Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ib.adnxs removal


  • This topic is locked This topic is locked
12 replies to this topic

#1 Edward Samuel

Edward Samuel

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 19 December 2012 - 09:24 AM

Hi, I have a problem with my laptop... I've read some article and I tried to remove it manually with malwarebytes and CCcleaner, but they didn't work... During these days, my laptop often shut down unexpectedly even when I'm on safe mode, when I tried to repair the system, and when malwarebytes were scanning... Please help me, really desperate about it... Thanks for your attention :)

Here's the log:


dds

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_37
Run by user at 20:55:23 on 2012-12-19
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.62.1033.18.1917.1441 [GMT 7:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_id&c=91&bd=Pavilion&pf=cnnb
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = about:blank
uProxyServer = 10.10.1.161:8080
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\4.7\youtubedownloaderToolbarIE.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces\{0D349DF4-E06B-469A-9CF7-C8DE3700D0E1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{33CEA530-FC0C-4F87-9FF9-28FEF6769888} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{33CEA530-FC0C-4F87-9FF9-28FEF6769888} : DHCPNameServer = 203.130.196.155 202.134.0.61
TCP: Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70} : NameServer = 10.8.15.15 10.8.17.4
TCP: Interfaces\{B980D298-FD25-468B-97D7-2E1EF198E2F7} : DHCPNameServer = 203.130.196.5 202.134.0.155
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\skyjdlu0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-17 11:54; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-09 00:59; [email protected]; c:\users\user\appdata\roaming\mozilla\firefox\profiles\skyjdlu0.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-05-06 07:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-12-15 73216]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-10 36552]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/04/07 14:38:33];c:\program files\hewlett-packard\media\dvd\000.fcl [2009-1-8 87536]
S2 AHA Dialer. RunOuc;AHA Dialer. OUC;c:\program files\aha dialer\updatedog\ouc.exe [2012-12-15 218624]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-10 84256]
S2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-10 108320]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-10 83792]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-3-18 135168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-5-9 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-1-7 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-1-7 116096]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-3-18 103424]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-5-9 222512]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-12-15 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-12-15 235392]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-19 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-19 12:57:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-19 12:57:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 12:57:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-19 12:21:14 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a607fc6-3190-438e-b7e5-e39dd77898d8}\mpengine.dll
2012-12-16 15:15:00 -------- d-----w- c:\programdata\%Installer_PublisherName%
2012-12-15 09:04:16 -------- d-----w- c:\program files\CCleaner
2012-12-15 08:14:30 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-12-15 08:14:30 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-12-15 08:14:30 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-12-15 08:14:30 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-12-15 08:14:30 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-12-15 08:14:30 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-12-15 08:14:30 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-12-15 08:14:30 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-12-15 08:14:29 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-12-15 08:14:29 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-12-15 08:14:29 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-12-14 17:19:04 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-12-14 17:18:13 -------- d-----w- c:\programdata\Malwarebytes
2012-12-08 17:59:06 -------- d-----w- c:\program files\Gophoto.it
2012-11-27 14:41:19 -------- d-----w- c:\users\user\appdata\roaming\YourFileDownloader
2012-11-27 14:41:19 -------- d-----w- c:\program files\YourFileDownloader
.
==================== Find3M ====================
.
2012-12-15 09:45:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 09:45:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 08:13:30 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-12-15 08:13:30 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-11-17 04:49:37 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-17 04:49:37 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-12 14:29:30 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-25 16:19:41 75776 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 02:58:11 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2010-03-11 17:55:41 1466402 ----a-w- c:\program files\Smadav 2010 Rev. 8.1.exe
2010-03-05 10:41:04 81408 ----a-w- c:\program files\SmadEngine.dll
2010-02-18 20:26:20 97792 ----a-w- c:\program files\SmadExtc.dll
.
============= FINISH: 20:56:51,59 ===============


DDS - attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 08/04/2010 4:23:01
System Uptime: 19/12/2012 20:41:30 (0 hours ago)
.
Motherboard: Flextronics | | 3054
Processor: AMD Athlon™ Neo Processor MV-40 | Socket M2/S1G1 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 45,63 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 10,668 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 1,357 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player
AHA Dialer
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Avira Free Antivirus
BlackBerry Desktop Software 6.1
BlackBerry Device Software v6.0.0 for the BlackBerry 9100/9105 smartphone
Bonjour
BufferChm
Business Contact Manager for Outlook 2007 SP2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Combined Community Codec Pack 2010-10-10
Counter-Strike 1.6 v28 - DigitalZone
CustomerResearchQFolder
CyberLink DVD Suite
D2400
D2400_Help
DeviceDiscovery
DeviceManagementQFolder
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Dropbox
ESU for Microsoft Vista
eSupportQFolder
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Help and Support
HP Imaging Device Functions 9.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Quick Launch Buttons 6.40 M1
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0127
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
IDT Audio
iTunes
Java Auto Updater
Java™ 6 Update 37
Java™ 6 Update 7
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 1.0 Refresh
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
OptimizerPro1
PanoStandAlone
Power2Go
PowerDirector
Prezi Desktop
ProtectSmart Hard Drive Protection
PSSWCORE
R for Windows 2.15.1
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
RStudio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SoftStylus
SolutionCenter
SpiderOak
SPSS Statistics 17.0
Status
Toolbox
Touch Pad Driver
TrayApp
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WebReg
WinRAR archiver
WxDFast
wxDownload
Yahoo! BrowserPlus 2.7.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 3.3
YouTube Downloader Toolbar v4.7
.
==== End Of File ===========================


security check
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java™ 6 Update 37
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 19,824 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 20 December 2012 - 11:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 37
Java™ 6 Update 7


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please post the logs for my review and let me know what problem persists.

#3 Edward Samuel

Edward Samuel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 21 December 2012 - 12:34 AM

thanks for your response, I'll try it soon :)

#4 Edward Samuel

Edward Samuel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 24 December 2012 - 01:56 AM

Here's the log...

Combofix
ComboFix 12-12-23.01 - user 24/12/2012 13:19:22.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.62.1033.18.1917.999 [GMT 7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 27
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Smadav 2010 Rev. 8.1.exe
c:\users\Public\sdelevURL.tmp
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 06:39 . 2012-12-24 06:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-24 06:39 . 2012-12-24 06:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-24 06:07 . 2012-12-24 06:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A607FC6-3190-438E-B7E5-E39DD77898D8}\offreg.dll
2012-12-19 18:18 . 2012-12-19 18:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-19 12:57 . 2012-12-19 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-19 12:57 . 2012-09-29 12:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 12:21 . 2012-10-16 18:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A607FC6-3190-438E-B7E5-E39DD77898D8}\mpengine.dll
2012-12-16 15:15 . 2012-12-16 15:15 -------- d-----w- c:\programdata\%Installer_PublisherName%
2012-12-15 09:04 . 2012-12-15 09:04 -------- d-----w- c:\program files\CCleaner
2012-12-15 08:14 . 2012-12-15 08:13 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-12-15 08:14 . 2012-12-15 08:13 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-12-15 08:14 . 2012-12-15 08:13 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-12-15 08:14 . 2012-12-15 08:13 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-12-15 08:14 . 2012-12-15 08:13 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-12-15 08:14 . 2012-12-15 08:13 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-12-15 08:14 . 2012-12-15 08:13 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-12-15 08:14 . 2012-12-15 08:13 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-12-15 08:14 . 2012-12-15 08:13 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-12-15 08:14 . 2012-12-15 08:13 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-12-15 08:14 . 2012-12-15 08:13 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-12-14 17:18 . 2012-12-14 17:18 -------- d-----w- c:\programdata\Malwarebytes
2012-12-08 17:59 . 2012-12-08 17:59 -------- d-----w- c:\program files\Gophoto.it
2012-11-27 14:41 . 2012-11-27 14:44 -------- d-----w- c:\program files\YourFileDownloader
2012-11-27 14:41 . 2012-11-27 14:41 -------- d-----w- c:\users\user\AppData\Roaming\YourFileDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 09:45 . 2012-05-13 16:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 09:45 . 2011-06-12 12:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 08:13 . 2011-09-13 13:25 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-12-15 08:13 . 2011-09-13 13:25 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-11-17 04:49 . 2012-11-17 04:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-17 04:49 . 2012-11-17 04:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-12 14:29 . 2012-11-15 01:45 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-01 10:14 . 2012-10-10 15:45 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-25 16:19 . 2012-11-15 02:13 75776 ----a-w- c:\windows\system32\synceng.dll
2010-03-05 10:41 . 2010-05-02 08:47 81408 ----a-w- c:\program files\SmadEngine.dll
2010-02-18 20:26 . 2010-05-02 08:47 97792 ----a-w- c:\program files\SmadExtc.dll
2012-05-25 04:22 . 2012-05-25 04:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-01-08 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-01-08 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-01-08 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-21 483420]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e49d2b6-ce2a-11e1-b3aa-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2af02095-c014-11e1-962c-001e101f6331}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f779cf8-e581-11e0-b280-001e101f82a0}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{469b29e0-e01a-11e0-86f2-001e101f8ed0}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ad7b7c3-cf14-11e1-8eca-001e101f82a7}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{611da494-63df-11e0-8474-0021cc3a9732}]
\shell\AutoRun\command - F:\Setup.exe /Auto
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6430ac23-c589-11e1-b4c5-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6535039c-d088-11e1-a500-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94b42984-c1ce-11e1-a8ef-001e101f4da1}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a32a5bcc-de0a-11e0-a516-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a32a5bd6-de0a-11e0-a516-001e101f7f74}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc930142-ce41-11e1-9df5-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0985502-c0cb-11e1-bf06-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0985524-c0cb-11e1-bf06-001e101f63cf}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9d70e9a-5104-11e0-a66e-0021cc3a9732}]
\shell\AutoRun\command - f:\.\ShowModem.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d43e12b7-468b-11e2-8dcc-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d43e12c0-468b-11e2-8dcc-001e101f36d9}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a6dd24-d0f3-11e1-a9cd-001e101f2c0e}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f71b2c2c-ce83-11e1-ae21-806e6f6e6963}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f71b2c89-ce83-11e1-ae21-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f71b2c94-ce83-11e1-ae21-001e101fa1f5}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a79450-c1af-11e1-99ca-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa8e3701-d563-11e1-8a61-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa8e3724-d563-11e1-8a61-001e101f7fb6}]
\shell\AutoRun\command - G:\AutoRun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faa9a12e-c57a-11e1-b488-0021cc3a9732}]
\shell\AutoRun\command - F:\AutoRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 09:45]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3581148889-4278950078-4026762717-1003Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 00:32]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3581148889-4278950078-4026762717-1003UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 00:32]
.
2012-12-24 c:\windows\Tasks\OptimizerPro1UpdaterTask{BA9821C6-60A4-4E46-852A-B8A27FC2F523}.job
- c:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-09-16 12:31]
.
2012-12-24 c:\windows\Tasks\WxDFastUpdaterTask{5A41CC1E-AA4F-406C-99B5-8BD47FB88EF9}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-09-16 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = 10.10.1.161:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{33CEA530-FC0C-4F87-9FF9-28FEF6769888}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70}: NameServer = 10.8.15.15 10.8.17.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\skyjdlu0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-17 11:54; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-09 00:59; [email protected]; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\skyjdlu0.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-05-06 07:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-24 13:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3581148889-4278950078-4026762717-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,9a,9e,f6,47,38,e4,61,31,37,44,6f,b0,e5,60,4e,64,73,6a,59,b9,5c,f0,
48,6e,d8,6f,96,54,79,22,46,4c,67,70,6e,76,f1,46,14,5a,cf,03,bf,36,ab,8b,e9,\
"??"=hex:a7,d0,db,19,70,ad,dc,88,0c,58,9b,4e,f0,45,47,2f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-24 13:45:25
ComboFix-quarantined-files.txt 2012-12-24 06:45
.
Pre-Run: 46.374.068.224 bytes free
Post-Run: 45.647.351.808 bytes free
.
- - End Of File - - F5CC1CDE7F4988A43BE9C92BB0B23691


AdwCleaner
# AdwCleaner v2.102 - Logfile created 12/24/2012 at 13:48:33
# Updated 23/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : user - EDO
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\extensions\[email protected]
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\yourfiledownloader
Folder Found : C:\Program Files\YouTube Downloader Toolbar
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[R1].txt - [2138 octets] - [24/12/2012 13:48:33]

########## EOF - C:\AdwCleaner[R1].txt - [2198 octets] ##########

#5 nasdaq

nasdaq

  • Malware Response Team
  • 19,824 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 24 December 2012 - 02:36 PM

c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\skyjdlu0.default\extensions\[email protected]



Open notepad and copy/paste the text in the quote box below into it:

File::
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\skyjdlu0.default\extensions\[email protected]



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the logs and let me know what problem persists.

===

#6 Edward Samuel

Edward Samuel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 24 December 2012 - 10:21 PM

here's the log...

oh, and Merry Christmas for you Nasdaq (if you celebrate it)
have a nice day ahead :)

Combofix
ComboFix 12-12-23.01 - user 25/12/2012 9:22.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.62.1033.18.1917.793 [GMT 7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 02:41 . 2012-12-25 02:41 -------- d-----w- c:\users\user\AppData\Local\temp
2012-12-25 02:41 . 2012-12-25 02:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-25 02:41 . 2012-12-25 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-24 08:39 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-24 08:39 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-24 08:39 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-24 08:39 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-24 08:39 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-24 08:39 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-24 08:39 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-24 08:39 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-24 08:39 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-24 08:39 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-24 08:39 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-24 07:11 . 2012-12-24 07:11 -------- d-----w- c:\program files\Common Files\Java
2012-12-24 07:10 . 2012-12-24 07:09 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-24 06:07 . 2012-12-24 06:07 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A607FC6-3190-438E-B7E5-E39DD77898D8}\offreg.dll
2012-12-19 18:18 . 2012-12-19 18:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-19 12:57 . 2012-12-19 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-19 12:57 . 2012-09-29 12:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 12:21 . 2012-10-16 18:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A607FC6-3190-438E-B7E5-E39DD77898D8}\mpengine.dll
2012-12-16 15:15 . 2012-12-16 15:15 -------- d-----w- c:\programdata\%Installer_PublisherName%
2012-12-15 09:04 . 2012-12-15 09:04 -------- d-----w- c:\program files\CCleaner
2012-12-15 08:14 . 2012-12-15 08:13 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-12-15 08:14 . 2012-12-15 08:13 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-12-15 08:14 . 2012-12-15 08:13 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-12-15 08:14 . 2012-12-15 08:13 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-12-15 08:14 . 2012-12-15 08:13 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-12-15 08:14 . 2012-12-15 08:13 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-12-15 08:14 . 2012-12-15 08:13 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-12-15 08:14 . 2012-12-15 08:13 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-12-15 08:14 . 2012-12-15 08:13 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-12-15 08:14 . 2012-12-15 08:13 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-12-15 08:14 . 2012-12-15 08:13 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-12-14 17:19 . 2012-12-14 17:19 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-12-14 17:18 . 2012-12-14 17:18 -------- d-----w- c:\programdata\Malwarebytes
2012-12-08 17:59 . 2012-12-08 17:59 -------- d-----w- c:\program files\Gophoto.it
2012-11-27 14:41 . 2012-11-27 14:44 -------- d-----w- c:\program files\YourFileDownloader
2012-11-27 14:41 . 2012-11-27 14:41 -------- d-----w- c:\users\user\AppData\Roaming\YourFileDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-24 07:09 . 2012-11-17 04:53 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-24 07:09 . 2012-11-17 04:53 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-15 09:45 . 2012-05-13 16:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 09:45 . 2011-06-12 12:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 08:13 . 2011-09-13 13:25 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-12-15 08:13 . 2011-09-13 13:25 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-12 14:29 . 2012-11-15 01:45 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-01 10:14 . 2012-10-10 15:45 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-05 10:41 . 2010-05-02 08:47 81408 ----a-w- c:\program files\SmadEngine.dll
2010-02-18 20:26 . 2010-05-02 08:47 97792 ----a-w- c:\program files\SmadExtc.dll
2012-05-25 04:22 . 2012-05-25 04:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-01-08 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-01-08 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-01-08 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-21 483420]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUDFPF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 09:45]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3581148889-4278950078-4026762717-1003Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 00:32]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3581148889-4278950078-4026762717-1003UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 00:32]
.
2012-12-25 c:\windows\Tasks\OptimizerPro1UpdaterTask{BA9821C6-60A4-4E46-852A-B8A27FC2F523}.job
- c:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-09-16 12:31]
.
2012-12-25 c:\windows\Tasks\WxDFastUpdaterTask{5A41CC1E-AA4F-406C-99B5-8BD47FB88EF9}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-09-16 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = 10.10.1.161:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{33CEA530-FC0C-4F87-9FF9-28FEF6769888}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70}: NameServer = 10.8.15.15 10.8.17.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\skyjdlu0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://id.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-17 11:54; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-09 00:59; [email protected]; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\skyjdlu0.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-05-06 07:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 09:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3581148889-4278950078-4026762717-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,9a,9e,f6,47,38,e4,61,31,37,44,6f,b0,e5,60,4e,64,73,6a,59,b9,5c,f0,
48,6e,d8,6f,96,54,79,22,46,4c,67,70,6e,76,f1,46,14,5a,cf,03,bf,36,ab,8b,e9,\
"??"=hex:a7,d0,db,19,70,ad,dc,88,0c,58,9b,4e,f0,45,47,2f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-25 09:45:56
ComboFix-quarantined-files.txt 2012-12-25 02:45
ComboFix2.txt 2012-12-24 06:45
.
Pre-Run: 45.664.038.912 bytes free
Post-Run: 45.830.168.576 bytes free
.
- - End Of File - - 7F65A31AB1C6925F2053DF4346E7D5D7

AdwCleaner
# AdwCleaner v2.102 - Logfile created 12/25/2012 at 10:01:48
# Updated 23/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : user - EDO
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\extensions\[email protected]
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\yourfiledownloader
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[R1].txt - [2267 octets] - [24/12/2012 13:48:33]
AdwCleaner[S1].txt - [2242 octets] - [25/12/2012 10:01:48]

########## EOF - C:\AdwCleaner[S1].txt - [2302 octets] ##########

#7 nasdaq

nasdaq

  • Malware Response Team
  • 19,824 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 25 December 2012 - 09:48 AM

Any remaining issues?

#8 Edward Samuel

Edward Samuel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 25 December 2012 - 12:32 PM

still the same, laptop being slowed down, ads showed up continuously on my facebook pages (there's a line "waiting for ib.adnxs.com" when loading pages), and shut down unexpectedly...

#9 nasdaq

nasdaq

  • Malware Response Team
  • 19,824 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 26 December 2012 - 10:58 AM

Remove OptimizerPro1 using the Add/Remove programs list.


Delete these files in bold from the Tasks folder if present.
2012-12-24 c:\windows\Tasks\OptimizerPro1UpdaterTask{BA9821C6-60A4-4E46-852A-B8A27FC2F523}.job

2012-12-24 c:\windows\Tasks\WxDFastUpdaterTask{5A41CC1E-AA4F-406C-99B5-8BD47FB88EF9}.job


===

If still being redirected please run this tool.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

#10 Edward Samuel

Edward Samuel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 27 December 2012 - 01:49 AM

Here's the RogueKiller log:

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 12/27/2012 13:47:19

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\AHA Dialer\OnlineUpdate\ouc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] WxDFastUpdaterTask{5A41CC1E-AA4F-406C-99B5-8BD47FB88EF9}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe /schedule /profilepath "C:\ProgramData\Premium\WxDFast\profile.ini" -> FOUND
[TASK][SUSP PATH] OptimizerPro1UpdaterTask{BA9821C6-60A4-4E46-852A-B8A27FC2F523}.job : C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe /schedule /profilepath "C:\ProgramData\Premium\OptimizerPro1\profile.ini" -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.10.1.161:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70} : NameServer (10.8.15.15 10.8.17.4) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70} : NameServer (10.8.15.15 10.8.17.4) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 9a566aa64105d10b9452b31cfa8cc35f
[BSP] d9de217bab1aa33f2ee01262f24950de : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 118869 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 243447808 | Size: 108168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 464977920 | Size: 11432 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12272012_02d1347.txt >>
RKreport[1]_S_12272012_02d1347.txt

#11 nasdaq

nasdaq

  • Malware Response Team
  • 19,824 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 27 December 2012 - 11:29 AM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to the item in bold below and uncheck the rest: (if found)

[TASK][SUSP PATH] OptimizerPro1UpdaterTask{BA9821C6-60A4-4E46-852A-B8A27FC2F523}.job : C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe /schedule /profilepath "C:\ProgramData\Premium\OptimizerPro1\profile.ini" -> FOUND

Now click Delete on the right hand column under Options

Post back the report which should be located on your desktop.

How is it now?

#12 Edward Samuel

Edward Samuel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 27 December 2012 - 09:14 PM

here's the latest log:
RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 12/28/2012 09:10:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] WxDFastUpdaterTask{5A41CC1E-AA4F-406C-99B5-8BD47FB88EF9}.job : C:\ProgramData\Premium\WxDFast\WxDFast.exe /schedule /profilepath "C:\ProgramData\Premium\WxDFast\profile.ini" -> NOT SELECTED
[TASK][SUSP PATH] OptimizerPro1UpdaterTask{BA9821C6-60A4-4E46-852A-B8A27FC2F523}.job : C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe /schedule /profilepath "C:\ProgramData\Premium\OptimizerPro1\profile.ini" -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.10.1.161:8080) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70} : NameServer (10.8.15.15 10.8.17.4) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A511C932-C651-4166-8EFE-D646EEF6BA70} : NameServer (10.8.15.15 10.8.17.4) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 9a566aa64105d10b9452b31cfa8cc35f
[BSP] d9de217bab1aa33f2ee01262f24950de : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 118869 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 243447808 | Size: 108168 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 464977920 | Size: 11432 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_12282012_02d0910.txt >>
RKreport[1]_S_12272012_02d1347.txt ; RKreport[2]_S_12282012_02d0908.txt ; RKreport[3]_D_12282012_02d0910.txt



I'll check if it solves the problem...
thx nasdaq :)

#13 nasdaq

nasdaq

  • Malware Response Team
  • 19,824 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 28 December 2012 - 10:19 AM

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users