Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ib.adnsx keeps showing even after removing but doesn't redirect


  • This topic is locked This topic is locked
6 replies to this topic

#1 Rintone

Rintone

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 04 October 2012 - 01:25 PM

Hi, My name is Rintone and my Web browser Google Crhome was infected by ib.adnsx.
As fast as i could i removed the infection (or so i think) by following this steps-http://forums.anvisoft.com/viewtopic-45-1048-0.html -however i noticed after loading or re-loading sites that sometimes the name "waiting for response from" would still appear along with "ib.adnsx.com", which made me perplex.Posted Image
more images here---> http://imageshack.us/photo/my-images/689/ibadnxswhyagain.jpg/ - http://imageshack.us/photo/my-images/441/ibadnxsevenhere.jpg/ - http://imageshack.us/photo/my-images/23/ibadnxsnotagain.jpg/
I also downloaded Adblock plus for Chrome, the message don't appear but...am i safe now? Can i rely on Adblock plus to take care of that malicious site now that i've installed it on Chrome?

=========================================================================here's my DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Io at 19:16:51 on 2012-10-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1790.826 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\anvisoft\Anvi AD Blocker\ADBlockerSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Kies\KiesTrayAgent.exe
C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe
D:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Io\AppData\Local\Akamai\netsession_win.exe
D:\Program Files\Kies\Kies.exe
D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\taskeng.exe
C:\Users\Io\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Io\AppData\Local\Akamai\netsession_win.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uStart Page = about:blank
uSearch Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Akamai NetSession Interface] "c:\users\io\appdata\local\akamai\netsession_win.exe"
uRun: [KiesPreload] d:\program files\kies\Kies.exe /preload
uRun: [KiesAirMessage] d:\program files\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] d:\program files\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [offerbox] c:\program files\offerbox\OfferBox.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] d:\program files\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
mRun: [ADBlocker] c:\program files\anvisoft\anvi ad blocker\ADBlockerTray.exe -tray
mRun: [Browser companion helper]
StartupFolder: c:\users\io\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\io\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\windows\system32\wpclsp.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6F167E8D-1BFC-41F4-BB76-664A80A2A0C7} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 asdnet;asdnet;c:\program files\anvisoft\anvi ad blocker\sys\x86\asdnet.sys [2012-10-1 15696]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2012-10-1 16208]
R2 ADBlockerSrv;AD Blocker Service;c:\program files\anvisoft\anvi ad blocker\ADBlockerSrv.exe [2012-10-1 279368]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-26 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2012-3-26 269480]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2012-10-1 22864]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-8-23 686896]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2012-10-1 14160]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-26 66616]
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-1 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-3 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-3 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-3 22856]
R3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-28 135664]
S2 OfferBox update service;OfferBox update service;c:\program files\offerbox\OfferBoxUpdateService.exe [2012-4-17 334184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250288]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-6-20 13232]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-16 80824]
S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-28 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 RDID1098;UA-1G;c:\windows\system32\drivers\Rdwm1098.sys [2011-3-17 116352]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-16 181432]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2012-7-16 181432]
.
=============== Created Last 30 ================
.
2012-10-04 16:46:12 -------- d-----w- c:\users\io\appdata\local\{8CF011E2-D3D3-457B-811B-6B69A16CB4AA}
2012-10-02 23:42:31 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7347cb1-0d11-4ba1-bc89-d17907b32b27}\mpengine.dll
2012-10-02 22:39:23 -------- d-----w- c:\users\io\appdata\roaming\Malwarebytes
2012-10-02 22:39:12 -------- d-----w- c:\programdata\Malwarebytes
2012-10-02 22:39:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-02 22:39:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-02 06:02:58 -------- d-----w- c:\users\io\appdata\local\Akamai
2012-10-01 06:10:05 -------- d-----w- c:\users\io\appdata\roaming\Anvisoft
2012-10-01 06:10:01 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-10-01 06:10:01 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-10-01 06:10:01 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-10-01 06:10:01 -------- d-----w- c:\programdata\Anvisoft
2012-10-01 06:09:59 -------- d-----w- c:\program files\Anvisoft
2012-09-24 17:13:08 -------- d-----r- c:\users\io\Dropbox
2012-09-24 17:05:36 -------- d-----w- c:\users\io\appdata\roaming\Dropbox
2012-09-22 22:41:22 -------- d-----w- c:\program files\Katawa Shoujo
2012-09-15 22:00:52 -------- d-----w- c:\program files\Worlds of Haruhi Suzumiya
2012-09-08 10:38:41 -------- d-----w- c:\programdata\Ask
2012-09-05 14:01:41 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-09-21 15:30:17 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 15:30:17 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 18:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 19.19.27,71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:00 AM

Posted 05 October 2012 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

#3 Rintone

Rintone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 06 October 2012 - 04:27 AM

==============================================here's the Combofix.txt file
ComboFix 12-10-04.02 - Io 06/10/2012 10.31.20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1790.966 [GMT 2:00]
Eseguito da: c:\users\Io\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\updatebhoWin32.dll_1
c:\program files\BrowserCompanion\updatebhoWin32.dll_2
c:\program files\OfferBox
c:\program files\OfferBox\install.log
c:\program files\OfferBox\install.xml
c:\program files\OfferBox\language.xml
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxHTTPProxy.exe
c:\program files\OfferBox\OfferBoxUpdateService.exe
c:\program files\OfferBox\uninstaller.exe
c:\programdata\16957FDE85.sys
c:\users\Io\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Io\AppData\Roaming\OfferBox
c:\users\Io\AppData\Roaming\OfferBox\config.xml
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\categories.xml
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Io\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\users\Io\AppData\Roaming\OfferBox\temp.ico
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_OfferBox update service
-------\Service_OfferBox update service
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-06 al 2012-10-06 )))))))))))))))))))))))))))))))))))
.
.
2012-10-06 08:43 . 2012-10-06 08:49 -------- d-----w- c:\users\Io\AppData\Local\temp
2012-10-06 08:43 . 2012-10-06 08:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-02 22:39 . 2012-10-02 22:39 -------- d-----w- c:\users\Io\AppData\Roaming\Malwarebytes
2012-10-02 22:39 . 2012-10-02 22:39 -------- d-----w- c:\programdata\Malwarebytes
2012-10-02 22:39 . 2012-10-02 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-02 22:39 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-02 06:02 . 2012-10-02 19:00 -------- d-----w- c:\users\Io\AppData\Local\Akamai
2012-10-01 06:10 . 2012-10-01 06:10 -------- d-----w- c:\users\Io\AppData\Roaming\Anvisoft
2012-10-01 06:10 . 2012-10-01 06:14 -------- d-----w- c:\programdata\Anvisoft
2012-10-01 06:10 . 2012-08-20 09:23 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-10-01 06:10 . 2012-08-20 09:23 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-10-01 06:10 . 2012-08-20 09:23 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-10-01 06:09 . 2012-10-01 06:14 -------- d-----w- c:\program files\Anvisoft
2012-09-24 17:13 . 2012-10-06 07:09 -------- d-----r- c:\users\Io\Dropbox
2012-09-24 17:05 . 2012-10-06 07:09 -------- d-----w- c:\users\Io\AppData\Roaming\Dropbox
2012-09-22 22:41 . 2012-09-22 22:42 -------- d-----w- c:\program files\Katawa Shoujo
2012-09-15 22:00 . 2012-09-15 22:01 -------- d-----w- c:\program files\Worlds of Haruhi Suzumiya
2012-09-08 10:38 . 2012-09-08 10:38 -------- d-----w- c:\programdata\Ask
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 07:33 . 2012-10-06 07:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4D2B860-E9E1-45DE-997D-8A82D9DED326}\offreg.dll
2012-09-21 15:30 . 2012-04-05 20:30 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 15:30 . 2011-08-20 07:25 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2012-10-05 13:06 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4D2B860-E9E1-45DE-997D-8A82D9DED326}\mpengine.dll
2012-08-28 18:24 . 2012-06-30 12:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-05-05 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2012-10-04 963984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Io\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"KiesPreload"="d:\program files\Kies\Kies.exe" [2012-07-02 975288]
"KiesPDLR"="d:\program files\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-07 801792]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-01-29 380416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="d:\program files\Kies\KiesTrayAgent.exe" [2012-07-02 3524536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-09-10 1411224]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-08-23 1229104]
"ADBlocker"="c:\program files\anvisoft\Anvi AD Blocker\ADBlockerTray.exe" [2012-09-13 961864]
.
c:\users\Io\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Io\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Io^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Io\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Io^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Io\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 17:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-10-04 14:02 963984 ----a-w- d:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ADBlockerSrv;AD Blocker Service;c:\program files\anvisoft\Anvi AD Blocker\ADBlockerSrv.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:30]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 22:22]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 22:22]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-KiesAirMessage - d:\program files\Kies\KiesAirMessage.exe
HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM-Run-offerbox - c:\program files\OfferBox\OfferBox.exe
HKLM-Run-Browser companion helper - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-cbbabbdrv - c:\users\io\appdata\local\temp\jkhhff.dll
MSConfigStartUp-cbyyabsys - c:\users\io\appdata\local\temp\hgfgdd.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-GM4IE - d:\program files\SocialPlus\gm4ie.exe
MSConfigStartUp-sdfpbtqq - c:\users\Io\AppData\Local\soqulbaly\gbjlkaotssd.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-win2dkdes - c:\users\Io\AppData\Roaming\win2dkdes\win2djws.exe
AddRemove-OfferBox - c:\program files\OfferBox\uninstaller.exe
AddRemove-01_Simmental - d:\program files\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\program files\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\program files\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\program files\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\program files\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\program files\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\program files\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\program files\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\program files\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\program files\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\program files\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\program files\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\program files\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\program files\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\program files\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\program files\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\program files\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\program files\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 10:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
c:\users\Io\AppData\Roaming\Microsoft\Windows\Cookies\XUK0Z443.txt
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1583698210-2257565525-2114935795-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,f4,d6,5a,2e,11,40,ca,6f,50,84,a3,75,02,67,f4,79,8e,0e,92,3a,
d2,ed,f5,2c,dc,31,d9,96,cd,60,2d,ef,95,09,e2,e3,ed,c1,f8,02,27,f0,c5,55,c8,\
"rkeysecu"=hex:04,71,c9,d6,9f,e5,e5,62,a4,23,84,b4,60,12,88,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-06 10:59:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-06 08:59
.
Pre-Run: 12.742.832.128 byte disponibili
Post-Run: 13.237.256.192 byte disponibili
.
- - End Of File - - F8561D9B5610C5A5811820B641AFAC9C

#4 Rintone

Rintone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 06 October 2012 - 07:03 AM

=====================================================Here's my security check
Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AntiVir Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versione 1.65.0.1400
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Anvisoft Anvi Smart Defender ASDSrv.exe
Anvisoft Anvi Smart Defender ASDTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


=================================================================and the AdwCleaner file
# AdwCleaner v2.003 - Logfile created 10/06/2012 at 11:35:45
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Io - PC-IO
# Boot Mode : Normal
# Running from : C:\Users\Io\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Offerbox.lnk
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Linkury
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BabylonUpdater
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Linkury
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Io\AppData\Local\Babylon
Folder Deleted : C:\Users\Io\AppData\Local\Linkury
Folder Deleted : C:\Users\Io\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Io\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Io\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Offerbox
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
Key Deleted : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl
Key Deleted : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2567691
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Key Deleted : HKLM\Software\OpenCandy NSIS SDK
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Io\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5627 octets] - [06/10/2012 11:35:45]

########## EOF - C:\AdwCleaner[S1].txt - [5687 octets] ##########

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:00 AM

Posted 06 October 2012 - 08:16 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 35


===

Please let me know of any remaining issues with this computer.

#6 Rintone

Rintone
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 06 October 2012 - 09:26 AM

Seems like my Java is fine, my computer too look like is doing great.
Thanks, i really appreciated you help, you're a life saver!

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:00 AM

Posted 07 October 2012 - 07:05 AM

Glad we could help.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users