.957 5 amd_xata.sys[fffff880011098b4] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8002eb2060]
    06:51:38.907 AVAST engine scan C:\
    07:18:12.699 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0002.dta **INFECTED** Win32:Alureon-MJ@mbr [Rtk]
    07:18:13.386 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0003.dta **INFECTED** Win32:Malware-gen
    07:18:13.635 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0004.dta **INFECTED** Win32:Rootkit-gen [Rtk]
    07:18:13.760 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0005.dta **INFECTED** MBR:pihar-D [Rtk]
    07:18:13.947 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0009.dta **INFECTED** Win32:Rootkit-gen [Rtk]
    07:18:14.057 File: C:\TDSSKiller_Quarantine\26.11.2012_22.59.07\mbr0000\tdlfs0000\tsk0010.dta **INFECTED** Win64:Alureon-B@mbr [Rtk]
    07:24:40.984 Disk 0 MBR has been saved successfully to "C:\Users\MYERS\Documents\MBR.dat"
    07:24:40.984 The log file has been saved successfully to "C:\Users\MYERS\Documents\aswMBR.txt"
    Amaze, Nov 27, 2012
    #29

  10. Broni Malware Annihilator Posts: 39,313   +175

    Please read my previous reply.
    Broni, Nov 27, 2012
    #30

  11. Amaze Newcomer, in training Posts: 86

    Sorry was distracted.... again thank you for the help, it is greatly appreciated....

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.26.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MYERS :: MYERS-PC [administrator]
    Protection: Enabled
    11/27/2012 12:53:07 PM
    mbam-log-2012-11-27 (12-53-07).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 503383
    Time elapsed: 6 hour(s), 1 minute(s), 49 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 2
    C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    Files Detected: 5
    C:\Users\MYERS\Downloads\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen\Keygen\Keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
    C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Users\MYERS\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    C:\Users\MYERS\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Quarantined and deleted successfully.
    (end)
    Amaze, Nov 27, 2012
    #31

  12. Broni Malware Annihilator Posts: 39,313   +175

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
    Broni, Nov 27, 2012
    #32

  13. Amaze Newcomer, in training Posts: 86

    Ok will do....
    do you think the rootkits are all gone?> still getting signs of them being present as internet is horrible, navigating through windows explorer is sluggish, and I just recently recieved a error after attempting to open tak manager saying that something is preventing winlogon.exe from opening..... and for some reason my keyboard is completly ****** up as it does thing completely random while typeing like going back pages and moving my cursor to type in a new place which turn this simple paragraph into a 10 minute ordeal lol
    Amaze, Nov 27, 2012
    #33

  14. Broni Malware Annihilator Posts: 39,313   +175

    We're in the middle of the process...
    Broni, Nov 27, 2012
    #34

  15. Amaze Newcomer, in training Posts: 86

    Ah ok.... will do then....

    the infected pc is on stage four right now,

    im typing from my good pc...

    about to run some of the programs on in to make sure it good too lol...
    Amaze, Nov 27, 2012
    #35

  16. Amaze Newcomer, in training Posts: 86

    What does it mean when aswMBR shows my services as locked?
    Amaze, Nov 27, 2012
    #36

  17. Amaze Newcomer, in training Posts: 86

    Ok the log from the infected pc....

    ComboFix 12-11-27.01 - MYERS 11/27/2012 19:58:25.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1781 [GMT -5:00]
    Running from: c:\users\MYERS\Desktop\ComboFix.exe
    AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
    SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\alotappbar
    c:\program files (x86)\alotappbar\alotUninst.exe
    c:\program files (x86)\alotappbar\bin\alotappbar.dll
    c:\program files (x86)\alotappbar\bin\alothelper.dll
    c:\program files (x86)\alotappbar\bin\ALOTSettings.exe
    c:\program files (x86)\alotappbar\bin\alotwidgets.exe
    c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
    c:\users\MYERS\AppData\Local\Savings Sidekick
    c:\windows\SysWow64\Cache
    c:\windows\SysWow64\Cache\272512937d9e61a4.fb
    c:\windows\SysWow64\Cache\287204568329e189.fb
    c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
    c:\windows\SysWow64\Cache\2bf7ef1736689fb0.fb
    c:\windows\SysWow64\Cache\2c53092c95605355.fb
    c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
    c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
    c:\windows\SysWow64\Cache\3917078cb68ec657.fb
    c:\windows\SysWow64\Cache\585a8f12f39e4c52.fb
    c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
    c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
    c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
    c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
    c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
    c:\windows\SysWow64\Cache\c1fa887b03019701.fb
    c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
    c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
    c:\windows\SysWow64\Cache\d2e94710a5708128.fb
    c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
    c:\windows\SysWow64\Cache\efe6e44c509b5c0b.fb
    c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-28 01:19 . 2012-11-28 01:19 -------- d-----w- c:\users\home\AppData\Local\temp
    2012-11-28 01:19 . 2012-11-28 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-27 08:04 . 2012-11-27 08:04 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-11-27 04:05 . 2012-11-27 04:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
    2012-11-27 04:00 . 2012-11-27 04:00 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-27 00:21 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-11-27 00:21 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-11-27 00:21 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-11-27 00:21 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-11-27 00:21 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-11-27 00:21 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-11-27 00:21 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-11-27 00:20 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-11-27 00:20 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-11-27 00:20 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-11-27 00:20 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-11-27 00:20 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-11-27 00:20 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-11-27 00:20 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-11-27 00:20 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2012-11-27 00:20 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-11-27 00:20 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-11-27 00:20 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-11-27 00:20 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-11-25 20:02 . 2012-11-25 20:02 -------- d-----w- c:\users\MYERS\AppData\Roaming\Malwarebytes
    2012-11-25 20:01 . 2012-11-25 20:01 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-25 20:01 . 2012-11-27 00:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-25 20:01 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-25 19:15 . 2011-11-03 01:29 34624 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-11-25 19:15 . 2011-11-03 01:29 25920 ----a-w- c:\windows\system32\authuitu.dll
    2012-11-25 19:15 . 2011-11-03 01:29 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
    2012-11-25 19:13 . 2012-11-27 01:16 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
    2012-11-25 19:12 . 2012-11-25 19:15 -------- d-----w- c:\programdata\TuneUp Software
    2012-11-25 19:12 . 2012-11-25 19:12 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-11-25 18:23 . 2012-11-25 18:23 -------- d-----w- c:\programdata\Sunbelt
    2012-11-25 18:23 . 2012-11-25 18:23 -------- d-----w- c:\users\MYERS\AppData\Roaming\Sunbelt
    2012-11-25 18:20 . 2010-07-27 09:48 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-11-25 18:20 . 2010-07-27 09:48 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
    2012-11-25 18:19 . 2010-04-15 23:35 84056 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
    2012-11-25 18:19 . 2010-07-27 09:48 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
    2012-11-25 18:19 . 2010-08-20 14:18 27472 ----a-w- c:\windows\system32\sbbd.exe
    2012-11-25 18:19 . 2010-03-22 17:11 49752 ----a-w- c:\windows\system32\drivers\sbredrv.sys
    2012-11-25 18:19 . 2012-11-25 18:19 -------- d-----w- c:\program files (x86)\Sunbelt Software
    2012-11-25 17:57 . 2012-11-25 17:57 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-11-25 17:31 . 2012-11-25 17:31 -------- d-----w- c:\program files\7-Zip
    2012-11-25 17:18 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CBB6167-C739-41C2-B559-AFC12611D54B}\mpengine.dll
    2012-11-25 17:03 . 2012-11-28 01:18 -------- d-----w- c:\program files\PrivacySafeGuard
    2012-11-25 17:02 . 2012-11-25 17:02 -------- d-----w- c:\program files (x86)\BitTorrent
    2012-11-25 17:01 . 2012-11-26 03:56 -------- d-----w- c:\users\MYERS\AppData\Roaming\BitTorrent
    2012-11-25 16:49 . 2012-11-25 16:49 -------- d-----w- c:\users\home\AppData\Roaming\BitTorrent
    2012-11-18 07:30 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-18 07:30 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-18 07:30 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-18 07:30 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-18 07:17 . 2012-10-08 11:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-18 07:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-18 07:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-18 07:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-18 07:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-18 07:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-18 07:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-17 07:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-01 22:16 . 2012-11-01 22:16 -------- d-----w- c:\program files (x86)\MapsGalaxy_39
    2012-10-30 07:40 . 2012-10-30 07:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-18 07:12 . 2012-07-05 01:20 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-10-15 21:41 . 2012-05-30 14:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-15 21:41 . 2011-10-31 03:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 19:19 . 2012-10-10 03:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 03:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-09-12 01:10 . 2012-09-12 01:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-12 01:10 . 2011-10-31 03:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-31 18:19 . 2012-10-10 03:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 03:47 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 03:47 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 03:47 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Task Manager"="c:\windows\System32\taskmgr.exe" [2010-11-21 227328]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe"
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2010-04-15 84056]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-07-27 60504]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-07-27 253528]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-08-15 123320]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2010-04-15 84056]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 21:41]
    .
    2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:24]
    .
    2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 15:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=E550D01001CD30A80016C36D&src_id=30659&camp_id=4046&tb_version=1.1.3001.0(B)
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{1e91a655-bb4b-4693-a05e-2edebc4c9d89} - (no file)
    BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    BHO-{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll
    Toolbar-Locked - (no file)
    Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-26128049.sys
    SafeBoot-82988245.sys
    Toolbar-Locked - (no file)
    WebBrowser-{09152F0B-739C-4DEC-A245-1AA8A37594F1} - (no file)
    AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-27 20:27:44
    ComboFix-quarantined-files.txt 2012-11-28 01:27
    .
    Pre-Run: 249,013,411,840 bytes free
    Post-Run: 255,481,634,816 bytes free
    .
    - - End Of File - - 8D10C55C13430E2DBECE93782C3A3596
    Amaze, Nov 27, 2012
    #37

  18. Broni Malware Annihilator Posts: 39,313   +175

    Nothing to worry about.

    Combofix log looks good.

    How is computer doing now?

    ================================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Nov 27, 2012
    #38

  19. Amaze Newcomer, in training Posts: 86

    Its quite an improvment, though things are still a bit twitchy and sluggish.
    I havent had enough time on it too be able to really give a yay or nay, though I definately will be able to tell within 24 hrs time.....

    I will run the programs suggested and give a full report tommorrow after I get home from work....

    thank you for helping me with this and I do my best to do the same, pay it forward if you will; as im trying to pursure some type of IT position and schooling right now.
    I will also continue to scan over the next few days and make sure nothing survived the "tech attack" and continue fire for effect if anything remains. guess thats the little bit of my 11B showing lol
    Amaze, Nov 27, 2012
    #39

  20. Broni Malware Annihilator Posts: 39,313   +175

    When describing any current issues be more specific.
    Broni, Nov 27, 2012
    #40
Page 2 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.