Jump to content

ad.xtendmedia - Help to remove

Recommended Posts

Hi, I have a problem with ad.xtendmedia popups. I've read other forums about the problem but thought I would ask for help myself. Thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by Gui at 11:57:39 on 2013-03-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6044.4152 [GMT -7:00]


AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}


============== Running Processes ===============



C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe


C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService


C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe


C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\windows\system32\svchost.exe -k imgsvc


C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe






C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe


C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files\Toshiba\PeakShift\TPSCMain.exe

C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe




C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe


C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe






============== Pseudo HJT Report ===============


uStart Page = hxxp://www.google.ca/

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

mDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPS\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\CoIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\CoIEPlg.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer =

TCP: Interfaces\{6FA510E0-6438-4957-91A0-6ED07C6D29A2} : DHCPNameServer =

TCP: Interfaces\{6FA510E0-6438-4957-91A0-6ED07C6D29A2}\355636F6E6460234570702D20224564716 : DHCPNameServer =

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.toshiba.ca/welcome/?w=20

x64-mDefault_Page_URL = hxxp://www.toshiba.ca/welcome/?w=20

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t

x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TPSCMain] C:\Program Files (x86)\TOSHIBA\PeakShift\TPSCMain.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: www.google-analytics.com.

Hosts: ad-emea.doubleclick.net.

Hosts: www.statcounter.com.

Hosts: connect.facebook.net.

Hosts: www.google-analytics.com.


Note: multiple HOSTS entries found. Please refer to Attach.txt


================= FIREFOX ===================


FF - ProfilePath - C:\Users\Gui\AppData\Roaming\Mozilla\Firefox\Profiles\66wqxdfz.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll


============= SERVICES / DRIVERS ===============


R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-1-11 14456]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1300000.080\SymDS64.sys [2012-6-1 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1300000.080\SymEFA64.sys [2012-6-1 1083512]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-1-6 39768]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1300000.080\ccSetx64.sys [2012-6-1 165512]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121130.001\IDSviA64.sys [2012-11-30 513184]

R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1300000.080\Ironx64.sys [2012-6-1 189560]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1300000.080\symnets.sys [2012-6-1 396408]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2011-6-7 250296]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2011-6-7 47032]

R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2012-6-1 198784]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-1 127320]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-1 162648]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe [2012-6-1 138760]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-8 531328]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-11-24 294848]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-1 362840]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]

R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-8 45168]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-16 103536]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-1 38096]

R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]

R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2011-12-22 21264]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152]

R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-11-6 1384608]

S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-4-26 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-6-1 57216]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-9 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]


=============== Created Last 30 ================


2013-02-26 17:12:34 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2013-02-26 17:12:34 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2013-02-26 17:12:33 9728 ----a-w- C:\windows\System32\Wdfres.dll

2013-02-26 17:12:33 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2013-02-26 17:09:29 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2013-02-26 17:09:29 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2013-02-26 17:09:28 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2013-02-26 17:09:28 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2013-02-26 17:09:27 744448 ----a-w- C:\windows\System32\WUDFx.dll

2013-02-26 17:09:27 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2013-02-26 17:09:27 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2013-02-26 16:53:49 340992 ----a-w- C:\windows\System32\schannel.dll

2013-02-26 16:50:01 67072 ----a-w- C:\windows\splwow64.exe

2013-02-26 16:50:01 559104 ----a-w- C:\windows\System32\spoolsv.exe

2013-02-13 04:39:13 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 04:39:13 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 01:28:11 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-02-13 01:28:08 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 01:28:06 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-02-13 01:27:57 3153408 ----a-w- C:\windows\System32\win32k.sys

2013-02-13 01:27:54 215040 ----a-w- C:\windows\System32\winsrv.dll

2013-02-13 01:27:53 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2013-02-13 01:27:53 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2013-02-13 01:27:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2013-02-13 01:27:53 2048 ----a-w- C:\windows\SysWow64\user.exe

2013-02-13 01:27:53 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2013-02-13 01:27:51 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 01:27:51 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys

2013-02-07 00:56:34 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2013-02-01 21:16:39 -------- d-----w- C:\Program Files\CCleaner


==================== Find3M ====================


2013-02-28 19:18:07 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-28 19:18:07 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-02-19 02:40:03 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2013-01-11 18:04:08 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys

2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-14 23:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs


============= FINISH: 11:57:50.14 ===============


DDS (Ver_2012-11-20.01)


Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 30/11/2012 2:27:53 PM

System Uptime: 01/03/2013 9:48:38 AM (2 hours ago)


Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1

Processor: Intel® Core i3-2370M CPU @ 2.40GHz | U3E1 | 2400/100mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 452 GiB total, 335.191 GiB free.

D: is CDROM ()


==== Disabled Device Manager Items =============


Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BHDrvx64



Name: BHDrvx64


Service: BHDrvx64


==== System Restore Points ===================


RP18: 04/02/2013 12:06:48 PM - Scheduled Checkpoint

RP19: 11/02/2013 7:36:29 PM - Scheduled Checkpoint

RP20: 12/02/2013 9:37:39 PM - Windows Update

RP21: 26/02/2013 9:55:17 AM - Windows Update


==== Hosts File Hijack ======================


Hosts: www.google-analytics.com.

Hosts: ad-emea.doubleclick.net.

Hosts: www.statcounter.com.

Hosts: connect.facebook.net.

Hosts: www.google-analytics.com.

Hosts: ad-emea.doubleclick.net.

Hosts: www.statcounter.com.

Hosts: connect.facebook.net.


==== Installed Programs ======================


Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6) MUI

Alcor Micro USB Card Reader

Amazon Kindle

Atheros Bluetooth Filter Driver Package

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

AVG 2013

AVG Security Toolbar

Bejeweled 3

Bluetooth Stack for Windows by Toshiba


Complément Messenger

Conexant HD Audio

Contrôle ActiveX Windows Live Mesh pour connexions à distance


Galerie de photos Windows Live

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Kingsoft Writer (

Malwarebytes Anti-Malware version

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service



Norton Internet Security

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

Premium Sound HD

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.1

Splashtop Remote Client

Splashtop Streamer

Synaptics Pointing Device Driver


TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Hardware Setup


TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA PC Health Monitor

TOSHIBA Peak Shift Control

TOSHIBA Recovery Media Creator


TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.5

VLC Media Player Packages

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge


==== Event Viewer Messages From Past Week ========


22/02/2013 2:46:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

01/03/2013 9:49:29 AM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.

01/03/2013 9:49:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64

01/03/2013 9:49:16 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.


==== End Of File ===========================

Link to post
Share on other sites

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

Welcome to the forum.

It appears you have 2 anti-virus programs running on this system.

You can't do this, it only causes conflicts and slows down the system.

It's doesn't give you twice as much protection.

Please pick one and uninstall the other.


Go to the link below, download and run Fixit to restore your host file.



Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop. (please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.


Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

<+>The removal of malware isn't instantaneous, please be patient.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

ok, here it is. Also, I have deleted my peer2peer program.

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Gui [Admin rights]

Mode : Scan -- Date : 03/01/2013 13:03:27

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[TASK][sUSP PATH] Hoolapp for Android : C:\Users\Gui\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND

[TASK][sUSP PATH] Hoolapp Init : C:\Users\Gui\AppData\Roaming\HoolappforAndroid\Hoolapp.exe /Minimized [x] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts localhost

::1 localhost www.google-analytics.com. ad-emea.doubleclick.net. www.statcounter.com. connect.facebook.net. www.google-analytics.com. ad-emea.doubleclick.net. www.statcounter.com. connect.facebook.net.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++

--- User ---

[MBR] 58a8ccc8efd249c7fcae91eb04000ae2

[bSP] 1ee518b888b7b7ed9326671531ee5f43 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 462366 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 949999616 | Size: 13073 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03012013_02d1303.txt >>


Link to post
Share on other sites

Run RogueKiller again and look at the log.

If it shows this: localhost

::1 localhost www.google-analytics.com. ad-emea.doubleclick.net. www.statcounter.com. connect.facebook.net. www.google-analytics.com. ad-emea.doubleclick.net. www.statcounter.com. connect.facebook.net.

Click on the Fix Host button on the right hand side.



Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.


New window that comes up.




If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.


Link to post
Share on other sites

Ok, used roguekiller again and had to use host fix tab. Created a restore point and ran malwarebytes antirootkit. Told me that there was no clean up required. I checked to see if the pop ups were still there, they were. Ran fix damage tool then restarted. Checked to see if pop ups were there, not really. After flipping through a few sites I got this message in a pop up in the right corner (where they always pop up) 404 Not Found - nginx.

mbar-log-2013-03-01 (13-41-00).txt


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix


Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.


If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.


Link to post
Share on other sites

ok. So, I ran Combofix but apparently Norton was still activated. It is an expired trial version that I have tried to uninstall. When i started Combofix it told me that it was still active. I tried to download the Norton uninstall tool but by then combofix was already started. Apparently I have AVG still activated but I uninstalled that at the beginning. Please advise.


Link to post
Share on other sites

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

What are you using for an anti-virus program now??


Please run another scan with RogueKiller and post it, I want to make sure the host file is OK now.


Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.


Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.


Link to post
Share on other sites

The host file is still hijacked, please do this:

Download and run Hosts-perm.bat to restore permissions:


Then download and run Fiit to reset the host file:




Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Reboot and let me know how it is, MrC

Link to post
Share on other sites

Your host file is still hijacked, please do this:

Please download OTL from one of the links below:



http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized


Link to post
Share on other sites

Please do this:


[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:


O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.






[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Link to post
Share on other sites

How is it???

If ads are still there............

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.


Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic


Link to post
Share on other sites

Hi MrC, I have checked and it seems that the ads are not there anymore. I did not read your last post properly and I went and used ESET scanner anyway. The log is posted below. So, it seems that you have fixed my problem. Put another win in your pocket! I want to thank you for your time and patience and for your expertise and skills. Thank you for giving your time to others like me who need your help. Peace to you.

I would like to ask if you have any information about anti virus programs and which you may recommend? If you could. Thanks.


Link to post
Share on other sites

That's Good News.....I'll give you recommendations when we are done:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.60

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version

Java 6 Update 30

Java version out of Date!

Adobe Flash Player 11.6.602.171

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (19.0)

Google Chrome 25.0.1364.152

Google Chrome 25.0.1364.97

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

ESET ESET Online Scanner OnlineCmdLineScanner.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.