Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

YrJie Chrome extension - malware from hell


  • This topic is locked This topic is locked
36 replies to this topic

#16 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 15 December 2012 - 09:21 PM

I am looking into it - as you are right about one thing and that I have not seen it completely removed it - I may have gotten lucky on one here but I see things differently than what is on yours


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

BC AdBot (Login to Remove)

 


#17 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 21 December 2012 - 12:05 AM

Hello


I want you to rerun these




-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#18 DesperateSearcher

DesperateSearcher
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 21 December 2012 - 02:19 PM

I'm excited you found the time. \(^_^)/ Thanks!

- AdwCleaner -
# AdwCleaner v2.101 - Logfile created 12/21/2012 at 20:04:31
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mirek - ASUS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mirek\Plocha\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S3].txt - [562 octets] - [21/12/2012 20:04:31]

########## EOF - C:\AdwCleaner[S3].txt - [621 octets] ##########



- RogueKiller -
RogueKiller V8.4.0 [Dec 14 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mirek [Admin rights]
Mód : Odebrat -- Datum : 12/21/2012 20:11:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync02.sys @ 0xF74C88B4)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 +++++
--- User ---
[MBR] 3e97a289f1ec276fbf0f36f6b3b90685
[BSP] 25f6f8758358b87f0a63af99c6f5a1f3 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD74 0HLFS-01G6U0 SCSI Disk Device +++++
--- User ---
[MBR] 52a6e56b50105ee73347e12b675a20ae
[BSP] cc214cdf03375bfd310912d4c787be0d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12212012_02d2011.txt >>
RKreport[1]_S_12212012_02d2010.txt ; RKreport[2]_D_12212012_02d2011.txt

#19 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 21 December 2012 - 02:21 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#20 DesperateSearcher

DesperateSearcher
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 21 December 2012 - 03:16 PM

ComboFix 12-12-20.02 - Mirek 21.12.2012 21:03:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2704 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mirek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-21 do 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-19 17:45 . 2012-12-19 17:45 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Transformice
2012-12-19 17:43 . 2012-12-19 17:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-12-14 16:48 . 2012-12-14 16:48 -------- d-----w- C:\_OTL
2012-12-14 15:10 . 2008-04-14 02:21 52096 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-12-14 15:10 . 2008-04-14 02:21 52096 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-12-12 09:12 . 2012-12-13 22:55 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-05 23:39 . 2012-12-05 23:39 -------- d-----w- c:\program files\TeamViewer
2012-12-01 14:38 . 2012-12-01 14:55 -------- d-----w- C:\Crash
2012-11-30 22:41 . 2012-11-30 22:41 -------- d-----w- c:\windows\system32\oodag
2012-11-30 22:39 . 2012-11-30 22:39 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\O&O
2012-11-30 22:38 . 2012-11-30 22:38 -------- d-----w- c:\program files\OO Software
2012-11-30 22:38 . 2012-11-30 22:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\OO Software
2012-11-30 20:18 . 2012-11-30 21:31 -------- d-----w- c:\program files\ophcrack
2012-11-30 06:53 . 2012-12-13 21:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SecTaskMan
2012-11-30 06:53 . 2012-11-30 06:53 -------- d-----w- c:\program files\Security Task Manager
2012-11-30 06:20 . 2012-11-30 06:20 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\SvchostViewer
2012-11-29 21:13 . 2012-12-11 20:49 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Little Inferno
2012-11-29 19:41 . 2012-11-29 19:41 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Malwarebytes
2012-11-29 19:41 . 2012-11-29 19:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-11-29 19:41 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 19:40 . 2012-11-29 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-26 06:47 . 2012-11-26 06:47 -------- d-----w- c:\program files\Common Files\Skype
2012-11-26 06:47 . 2012-11-26 06:47 -------- d-----r- c:\program files\Skype
2012-11-22 15:10 . 2012-11-22 15:10 -------- d-----w- c:\windows\Symbols
2012-11-22 12:07 . 2012-11-22 12:07 -------- d-----w- c:\documents and settings\Mirek\Local Settings\Data aplikací\SCE
2012-11-22 12:07 . 2012-11-22 12:07 -------- d-----w- c:\documents and settings\Mirek\Data aplikací\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-18 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 15:08 . 2012-04-01 06:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 15:08 . 2011-06-16 09:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-18 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 10:45 . 2012-11-01 10:45 3425648 ----a-w- c:\windows\system32\ooscrsav.scr
2012-11-01 10:44 . 2012-11-01 10:44 206704 ----a-w- c:\windows\system32\oodbs.exe
2012-11-01 10:44 . 2012-11-01 10:44 537456 ----a-w- c:\windows\system32\oodssrs.dll
2012-11-01 10:44 . 2012-11-01 10:44 10096 ----a-w- c:\windows\system32\oodbsrs.dll
2012-11-01 00:35 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-11 15:45 . 2012-10-11 15:45 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-11 15:45 . 2012-10-11 15:45 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 13:32 . 2012-07-30 12:16 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2011-02-18 18:08 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:51 . 2012-07-30 12:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-20 27760]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-11-01 5029744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^O&O Defrag Tray.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\O&O Defrag Tray.lnk
backup=c:\windows\pss\O&O Defrag Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-11-01 10:44 5029744 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"d:\\Programy\\Xfire\\Xfire.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\altitude\\altitude.exe"=
"c:\\Quake III Arena\\Quake3\\quake3.exe"=
"d:\\Hry\\Steam\\steamapps\\ugletekcz\\team fortress 2\\hl2.exe"=
"d:\\Hry\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Mirek\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\EpsonNet\\EpsonNet Config V3\\ENConfig.exe"=
"c:\\WINDOWS\\twain_32\\escndv\\escndv.exe"=
"d:\\Hry\\Worms4\\WORMS 4 MAYHEM.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\legend of grimrock\\grimrock.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\Alan Wake\\AlanWake.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\realm of the mad god\\Realm of the Mad God.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\Blocks That Matter\\BTM_launcher_win.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\supercratebox\\supercratebox.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\PlanetSide 2\\LaunchPad.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\PlanetSide 2\\PlanetSide2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\trine 2\\trine2_launcher.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\AirMech\\AirMech.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
"d:\\Hry\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22.7.2008 9:01 151592]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [17.2.2011 20:17 16048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [21.8.2011 20:37 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 10:51 19200]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [11.4.2011 18:51 104960]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10.12.2012 17:29 1435568]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\hry\HiRezGames\HiPatchService.exe [19.10.2012 17:27 8704]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [1.11.2012 11:44 2021744]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [19.10.2011 18:53 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.10.2011 18:53 100736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [30.1.2007 12:52 126344]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:08]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 22:20]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 22:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.fish-pro.cz/conference.aspx?idTematu=3
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-21 21:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BFCD2B2-FC72-46C7-BC73-2FDD3DBC9A4D}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-eecd9135a67340ab\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25BE62DE-8F03-4C18-8E02-E10B9F3C9136}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-fa4cea1530284e83\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{372399B4-EB71-47B1-A62E-C3FE00EB90A6}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-3bc3e39888854c74\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31838600-13D8-414A-A5AB-470EAB3ECBB3}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-76ed5b3c6cb0467f\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FDF4CDC-5C1B-4954-B65B-78D6E1CBC09C}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-ad555162e16d43e0\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{861ACF8F-5985-4F4C-AE89-EC7B7F407000}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-d2e4e6e567c64738\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E7E2671-69ED-48E0-BC14-C4A2B3BFBC01}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-d8a5144abfd24923\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9D8AE1D-70FC-4E82-BFCA-EE048DE7FC27}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-221a4807685c44e7\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C22EF1C0-4AB1-494F-8EB2-514011BA87E5}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-7cacfdcf8d724c45\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E335C528-0C03-45B7-9345-A163B8A4C7BB}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-a35f18a844bd4707\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E570A2BE-F1CF-49FB-B2A8-B7C657C281F8}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-d2e4e6e567c64738\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB705D02-5461-487F-B939-6D5472E275A0}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-ef80cfd9c83546fe\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5865EC4-EC0F-411D-B803-ADA770DEA914}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-e029025a3614426d\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F611FB76-F2D1-42A0-95E9-281C44DB8C83}*tings]
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Documents and Settings\\Mirek\\Local Settings\\Data aplikací\\RobloxVersions\\version-6ca07d14e2274822\\"
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:53,c6,74,ca,b2,6f,55,8c,a0,46,7e,c6,f4,0e,79,d5,a0,91,4d,30,9c,88,96,
a6,70,bf,b1,e9,b8,16,1a,02,e3,31,56,9e,ca,8a,d8,d2,7e,f8,73,34,f5,be,ca,ce,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-823518204-1682526488-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ae,b2,25,57,5c,48,44,5c,3b,19,dc,19,3f,17,3b,e0,19,fc,a3,a6,72,
38,0d,05,cb,f3,03,b3,38,5e,9c,80,96,b7,9f,c7,ea,56,3f,72,fe,e8,75,77,9f,5a,\
"rkeysecu"=hex:52,ea,8e,0e,39,e5,c7,21,05,af,1f,3d,89,df,9c,dd
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="25A863C5F4FBAB14F2531E8900DDFDB89F2047CEAE27AA6BDAF0E38A8CF6A4E7C0765531FE60D40A628B5DA4E521ECEB6CCFAD08BB3543D0CFA58C4ECDAB31707FEE84AA05D91D7FC4AA2D42B7D37810174EF4BB933BE3468F048B9093D7505865A84F3D060B42DAFCA4D130250495E3830D6A9C38D35D7E229A578B4FC4C8E63AED73C70887249A3320F39364335DBB5AAFBEB4AF0FA1C1D02BCBCCF62D87F788BC177C8FD9C8CE547AA2E22CD80E7C8A0F8B6003EE486A29AAA93587411BFD9EC742632B7D591F91414FEA3B5D0A9F44B849D0C0EA0D677E42917C7CA4B8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB3452C038D530D6EB34525092F3CD903C7970E29C49CE87F164EC1849E1117147E1660FA1766C247DCC7AD6AECF680AFA9C461D6973176FC28007AFB92E8BB07A50DE5004655C32854196CF453F342824F97A834A1178AC2EECCA00E1A975AE5B012D30B5E226A393143C2F22860592DCC1A2FE2884EDEECC85C2066C7391BD8F2074DEC26A760F015D4AF8CE208EC7CF97F38BB1E35637B7992052495E088444497DA27DAA5FE129A543C71FB6EC172A11C936D9F6F5DB0EEDB5882BF066FD288EB6557709575AED6C4CCA28AA9E261DB9A1A255BD7386723A7C6009651C796F7330630B1C358DB3A2AE43419205EC5F90A00A1E675AB38BAB8F281D2A7D97D2719ECDD22E3962E22ED9898935E7B929898C35F45B1AB604612F3E686143518BF5DA2AAEC00294686ADE85E10F71AA398AD10659B106B4896E3E97ADE10A705A6262224487173534247335ECD1ADB7506F7CED12B756A7D0DC463B73375294838A56737B676126BB1DF12D97E012A735864174A9F025DD0FA67248859E002FCE39F96E7FFD2E20F60CD7138C55F397B01376B4ED91F3777F3E926C710C5C88862937F8419AAEAFE31B479F3EFB8D7811CB175F7183A36C60849A6D8CA3923A7B8D1B8BF3C078B3016806A260D37D0FA7DC43B58A637D847454A3A26DC13433800BD7B311A7845FD406FDFD6D14C5F34AE3BB10D2832B5E8278E6796E75B4376EB93F93D4BAB03CE7F83DA7A1A2CC935274E95AA869BD6BD4B046712E7E6D5CA0A64DDFBD99BDA4463C76A9FE9D5DAF1D16D513ADCE2772BA32461E92D61A8C75531DE1901852C880BCFD23C9D4A5DC0DC331CC49A0C08C85A30CA93F265A085234EEF556BD762B2B5ECE478DCCB883876B4DB02480C4270EA1E54EA2CDB4E11D332A8FDAC698A65FF506D9933F0C60F5712178AD455205AD3DC3DD69DD10FDC12ED532AD208AE3394D66B5EE17F905C62BC6739776EC3BC2F8B8BA879D391A32739F77A3EF00645A23D44BF57542D4EAE57F06D7527CB3B0CC7BDF"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-12-21 21:08:55
ComboFix-quarantined-files.txt 2012-12-21 20:08
ComboFix2.txt 2012-12-14 15:16
.
Před spuštěním: Volných bajtů: 37 966 057 472
Po spuštění: Volných bajtů: 38 039 150 592
.
- - End Of File - - 1282CC42F5097B8CA86CA5EA38B5380F



All the symptoms visible to the naked eye are still present, the extension is still locked within Chrome.

#21 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 23 December 2012 - 02:40 PM

1.Download Malwarebytes Anti-Rootkit from the link to the right. http://www.malwarebytes.org/products/mbar/
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#22 DesperateSearcher

DesperateSearcher
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 23 December 2012 - 07:00 PM

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mirek :: ASUS [administrator]

24.12.2012 0:51:36
mbar-log-2012-12-24 (00-51-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27746
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and the scan itself looked so promising, seeing all the files it scanned... nope, the problem was not removed, everything remains.
By the way... was not this simply the Malwarebytes quick-scan?

#23 DesperateSearcher

DesperateSearcher
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 29 December 2012 - 10:43 AM

Just a quick update:
Yes, "update", that's the problem. The extension must have updated itself several times already. It seems like its developers were putting a lot of effort into making it work lately and, unfortunately, they must have succeeded. As of today's launch, the adware part of the extension is now working. When Chrome starts up, extension finally uses its permission to open new tabs and opened this "http://www.bigfishgames.com/?channel=gan&identifier=k367815&cid=id_1552257863" site together with Chrome's default tab. It now uses more processing power and more memory of the computer and I AM STILL UNABLE TO REMOVE IT. I am simply guessing it has updated itself, as to this day there were no pop-up tabs appearing after Chrome start-up, only the YrJie Games extension running silently in the background (which I have shut down every time I opened chrome using the Chrome's task manager). However, in the past few days, there also sometimes opened another process YrJie Games (which I viewed in the Chrome's task manager), that ran only for a short period of time and then shut itself down. I believe that is what must have updated the virus. Yet all the files in the folder "...\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\adcihdnhajancggcokdfooepphmbdhbc\2.1.5_0" ...remain unchanged.
Do you suggest I cease running Chrome and use other (perhaps unknown) browsers? That is because I have noticed there were some issues with Internet Explorer also (even if I didn't notice anything fishy IE-related going on).
I'm very confused about all of this...

EDIT: There must be a huge conspiracy behind this :D I found several portals linked together that are (apparently) involved in this... http://netcomber.com/yrjie.com This site found several matches...
Do you think it's a good idea to contact someone at "sales(at)bdstudiogames(dot)com" and politely ask them why they install their adware to random site visitors?

Edited by DesperateSearcher, 29 December 2012 - 11:14 AM.


#24 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 29 December 2012 - 03:09 PM

Hello


I still haven't found anything yet on this topic or another that I have


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#25 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 30 December 2012 - 09:05 AM

I have been told that this tool has just been updated to try and take care of this


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by gringo_pr, 30 December 2012 - 09:43 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#26 DesperateSearcher

DesperateSearcher
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 30 December 2012 - 05:26 PM

I have been told that this tool has just been updated to try and take care of this


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


I cannot believe it! It seems to have fixed the problem altogether! I was expecting it to be removed quite easily, but I was slowly starting to lose hope. Three cheers for you! \(^_^)/ I'll make sure to send you a small donation if nothing comes back within a week or so. :)
Even if you are (probably) not responsible for any updates done to adwcleaner, I very much appreciate your dedication to the task as whole (not only my problems that is) and the time you must have invested into resolving this issue.

If there are any more procedures to be done (like setting a system restore point, removing combofix, running a scan etc.), please let me know, I think I can finally rename myself on the forums ;D

#27 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 30 December 2012 - 10:13 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#28 DesperateSearcher

DesperateSearcher
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 31 December 2012 - 07:15 AM

Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.4) - Czech
Aktualizace systému Windows Internet Explorer 8 (KB976662)
Aktualizace systému Windows XP (KB2141007)
Aktualizace systému Windows XP (KB2345886)
Aktualizace systému Windows XP (KB2541763)
Aktualizace systému Windows XP (KB2607712)
Aktualizace systému Windows XP (KB2616676)
Aktualizace systému Windows XP (KB2641690)
Aktualizace systému Windows XP (KB2661254-v2)
Aktualizace systému Windows XP (KB2718704)
Aktualizace systému Windows XP (KB2736233)
Aktualizace systému Windows XP (KB2749655)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955759)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971029)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB2378111)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player (KB975558)
Aktualizace zabezpečení aplikace Windows Media Player (KB978695)
Aktualizace zabezpečení aplikace Windows Media Player (KB979402)
Aktualizace zabezpečení pro Microsoft Windows (KB2564958)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2482017)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2497640)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2618444)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2675157)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2699988)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2722913)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2744842)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2761465)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)
Aktualizace zabezpečení systému Windows XP (KB2079403)
Aktualizace zabezpečení systému Windows XP (KB2115168)
Aktualizace zabezpečení systému Windows XP (KB2121546)
Aktualizace zabezpečení systému Windows XP (KB2229593)
Aktualizace zabezpečení systému Windows XP (KB2259922)
Aktualizace zabezpečení systému Windows XP (KB2296011)
Aktualizace zabezpečení systému Windows XP (KB2347290)
Aktualizace zabezpečení systému Windows XP (KB2360937)
Aktualizace zabezpečení systému Windows XP (KB2387149)
Aktualizace zabezpečení systému Windows XP (KB2393802)
Aktualizace zabezpečení systému Windows XP (KB2412687)
Aktualizace zabezpečení systému Windows XP (KB2419632)
Aktualizace zabezpečení systému Windows XP (KB2423089)
Aktualizace zabezpečení systému Windows XP (KB2440591)
Aktualizace zabezpečení systému Windows XP (KB2443105)
Aktualizace zabezpečení systému Windows XP (KB2476490)
Aktualizace zabezpečení systému Windows XP (KB2476687)
Aktualizace zabezpečení systému Windows XP (KB2478960)
Aktualizace zabezpečení systému Windows XP (KB2478971)
Aktualizace zabezpečení systému Windows XP (KB2479628)
Aktualizace zabezpečení systému Windows XP (KB2479943)
Aktualizace zabezpečení systému Windows XP (KB2481109)
Aktualizace zabezpečení systému Windows XP (KB2483185)
Aktualizace zabezpečení systému Windows XP (KB2485376)
Aktualizace zabezpečení systému Windows XP (KB2485663)
Aktualizace zabezpečení systému Windows XP (KB2503658)
Aktualizace zabezpečení systému Windows XP (KB2503665)
Aktualizace zabezpečení systému Windows XP (KB2506212)
Aktualizace zabezpečení systému Windows XP (KB2506223)
Aktualizace zabezpečení systému Windows XP (KB2507618)
Aktualizace zabezpečení systému Windows XP (KB2507938)
Aktualizace zabezpečení systému Windows XP (KB2508272)
Aktualizace zabezpečení systému Windows XP (KB2508429)
Aktualizace zabezpečení systému Windows XP (KB2509553)
Aktualizace zabezpečení systému Windows XP (KB2511455)
Aktualizace zabezpečení systému Windows XP (KB2524375)
Aktualizace zabezpečení systému Windows XP (KB2535512)
Aktualizace zabezpečení systému Windows XP (KB2536276-v2)
Aktualizace zabezpečení systému Windows XP (KB2536276)
Aktualizace zabezpečení systému Windows XP (KB2544893-v2)
Aktualizace zabezpečení systému Windows XP (KB2544893)
Aktualizace zabezpečení systému Windows XP (KB2555917)
Aktualizace zabezpečení systému Windows XP (KB2562937)
Aktualizace zabezpečení systému Windows XP (KB2566454)
Aktualizace zabezpečení systému Windows XP (KB2567053)
Aktualizace zabezpečení systému Windows XP (KB2567680)
Aktualizace zabezpečení systému Windows XP (KB2570222)
Aktualizace zabezpečení systému Windows XP (KB2570947)
Aktualizace zabezpečení systému Windows XP (KB2584146)
Aktualizace zabezpečení systému Windows XP (KB2585542)
Aktualizace zabezpečení systému Windows XP (KB2592799)
Aktualizace zabezpečení systému Windows XP (KB2598479)
Aktualizace zabezpečení systému Windows XP (KB2603381)
Aktualizace zabezpečení systému Windows XP (KB2618451)
Aktualizace zabezpečení systému Windows XP (KB2619339)
Aktualizace zabezpečení systému Windows XP (KB2620712)
Aktualizace zabezpečení systému Windows XP (KB2621440)
Aktualizace zabezpečení systému Windows XP (KB2624667)
Aktualizace zabezpečení systému Windows XP (KB2631813)
Aktualizace zabezpečení systému Windows XP (KB2633171)
Aktualizace zabezpečení systému Windows XP (KB2639417)
Aktualizace zabezpečení systému Windows XP (KB2641653)
Aktualizace zabezpečení systému Windows XP (KB2646524)
Aktualizace zabezpečení systému Windows XP (KB2647518)
Aktualizace zabezpečení systému Windows XP (KB2653956)
Aktualizace zabezpečení systému Windows XP (KB2655992)
Aktualizace zabezpečení systému Windows XP (KB2659262)
Aktualizace zabezpečení systému Windows XP (KB2660465)
Aktualizace zabezpečení systému Windows XP (KB2661637)
Aktualizace zabezpečení systému Windows XP (KB2676562)
Aktualizace zabezpečení systému Windows XP (KB2685939)
Aktualizace zabezpečení systému Windows XP (KB2686509)
Aktualizace zabezpečení systému Windows XP (KB2691442)
Aktualizace zabezpečení systému Windows XP (KB2695962)
Aktualizace zabezpečení systému Windows XP (KB2698365)
Aktualizace zabezpečení systému Windows XP (KB2705219)
Aktualizace zabezpečení systému Windows XP (KB2707511)
Aktualizace zabezpečení systému Windows XP (KB2709162)
Aktualizace zabezpečení systému Windows XP (KB2712808)
Aktualizace zabezpečení systému Windows XP (KB2718523)
Aktualizace zabezpečení systému Windows XP (KB2719985)
Aktualizace zabezpečení systému Windows XP (KB2723135)
Aktualizace zabezpečení systému Windows XP (KB2724197)
Aktualizace zabezpečení systému Windows XP (KB2727528)
Aktualizace zabezpečení systému Windows XP (KB2731847)
Aktualizace zabezpečení systému Windows XP (KB2753842-v2)
Aktualizace zabezpečení systému Windows XP (KB2753842)
Aktualizace zabezpečení systému Windows XP (KB2758857)
Aktualizace zabezpečení systému Windows XP (KB2761226)
Aktualizace zabezpečení systému Windows XP (KB2770660)
Aktualizace zabezpečení systému Windows XP (KB2779030)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB970430)
Aktualizace zabezpečení systému Windows XP (KB971468)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB972270)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB973904)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974318)
Aktualizace zabezpečení systému Windows XP (KB974392)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Aktualizace zabezpečení systému Windows XP (KB975560)
Aktualizace zabezpečení systému Windows XP (KB975561)
Aktualizace zabezpečení systému Windows XP (KB975562)
Aktualizace zabezpečení systému Windows XP (KB975713)
Aktualizace zabezpečení systému Windows XP (KB977816)
Aktualizace zabezpečení systému Windows XP (KB977914)
Aktualizace zabezpečení systému Windows XP (KB978037)
Aktualizace zabezpečení systému Windows XP (KB978338)
Aktualizace zabezpečení systému Windows XP (KB978542)
Aktualizace zabezpečení systému Windows XP (KB978601)
Aktualizace zabezpečení systému Windows XP (KB978706)
Aktualizace zabezpečení systému Windows XP (KB979309)
Aktualizace zabezpečení systému Windows XP (KB979482)
Aktualizace zabezpečení systému Windows XP (KB979559)
Aktualizace zabezpečení systému Windows XP (KB979683)
Aktualizace zabezpečení systému Windows XP (KB979687)
Aktualizace zabezpečení systému Windows XP (KB980195)
Aktualizace zabezpečení systému Windows XP (KB980218)
Aktualizace zabezpečení systému Windows XP (KB980232)
Aktualizace zabezpečení systému Windows XP (KB980436)
Aktualizace zabezpečení systému Windows XP (KB981322)
Aktualizace zabezpečení systému Windows XP (KB981997)
Aktualizace zabezpečení systému Windows XP (KB982132)
Aktualizace zabezpečení systému Windows XP (KB982214)
Aktualizace zabezpečení systému Windows XP (KB982381)
Aktualizace zabezpečení systému Windows XP (KB982665)
Alan Wake
AlbumMaker
Alien Swarm
Altitude
AMD APP SDK Runtime
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
ATI Catalyst Registration
µTorrent
Audacity 1.2.6
Blocks That Matter
Boris Graffiti
BS.Player FREE
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
Compatibility Pack for the 2007 Office system
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - CZ
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - KPT Collection
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
DAEMON Tools Lite
DynavixManager.exe
Epson Print CD
EPSON PX700W Series Printer Uninstall
EPSON Scan
EPSON Stylus Photo PX700W_PX800FW_TX700W_TX800FW Manuál
EpsonNet Config V3
EpsonNet Print
EPU-6 Engine
ESET NOD32 Antivirus
Express Gate
FasterPing
Free Studio version 5.2.1
Free WMA to MP3 Converter 1.16
FTP Commander
GeoGebra
GeoGebraPrim
GIMP 2.8.0
Google Chrome
Google Update Helper
Hi-Def Suite
Hi-Rez Studios Authenticate and Update Service
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Inkscape 0.48.2
Java Auto Updater
Java™ 6 Update 37
JGoodies JDiskReport 1.3.2
Junior Icon Editor
LabelPrint
Legend of Grimrock
LG ODD Auto Firmware Update
LightScribe 1.4.31.1
LightScribe Optical Disc Kit
Logitech Updater
LogMeIn Hamachi
Magicka
Malwarebytes Anti-Malware verze 1.65.1.1000
marvell 61xx
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - CSY
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended CSY Language Pack
Microsoft ActiveSync
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Notation Player 2.6
NVIDIA PhysX
O&O Defrag Professional
O2
OpenAL
OpenOffice.org 3.4.1
Oprava Hotfix systému Windows XP (KB2443685)
Oprava Hotfix systému Windows XP (KB2570791)
Oprava Hotfix systému Windows XP (KB2633952)
Oprava Hotfix systému Windows XP (KB2756822)
Oprava Hotfix systému Windows XP (KB2779562)
Oprava Hotfix systému Windows XP (KB942288-v3)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB981793)
Orcs Must Die!
osu!
Ovladače videa společnosti Pinnacle
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
PlanetSide 2
Power2Go 5.0
PowerBackup
PowerDVD
PowerProducer
proDAD Vitascene 1.0
rajče průvodce verze 1.59.25.240
RAYMANM
Realm of the Mad God
Realtek High Definition Audio Driver
ROBLOX Player for Mirek
ROBLOX Studio for Mirek
Saitek Cyborg Keyboard Volume 6.2.1.3
Saitek SD6 Programming Software 6.6.6.9
Sanctum
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 6.0
Smite
SpeedFan (remove only)
Spiral Knights
SPORE™
Steam
Super Crate Box
TeamViewer 4
TomTom HOME
Transformice
Trine
Trine 2
UE3Redist
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Virtual Springfield
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VLC media player 2.0.4
VVVVVV (Window v1.0)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR
Worms - Ŕđěŕăĺääîí Âĺđńč˙ 1.0
Worms 4 Totální nářez
Xfire (remove only)
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Zoner Photo Map - ČR a SR 1:100 000
Zoner Photo Studio 14
Zoner Photo Studio 8

#29 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 31 December 2012 - 08:55 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


µTorrent
Java™ 6 Update 37

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#30 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 PM

Posted 03 January 2013 - 12:31 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users