Solved LivDovamket Antibibus Scagnur Has Stopped Working

Dell Vostro 1520 laptop computer (intel...
January 29, 2014 at 04:43:08
Specs: Window Vista, 2G
In recent days, my Vista WIndow laptop run slowly and ocassionally pop up window "LivDovamket Antibibus Scagnur has stopped working"

How do I fix this issue?

Any your advise is bery welcome.

Thanks,


See More: LivDovamket Antibibus Scagnur Has Stopped Working

Report •


✔ Best Answer
February 9, 2014 at 18:53:17
Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...

Please download DeFogger and save it to your Desktop
Once downloaded, double-click on the DeFogger icon to start the tool.
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.

Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

message edited by Johnw



#1
January 29, 2014 at 05:12:22
"LivDovamket Antibibus Scagnur has stopped working"

Are you sure about that spelling? My guess is the 2nd two words are "Antivirus Scanner", I have no idea what the 1st word could be.


Report •

#2
January 29, 2014 at 05:19:48
Yes, these are words exactly they showed on my laptop when I was using Chrom google browser. I wonder if this could be a virus.

Report •

#3
January 29, 2014 at 12:26:28
Try MalwareBytes on it for starters (often finds and fixes what AV's miss):
http://www.filehippo.com/download_m...
Use green icon top right of website.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
January 29, 2014 at 18:12:35
Look at Task Manager, in Processes, it is just nyryiha.exe (IirDoramkel Antibibus Scagnur) made CPU to 100%

When using Internet Google Chrome, to check email, nyryiha.exe made CPU full and hung a long time

How do I fix this issue? Thanks


Report •

#5
January 29, 2014 at 18:28:23
"How do I fix this issue? Thanks"

Do as Derek has requested in post #3, update Malwarebytes ( if you already have it installed ) & run.

Copy & Paste the contents of the log in your next post.

message edited by Johnw


Report •

#6
January 29, 2014 at 18:29:25
Have you run MalwareBytes yet - see #3 above3?

EDIT: Oops, I overlapped.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#7
January 30, 2014 at 06:18:58
I am on travel today. I will run MalwareBytes, copy and paste the contents of the log if I can catch it and let you know in the next post. Thanks

Report •

#8
January 30, 2014 at 17:09:13
I run Malwarebytes (Trial). It seems like to discover Malware but unable to delete it. Here is Logs:
2014/01/30 18:54:23 -0500 TRUCNGUYEN-PC Truc Nguyen MESSAGE Starting protection
2014/01/30 18:54:25 -0500 TRUCNGUYEN-PC Truc Nguyen MESSAGE Protection started successfully
2014/01/30 18:54:26 -0500 TRUCNGUYEN-PC Truc Nguyen MESSAGE Starting IP protection
2014/01/30 18:55:04 -0500 TRUCNGUYEN-PC Truc Nguyen MESSAGE IP Protection started successfully
2014/01/30 18:55:09 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Local\VMTsoft\qtcrigrqg.dll Malware.Gen QUARANTINE
TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:18:58 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Local\VMTsoft\qtcrigrqg.dll Malware.Gen QUARANTINE
2014/01/30 19:18:58 -0500 TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:19:09 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe Trojan.Zbot.FBD QUARANTINE
2014/01/30 19:19:09 -0500 TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:19:10 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Local\VMTsoft\qtcrigrqg.dll Malware.Gen QUARANTINE
2014/01/30 19:19:10 -0500 TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:19:47 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe Trojan.Zbot.FBD QUARANTINE
2014/01/30 19:19:47 -0500 TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:19:49 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Local\VMTsoft\qtcrigrqg.dll Malware.Gen QUARANTINE
2014/01/30 19:19:49 -0500 TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:20:31 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe Trojan.Zbot.FBD QUARANTINE
2014/01/30 19:20:31 -0500 TRUCNGUYEN-PC Truc Nguyen ERROR Quarantine failed: DeleteFile failed with error code 5
2014/01/30 19:20:34 -0500 TRUCNGUYEN-PC Truc Nguyen DETECTION C:\Users\Truc Nguyen\AppData\Local\VMTsoft\qtcrigrqg.dll Malware.Gen QUARANTINE

What will I do next? Thanks


Report •

#9
January 30, 2014 at 17:16:47
What will I do next?

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#10
Report •

#11
February 1, 2014 at 07:42:29
"Which link do I actually need? Thanks"
Any one, links die, use one that works for you.

Report •

#12
February 5, 2014 at 17:57:10
I was on vacation last week, Yes, I will run RogueKiller tomorrow and post it to you.

Thank you so much


Report •

#13
February 7, 2014 at 17:33:23
As your instruction, I download Malwarebytes-Anti-Malware to block the malwares.And I used RogueKiller.exe and Window Defender to delete Virus in Registry and Window system.

However, there is a Trojan.Zbot.FBD that is blocked by Malwarebytes. But RogueKiller and Window Defender were unable to delet it.

It is located in
C/Users/Truc Nguyen/AppData/Roaming/Ufywpywy/nyryiha.exe

All your last instructions were very helpful for me to find the issues.

Thank you for your advises.


Report •

#14
February 7, 2014 at 17:36:16
"But RogueKiller and Window Defender were unable to delet it"
RogueKiller log please.

Report •

#15
February 8, 2014 at 10:12:55
Johnw

Below is report of RogueKiller after scaning

RogueKiller V8.8.6 [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Truc Nguyen [Admin rights]
Mode : Scan -- Date : 02/08/2014 13:08:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Feguormy ("C:\Users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe" [-]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49162;hxxps=127.0.0.1:49162 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9160821AS ATA Device +++++
--- User ---
[MBR] e9468f86ff2ae64d80c5bfba331ddf83
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 152547 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02082014_130814.txt >>
RKreport[0]_D_02072014_190105.txt;RKreport[0]_D_02072014_190333.txt;RKreport[0]_S_02072014_190008.txt
RKreport[0]_S_02072014_190323.txt


Report •

#16
February 8, 2014 at 11:26:44
1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

2: Reboot

3: Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop<.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#17
February 8, 2014 at 13:56:12
Below are Unhide.txt after running Unhide.exe

My laptop is bootable now. Does Run ESET Online Scanner not impact on its Bootable? Thanks

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/08/2014 04:23:53 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 194873 files processed.

The C:\Users\TRUCNG~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 02/08/2014 04:38:00 PM
Execution time: 0 hours(s), 14 minute(s), and 7 seconds(s)


Report •

#18
February 9, 2014 at 18:32:52
Below is log.txt after running Run ESET Online Scanner:

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not open internetESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc3dfb0704f4aa48bfefc03e64ac8322
# engine=17006
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-10 02:08:31
# local_time=2014-02-09 09:08:31 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 0 228605683 0 0
# scanned=171407
# found=8
# cleaned=8
# scan_time=4426
sh=7CB01BD6381C4A19858F459229F7A0D8C4FF42CC ft=1 fh=762f10366d28fafe vn="Win32/AdWare.1ClickDownload.AQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=AC87862DC9F2AE7D7F15303E95D66D1808528EF8 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Users\ekelahomlgohpanjledopflbigjplhaj\background.js"
sh=E766D09F3B5ECFE635E60E88CFEAAE18AE5AA509 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Users\ekelahomlgohpanjledopflbigjplhaj\cs.js"
sh=FC6F63E3A3ABFBF23608C3A99A32ADB36C2CD592 ft=1 fh=6009b81078ce9e67 vn="a variant of Win32/Injector.AWLB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Local\Temp\UpdateFlashPlayer_5f8c80b8.exe"
sh=6126CC1AB303B1CC2A13C9386BFC3BC8B1B0B50F ft=1 fh=750b20050b41a452 vn="a variant of Win32/Kryptik.BTXF trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Local\Temp\UpdateFlashPlayer_747faf12.exe"
sh=22C0E1F415CE12C66F7C1D90743764702F725ECA ft=1 fh=ed610c81241add28 vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Local\Temp\ekhdbpxoq\ekhdbpxoq.dll"
sh=E6484B1248C1270D28EB49215CD1F9C75B7077D2 ft=1 fh=f512534a0b41a452 vn="a variant of Win32/Kryptik.BTXF trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe"
sh=E6484B1248C1270D28EB49215CD1F9C75B7077D2 ft=1 fh=f512534a0b41a452 vn="a variant of Win32/Kryptik.BTXF trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Windows\System32\ysvoaweln.exe"


Copy from ESET Online Scanner

C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined
C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Users\ekelahomlgohpanjledopflbigjplhaj\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Users\ekelahomlgohpanjledopflbigjplhaj\cs.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Truc Nguyen\AppData\Local\Temp\UpdateFlashPlayer_5f8c80b8.exe a variant of Win32/Injector.AWLB trojan cleaned by deleting - quarantined
C:\Users\Truc Nguyen\AppData\Local\Temp\UpdateFlashPlayer_747faf12.exe a variant of Win32/Kryptik.BTXF trojan cleaned by deleting - quarantined
C:\Users\Truc Nguyen\AppData\Local\Temp\ekhdbpxoq\ekhdbpxoq.dll Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe a variant of Win32/Kryptik.BTXF trojan cleaned by deleting - quarantined
C:\Windows\System32\ysvoaweln.exe a variant of Win32/Kryptik.BTXF trojan cleaned by deleting (after the next restart) - quarantined

Truc C. Nguyen


Report •

#19
February 9, 2014 at 18:43:18
Very good, we are starting to get somewhere.

Make sure you reboot.

Give me time to think of the next steps.


Report •

#20
February 9, 2014 at 18:53:17
✔ Best Answer
Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...

Please download DeFogger and save it to your Desktop
Once downloaded, double-click on the DeFogger icon to start the tool.
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.

Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

message edited by Johnw


Report •

#21
February 9, 2014 at 20:12:29
"Does Run ESET Online Scanner not impact on its Bootable?"
Now I can answer that question.
It is impossible to know what will happen when removing virus's.
Anything can happen & often does, just a matter of then fixing the damage.
One thing I do know, the longer you leave the comp infected, the worse the damage is.

Report •

#22
February 11, 2014 at 17:34:46
I run Defogger and Combofix. Below is log.txt

I'd appreciate your advises

ComboFix 14-02-11.01 - Truc Nguyen 02/11/2014 19:47:16.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.839 [GMT -5:00]
Running from: c:\users\Truc Nguyen\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IMinent Toolbar\tbHElper.dll
c:\program files\SavingsApp
c:\program files\SavingsApp\SavingsApp.dll
c:\program files\SavingsApp\SavingsApp.exe
c:\program files\SavingsApp\SavingsApp.ico
c:\program files\SavingsApp\SavingsApp.ini
c:\program files\SavingsApp\SavingsAppGui.exe
c:\program files\SavingsApp\SavingsAppInstaller.log
c:\program files\SavingsApp\Uninstall.exe
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\programdata\Microsoft\Windows\DRM\51CA.tmp
c:\users\Truc Nguyen\AppData\Local\common_functions.dll
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bbohlimhkgnnphbdkghkbcjojoafohoa_0
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bbohlimhkgnnphbdkghkbcjojoafohoa_0\1
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bbohlimhkgnnphbdkghkbcjojoafohoa_0\2
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\background.html
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\crossriderManifest.json
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\manifest.xml
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins.json
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\1_base.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\1000014_GPL Plugin (Loader).js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\1000015_GPL Background (BG).js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\17_jQuery.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\21_debug.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\22_resources.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\28_initializer.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\47_resources_background.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\64_appApiMessage.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\72_appApiValidation.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\userCode\background.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\extensionData\userCode\extension.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\icons\actions\1.png
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\icons\icon128.png
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\icons\icon16.png
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\icons\icon48.png
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\api\chrome.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\api\cookie.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\api\message.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\api\pageAction.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\api\pageActionBG.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\background.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\app_api.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\bg_app_api.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\consts.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\cookie_store.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\crossriderAPI.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\delegate.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\events.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\extensionDataStore.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\installer.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\logFile.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\logging.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\onBGDocumentLoad.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\popupResource\newPopup.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\popupResource\popup.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\reports.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\storageWrapper.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\updateManager.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\util.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\lib\xhr.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\js\main.js
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\manifest.json
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa\1.25.98_0\popup.html
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbohlimhkgnnphbdkghkbcjojoafohoa_0.localstorage-journal
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbohlimhkgnnphbdkghkbcjojoafohoa_0.localstorage
c:\users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Truc Nguyen\AppData\Local\ie_runner_app.exe
c:\users\Truc Nguyen\AppData\Local\RivalGaming\RiVAlgaming.dll
c:\users\Truc Nguyen\Documents\~WRL0001.tmp
c:\users\Truc Nguyen\Documents\~WRL0002.tmp
c:\users\Truc Nguyen\Documents\~WRL0003.tmp
c:\users\Truc Nguyen\Documents\~WRL0100.tmp
c:\users\Truc Nguyen\Documents\~WRL0129.tmp
c:\users\Truc Nguyen\Documents\~WRL0406.tmp
c:\users\Truc Nguyen\Documents\~WRL0820.tmp
c:\users\Truc Nguyen\Documents\~WRL0999.tmp
c:\users\Truc Nguyen\Documents\~WRL1059.tmp
c:\users\Truc Nguyen\Documents\~WRL1247.tmp
c:\users\Truc Nguyen\Documents\~WRL1438.tmp
c:\users\Truc Nguyen\Documents\~WRL1563.tmp
c:\users\Truc Nguyen\Documents\~WRL1640.tmp
c:\users\Truc Nguyen\Documents\~WRL1778.tmp
c:\users\Truc Nguyen\Documents\~WRL1910.tmp
c:\users\Truc Nguyen\Documents\~WRL2025.tmp
c:\users\Truc Nguyen\Documents\~WRL2125.tmp
c:\users\Truc Nguyen\Documents\~WRL2149.tmp
c:\users\Truc Nguyen\Documents\~WRL2315.tmp
c:\users\Truc Nguyen\Documents\~WRL2615.tmp
c:\users\Truc Nguyen\Documents\~WRL2628.tmp
c:\users\Truc Nguyen\Documents\~WRL2747.tmp
c:\users\Truc Nguyen\Documents\~WRL2836.tmp
c:\users\Truc Nguyen\Documents\~WRL3144.tmp
c:\users\Truc Nguyen\Documents\~WRL3263.tmp
c:\users\Truc Nguyen\Documents\~WRL3284.tmp
c:\users\Truc Nguyen\Documents\~WRL3359.tmp
c:\users\Truc Nguyen\Documents\~WRL3418.tmp
c:\users\Truc Nguyen\Documents\~WRL3604.tmp
c:\users\Truc Nguyen\Documents\~WRL3656.tmp
c:\users\Truc Nguyen\Documents\~WRL3720.tmp
c:\users\Truc Nguyen\Documents\~WRL4067.tmp
c:\users\Truc Nguyen\Documents\~WRL4091.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer3696348826
.
.
((((((((((((((((((((((((( Files Created from 2014-01-12 to 2014-02-12 )))))))))))))))))))))))))))))))
.
.
2014-02-12 01:00 . 2014-02-12 01:00 -------- d-----w- c:\users\Timmy Nguyen\AppData\Local\temp
2014-02-12 01:00 . 2014-02-12 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-11 23:40 . 2014-02-11 23:40 -------- d-----w- c:\program files\Reimage
2014-02-11 01:30 . 2014-02-11 01:52 -------- d-----w- c:\users\Truc Nguyen\AppData\Local\AVG SafeGuard toolbar
2014-02-11 01:28 . 2014-02-11 01:26 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-11 01:27 . 2014-02-11 01:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2014-02-11 01:27 . 2014-02-11 01:28 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2014-02-11 01:27 . 2014-02-11 01:27 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2014-02-11 01:14 . 2014-02-11 01:14 -------- d-----w- c:\users\Truc Nguyen\AppData\Roaming\Optimizer Pro
2014-02-11 01:09 . 2014-02-11 01:09 -------- d-----w- c:\program files\Optimizer Pro
2014-02-11 01:08 . 2014-02-11 01:08 -------- d-----w- c:\users\Truc Nguyen\AppData\Local\SearchProtect
2014-02-10 00:47 . 2014-02-10 00:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-09 23:21 . 2014-02-09 23:21 -------- d-----w- c:\program files\ESET
2014-02-09 12:30 . 2014-02-12 00:42 -------- d-----w- c:\users\Truc Nguyen\AppData\Local\CrashDumps
2014-02-08 00:10 . 2014-02-11 11:00 -------- d-----w- c:\users\Truc Nguyen\AppData\Roaming\Ufywpywy
2014-02-01 21:42 . 2014-02-01 21:43 -------- d-----w- c:\programdata\CDB
2014-02-01 21:37 . 2014-02-01 21:37 -------- d-----w- c:\programdata\Common Files
2014-02-01 14:13 . 2014-02-01 14:13 -------- d-----w- c:\program files\Browsersafeguard
2014-02-01 14:11 . 2014-02-01 14:11 -------- d-----w- c:\program files\sp
2014-02-01 14:09 . 2014-02-01 14:09 -------- d-----w- c:\program files\BearShare Applications
2014-01-30 23:53 . 2014-01-30 23:53 -------- d-----w- c:\users\Truc Nguyen\AppData\Roaming\Malwarebytes
2014-01-30 23:52 . 2014-01-30 23:52 -------- d-----w- c:\programdata\Malwarebytes
2014-01-30 23:52 . 2014-01-30 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-30 23:52 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 02:27 . 2012-07-01 18:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 02:27 . 2012-07-01 18:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-18 11:13 . 2009-10-02 20:20 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50 . 2013-12-12 09:24 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-12 09:24 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-12 09:24 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 09:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 09:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-12 09:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 13:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-11 01:26 3401752 ----a-w- c:\program files\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll" [2014-02-11 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0400Ext.ax"="c:\windows\system32\V0400Ext.ax" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-09 133912]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-06-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-05 198160]
"Iminent"="c:\program files\Iminent\Iminent.exe" [2012-06-19 1073784]
"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2012-06-19 884856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"BrowserSafeguard"="c:\program files\Browsersafeguard\BrowserSafeguard.exe" [2014-01-28 413696]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-02-11 2534936]
.
c:\users\Truc Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor 4.lnk - c:\program files\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe [2013-10-27 608216]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 02:04 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 02:27]
.
2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 22:41]
.
2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 22:41]
.
2014-02-11 c:\windows\Tasks\PC Optimizer Pro Idle.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-11-19 21:08]
.
2014-02-11 c:\windows\Tasks\PC Optimizer Pro Scan.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-11-19 21:08]
.
2014-02-12 c:\windows\Tasks\PC Optimizer Pro startups.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-11-19 21:08]
.
2014-02-10 c:\windows\Tasks\PC Optimizer Pro Updates.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-11-19 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3319709&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB279B040-84F8-4B8B-8B70-C6950D5BAABE&SSPV=
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49166;https=127.0.0.1:49166
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
HKLM-Run-Feguormy - c:\users\Truc Nguyen\AppData\Roaming\Ufywpywy\nyryiha.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
AddRemove-SavingsApp - c:\program files\SavingsApp\Uninstall.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
AddRemove-RivalGaming - c:\users\Truc Nguyen\AppData\Local\RivalGaming\Uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-11 20:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4572)
c:\program files\Iminent\Iminent.WinCore.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe
c:\program files\Reimage\Reimage Repair\ReiGuard.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Optimizer Pro\PCOptimizerPro.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-02-11 20:20:26 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-12 01:20
.
Pre-Run: 16,371,990,528 bytes free
Post-Run: 21,691,465,728 bytes free
.
- - End Of File - - E7C34B99315E592264D807B2FF131A52
5C616939100B85E558DA92B899A0FC36

Truc C. Nguyen


Report •

#23
February 11, 2014 at 17:58:28
Wow, you had a lot of infections.

Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.

message edited by Johnw


Report •

#24
February 12, 2014 at 17:05:24
Johnw,

TDSSKiller took just 42 seconds scanning but gave a long report as below. Because it is too large to send, it was truncate. I just send the beginning and the end

19:46:03.0948 0x0844 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
19:46:30.0522 0x0844 ============================================================
19:46:30.0522 0x0844 Current date / time: 2014/02/12 19:46:30.0522
19:46:30.0522 0x0844 SystemInfo:
19:46:30.0522 0x0844
19:46:30.0522 0x0844 OS Version: 6.0.6002 ServicePack: 2.0
19:46:30.0522 0x0844 Product type: Workstation
19:46:30.0522 0x0844 ComputerName: TRUCNGUYEN-PC
19:46:30.0523 0x0844 UserName: Truc Nguyen
19:46:30.0523 0x0844 Windows directory: C:\Windows
19:46:30.0523 0x0844 System windows directory: C:\Windows
19:46:30.0523 0x0844 Processor architecture: Intel x86
19:46:30.0523 0x0844 Number of processors: 2
19:46:30.0523 0x0844 Page size: 0x1000
19:46:30.0523 0x0844 Boot type: Normal boot
19:46:30.0523 0x0844 ============================================================
19:46:33.0568 0x0844 KLMD registered as C:\Windows\system32\drivers\94334418.sys
19:46:33.0841 0x0844 System UUID: {53D81512-4DD8-20AB-2E9D-3DF8A5C06D03}
19:46:35.0062 0x0844 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:46:35.0065 0x0844 ============================================================
19:46:35.0065 0x0844 \Device\Harddisk0\DR0:
19:46:35.0065 0x0844 MBR partitions:
19:46:35.0065 0x0844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x129F1800
19:46:35.0065 0x0844 ============================================================
19:46:35.0107 0x0844 C: <-> \Device\Harddisk0\DR0\Partition1
19:46:35.0121 0x0844 ============================================================
19:46:35.0121 0x0844 Initialize success
19:46:35.0121 0x0844 ============================================================
19:46:39.0526 0x09dc ============================================================
19:46:39.0526 0x09dc Scan started
19:46:39.0527 0x09dc Mode: Manual;
19:46:39.0527 0x09dc ============================================================
19:46:39.0527 0x09dc KSN ping started
19:46:53.0441 0x09dc KSN ping finished: true
19:46:54.0574 0x09dc ================ Scan system memory ========================
19:46:54.0574 0x09dc System memory - ok
19:46:54.0575 0x09dc ================ Scan services =============================
19:46:54.0810 0x09dc [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:46:54.0823 0x09dc ACPI - ok
19:46:54.0980 0x09dc [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:55.0002 0x09dc AdobeFlashPlayerUpdateSvc - ok
19:46:55.0054 0x09dc [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:46:55.0074 0x09dc adp94xx - ok
19:46:55.0120 0x09dc [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:46:55.0135 0x09dc adpahci - ok
19:46:55.0156 0x09dc [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:46:55.0162 0x09dc adpu160m - ok
19:46:55.0193 0x09dc [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:46:55.0201 0x09dc adpu320 - ok
19:46:55.0265 0x09dc [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:46:55.0283 0x09dc AeLookupSvc - ok
19:46:55.0375 0x09dc [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
19:46:55.0390 0x09dc AFD - ok
19:46:55.0438 0x09dc [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:46:55.0442 0x09dc agp440 - ok
19:46:55.0483 0x09dc [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:46:55.0488 0x09dc aic78xx - ok
19:46:55.0550 0x09dc [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
19:46:55.0554 0x09dc ALG - ok
19:46:55.0592 0x09dc [ 3A99CB23A2D326FD532618705D6E3048, AF0FBE8C89F1B231B7BD00155E1555DBCB37B6B7B58E94DA254EC7A40A473236 ] aliide C:\Windows\system32\drivers\aliide.sys
19:46:55.0594 0x09dc aliide - ok
19:46:55.0627 0x09dc [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:46:55.0631 0x09dc amdagp - ok
19:46:55.0654 0x09dc [ 4333C133DBD71C7D7FE4FB1B83F9EE3E, 3E08961741FACF0D35D1B49EE6E2A0AFF7DB3D8CCDBF823554EC83786AB925FE ] amdide C:\Windows\system32\drivers\amdide.sys
19:46:55.0656 0x09dc amdide - ok
19:46:55.0695 0x09dc [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:46:55.0698 0x09dc AmdK7 - ok
19:46:55.0720 0x09dc [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:46:55.0723 0x09dc AmdK8 - ok
19:46:55.0802 0x09dc [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
19:46:55.0805 0x09dc Appinfo - ok
19:46:55.0846 0x09dc [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
19:46:55.0851 0x09dc arc - ok
19:46:55.0890 0x09dc [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:46:55.0895 0x09dc arcsas - ok
19:46:55.0959 0x09dc [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:55.0961 0x09dc AsyncMac - ok
19:46:56.0018 0x09dc [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
19:46:56.0019 0x09dc atapi - ok
19:46:56.0099 0x09dc [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:56.0122 0x09dc AudioEndpointBuilder - ok
19:46:56.0166 0x09dc [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:46:56.0177 0x09dc Audiosrv - ok
19:46:56.0243 0x09dc [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
19:46:56.0246 0x09dc avgtp - ok
19:46:56.0318 0x09dc [ 746F59822A5187510471FC46889B8CC9, 7D731460D5EE677C19C632366E3B055AD10B1E65808AE10D3E082641C9F705FF ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
19:46:56.0352 0x09dc BCM43XV - ok
19:46:56.0408 0x09dc [ 746F59822A5187510471FC46889B8CC9, 7D731460D5EE677C19C632366E3B055AD10B1E65808AE10D3E082641C9F705FF ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:46:56.0423 0x09dc BCM43XX - ok
19:46:56.0456 0x09dc [ CD4646067CC7DCBA1907FA0ACF7E3966, 705DF801ACB8719213E95D6214E6C30F7A217663305DBB718F7ECD40F0084340 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
19:46:56.0459 0x09dc bcm4sbxp - ok
19:46:56.0538 0x09dc [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
19:46:56.0540 0x09dc Beep - ok
19:46:56.0613 0x09dc [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
19:46:56.0636 0x09dc BFE - ok
19:46:56.0746 0x09dc [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
19:46:56.0791 0x09dc BITS - ok
19:46:56.0801 0x09dc blbdrive - ok
19:46:56.0851 0x09dc [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:46:56.0855 0x09dc bowser - ok
19:46:56.0900 0x09dc [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:46:56.0902 0x09dc BrFiltLo - ok
19:46:56.0921 0x09dc [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:46:56.0922 0x09dc BrFiltUp - ok


19:49:29.0734 0x0ffc [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
19:49:29.0822 0x0ffc [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
19:49:29.0834 0x0ffc [ Global ] - ok
19:49:29.0836 0x0ffc ================ Scan MBR ==================================
19:49:29.0846 0x0ffc [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:49:30.0505 0x0ffc \Device\Harddisk0\DR0 - ok
19:49:30.0505 0x0ffc ================ Scan VBR ==================================
19:49:30.0524 0x0ffc [ 051C3A9C62B935A7FE3A45584A2351E2 ] \Device\Harddisk0\DR0\Partition1
19:49:30.0560 0x0ffc \Device\Harddisk0\DR0\Partition1 - ok
19:49:30.0592 0x0ffc Win FW state via NFP2: enabled
19:49:35.0113 0x0ffc ============================================================
19:49:35.0113 0x0ffc Scan finished
19:49:35.0113 0x0ffc ============================================================
19:49:35.0286 0x098c Detected object count: 0
19:49:35.0286 0x098c Actual detected object count: 0
1

Truc C. Nguyen


Report •

#25
February 12, 2014 at 17:15:16
Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#26
February 13, 2014 at 09:15:18
Johnw,

The log file of AdwCleaner is to large to send. I only copy the beginning and the end of the file

# AdwCleaner v3.018 - Report created 13/02/2014 at 09:36:45
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Truc Nguyen - TRUCNGUYEN-PC
# Running from : C:\Users\Truc Nguyen\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Truc Nguyen\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Truc Nguyen\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Truc Nguyen\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Truc Nguyen\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Truc Nguyen\Documents\optimizer pro
Folder Deleted : C:\Users\Timmy Nguyen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Timmy Nguyen\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Timmy Nguyen\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Timmy Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Folder Deleted : C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Timmy Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
File Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnk
File Deleted : C:\Users\Truc Nguyen\Documents\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Timmy Nguyen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Deleted : C:\Users\Timmy Nguyen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Deleted : C:\Windows\Tasks\PC Optimizer Pro Updates.job
File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Updates
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9600AB0-BD9C-42A7-A4F0-4548822A271F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9600AB0-BD9C-42A7-A4F0-4548822A271F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46EA78F6-E153-4E54-948C-9AF8649BE58C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46EA78F6-E153-4E54-948C-9AF8649BE58C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback


Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pc optimizer pro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SavingsApp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [36340 octets] - [13/02/2014 09:31:51]
AdwCleaner[R1].txt - [34982 octets] - [13/02/2014 09:35:04]
AdwCleaner[S0].txt - [1689 octets] - [13/02/2014 09:33:06]
AdwCleaner[S1].txt - [35506 octets] - [13/02/2014 09:36:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [35567 octets] ##########

Truc C. Nguyen


Report •

#27
February 13, 2014 at 09:57:58
Johnw,

Below is JRT.log. Thanks,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Truc Nguyen on Thu 02/13/2014 at 12:24:46.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022462239}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{82F4608B-B6B6-4086-88E0-A05BD4A9E805}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B19E0475-E379-456A-9580-205856D2BA33}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\pc optimizer pro scan.job"
Successfully deleted: [File] "C:\Windows\Tasks\pc optimizer pro startups.job"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Truc Nguyen\appdata\local\rivalgaming"
Successfully deleted: [Folder] "C:\Program Files\bearshare applications"
Successfully deleted: [Folder] "C:\Program Files\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\Users\Truc Nguyen\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbohlimhkgnnphbdkghkbcjojoafohoa
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/13/2014 at 12:29:24.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Truc C. Nguyen


Report •

#28
February 13, 2014 at 12:59:01
"The log file of AdwCleaner is to large to send. I only copy the beginning and the end of the file"
From now on Truc, break logs into parts if they don't fit, so I get all of the file. No need to do the previous logs.

Thanks. John.


Report •

#29
February 13, 2014 at 13:00:42
Update MBAM & run again.

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please. Note how to avoid the trial period.
If you can't find the log, do a search for malwarebytes or look in here.
C:\Users\Pete\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Replace Pete with the User's name.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you Uncheck > Enable free trial at the End of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

message edited by Johnw


Report •

#30
February 13, 2014 at 14:25:24
The performance of my laptop has been much better since running the Anti-Virus software. Specially, it deleted persistent malware located C/Users/Truc Nguyen/AppData/Roaming/Ufywpywy/nyryiha.exe

I run Malwarebytes' Anti-Malware ( MBAM ) Free Version. (mbam-setup-1.75.0.1300.exe) Use Quick scan as your instruction.

However, The laptop was crashed while MBAM do quick scanning. And my laptop rebooted to normal. This is second time that I encountered when running updated MBAM. This first is when I did scanning after finishing ComboFix

So the log file is unable to be created.

Truc C. Nguyen


Report •

#31
February 13, 2014 at 14:34:12
Use Chameleon to run Malwarebytes Anti-Malware on infected systems
https://helpdesk.malwarebytes.org/e...
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
http://www.spywareinfoforum.com/ind...
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your Desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.

Report •

#32
February 14, 2014 at 12:34:38

I uninstalled Malwarebytes Anti-Malware and change its name

But it run about 6 minutes it makes the laptop crashed. I do not know how to use Chameleon to run Malwarebytes Anti-Malware.
A thing is the performance of my laptop is much better
Truc C. Nguyen

message edited by Truc Nguyen


Report •

#33
February 14, 2014 at 15:13:55
"A thing is the performance of my laptop is much better"
Yep, had to be, but still too many abnormal things happening.

With virus, infections they get these names, because they are like cancer, if you don't remove everything, they grow back.


Report •

#34
February 14, 2014 at 15:15:21
Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.

Now download the latest version & run again.


Report •

#35
February 14, 2014 at 17:22:44
Johnw,

I did ComboFix \uninstall

Below is log.txt

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.14.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Truc Nguyen :: TRUCNGUYEN-PC [administrator]

2/14/2014 7:51:35 PM
mbam-log-2014-02-14 (19-51-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234386
Time elapsed: 14 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\ca82e1a5 (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-US-Softpedia-728x90-40413869105 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Truc Nguyen\Downloads\7zip_installer_d793198.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Truc Nguyen\Downloads\BearShareSetup-r1123-w-bc.exe (PUP.Optional.MusicToolbar.A) -> Quarantined and deleted successfully.
C:\Users\Truc Nguyen\Downloads\install_setup.exe (PUP.Optional.ViddyHD.A) -> Quarantined and deleted successfully.
C:\Users\Truc Nguyen\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

(end)

Truc C. Nguyen


Report •

#36
February 14, 2014 at 17:29:33
Download OTL, save & run from your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the links please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

Report •

#37
February 15, 2014 at 05:31:26
Johnw,

I run OTL.exe

And log files are located

http://www.load.to/h4plEKFEfp/OTL.Txt
http://www.load.to/Uau5R2Xg7j/Extra...

Truc C. Nguyen


Report •

#38
February 15, 2014 at 06:32:23
"And log files are located"
Thanks Truc, you still have stuff lurking.

Run both AdwCleaner & Junkware Removal Tool again please. Upload logs.


Report •

#39
February 15, 2014 at 13:26:56
I was unable to upload the log files to "upload.to"

Below is AdwCleaner.txt:

# AdwCleaner v3.018 - Report created 15/02/2014 at 15:33:26
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Truc Nguyen - TRUCNGUYEN-PC
# Running from : C:\Users\Truc Nguyen\Downloads\Antivirus Softwares\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Truc Nguyen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

[ File : C:\Users\Timmy Nguyen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36340 octets] - [13/02/2014 09:31:51]
AdwCleaner[R1].txt - [34982 octets] - [13/02/2014 09:35:04]
AdwCleaner[R2].txt - [1270 octets] - [15/02/2014 15:32:31]
AdwCleaner[S0].txt - [1689 octets] - [13/02/2014 09:33:06]
AdwCleaner[S1].txt - [35648 octets] - [13/02/2014 09:36:45]
AdwCleaner[S2].txt - [1158 octets] - [15/02/2014 15:33:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1218 octets] ##########


Below is JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Truc Nguyen on Sat 02/15/2014 at 15:50:40.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/15/2014 at 15:54:03.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Truc C. Nguyen


Report •

#40
February 15, 2014 at 13:37:23
"I was unable to upload the log files to "upload.to"
Here is fine Truc, I was thinking they may be too large.

Report •

#41
February 15, 2014 at 13:40:28
Update & run MBAM again. Log please.

Report •

#42
February 15, 2014 at 14:11:21
John,

These files (AdwCleaner log and JRT log) are not too large. They are entire files I have pasted on last my reply

I was unable to upload the log files because there is no "load.to" any more

I uninstalled and installed MBMAm and changed its names 3 times. But it crashed the laptop at 2 minutes, 4 minutes, and 8 minutes scanning

As you know, I already uninstalled ComboFix .

Thank you for your instructions.

Truc C. Nguyen

message edited by Truc Nguyen


Report •

#43
February 15, 2014 at 16:44:59
"I was unable to upload the log files because there is no "load.to" any more"

Thanks, all you do is choose another upload site.
Make sure you have the latest version > 4176, install & click > Check for Updates.
http://image-uploader.googlecode.co...
http://i.imgur.com/FhtnM6c.gif
I choose > multi-up.com
http://i.imgur.com/Xl0mIga.gif


Report •

#44
February 15, 2014 at 16:49:39
"I uninstalled and installed MBMAm and changed its names 3 times. But it crashed the laptop at 2 minutes, 4 minutes, and 8 minutes scanning"

I'm getting lost, your post #35 MBAM worked.

Is it not working again?


Report •

#45
February 15, 2014 at 17:06:28
Yes, it did not work again

Truc C. Nguyen


Report •

#46
February 15, 2014 at 17:13:05
"Yes, it did not work again"

Ok, lets try & find a way to get it working.

Please download Rkill from any one of these links and save it to your Desktop. Copy & Paste the contents of the log in your reply.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Run MBAM again.

message edited by Johnw


Report •

#47
February 16, 2014 at 16:36:06
John,

I run Rkill then run MBAM again

MBAM made the laptop crashed twice at each 2 minute scanning

Truc C. Nguyen


Report •

#48
February 16, 2014 at 16:43:35
You have a conflict somewhere, I use these on every comp I work on, multi times a day.

Let me know when you have done them.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif


Report •

#49
February 17, 2014 at 05:09:38
John,

I used WDC It freed up 8.6G space !!

WRC left some parts unable to be cleaned as attached

http://multi-up.com/952038

Thank you for your next instruction.

Truc C. Nguyen


Report •

#50
February 17, 2014 at 05:49:49
"WRC left some parts unable to be cleaned as attached"
Couldn't get that to work Truc, try load.to again, other people are sending me files through it.

Report •

#51
February 17, 2014 at 06:15:15
Here it is

http://www.load.to/fI2oY3WwsQ/WRC.doc

Thanks

Truc C. Nguyen


Report •

#52
February 17, 2014 at 08:06:08
John,

I rerun Rkill and MBAM.

First, MBAM was crashed at AppData/Local/Citirx

I removed Citrix folder and rerun Rkill and MBAM again. MABM run successfully

Below are logs of Rkill and MBAM

http://www.load.to/cpwwwnD8k2/mbam-...
http://www.load.to/eNmJWxlpuf/Rkill...

Best Regards,

Truc C. Nguyen


Report •

#53
February 17, 2014 at 09:31:44
"WRC left some parts unable to be cleaned as attached"
That's normal. Perfect.

"I removed Citrix folder"
Well done.

"Below are logs of Rkill and MBAM"
All clean, beautiful.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#54
February 17, 2014 at 09:34:19
Going to bed now.

Keep the free version of MBAM & ESET in your armory, just update before using.

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed. You came very close to being Irreparable.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.

message edited by Johnw


Report •

#55
February 17, 2014 at 09:40:53
Forgot this.

Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#56
February 17, 2014 at 12:46:38
John,

I will follow from step #53 to step #55

Below is checkup.txt

http://www.load.to/HLTzPl74Yj/check...

Thank you for your time and your patience. Your advice helps me very much.

Truc C. Nguyen

message edited by Truc Nguyen


Report •

#57
February 19, 2014 at 16:28:15
There are many best answers from Johnw

Thank you so much

Truc C. Nguyen


Report •

#58
February 19, 2014 at 16:43:40
"Below is checkup.txt"

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 8.03
Wise Registry Cleaner 7.94
Java 7 Update 11
[color=red][b]Java version out of Date![/b][/color]
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 7 % [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]

message edited by Johnw


Report •

#59
February 19, 2014 at 16:45:15
"[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]"
What antivirus do you have installed"?
Is it enabled?

"Java 7 Update 11
[color=red][b]Java version out of Date![/b][/color]
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]"
To improve your security update both of these.

If you don't have a Java program, uninstall Java, you don't need it.

How do I know if I have a Java program.
When you use the program, it will squawk & tell you so.
There are plenty of FREE non Java programs to replace it.


Report •

#60
February 19, 2014 at 16:56:57
For better uninstalling of programs, I use this.

IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif

message edited by Johnw


Report •

Ask Question