Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Assistance with ComboFix log


  • This topic is locked This topic is locked
2 replies to this topic

#1 supportme777

supportme777

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 12 February 2013 - 09:39 PM

MOD EDIT: Moved to proper forum ~~ boopme

 

 

 

 (((((((((((((((((((((((((   Files Created from 2013-01-13 to
2013-02-13 
)))))))))))))))))))))))))))))))



.



.



2013-02-13 02:09 . 2013-02-13 02:09         --------   d-----w-                c:\users\Guest\AppData\Local\temp



2013-02-13 02:09 . 2013-02-13 02:09         --------   d-----w-                c:\users\Default\AppData\Local\temp



2013-02-10 09:27 . 2013-02-10 09:27         --------   d-----w-                c:\program files
(x86)\Malwarebytes' Anti-Malware



2013-02-10 09:27 . 2012-12-14 23:49         24176    ----a-w-                c:\windows\system32\drivers\mbam.sys



2013-02-10 09:25 . 2013-02-10 09:25         95648    ----a-w-                c:\windows\SysWow64\WindowsAccessBridge-32.dll



2013-02-10 09:25 . 2013-02-10 09:27         --------   d-----w-                C:\02f60218f7ab92c7c64b08



2013-02-10 07:26 . 2013-02-13 02:04         76232    ----a-w-                c:\programdata\Microsoft\Windows
Defender\Definition Updates\{CBDB1CF7-5DBE-41EE-8DBB-AD50A52DAF92}\offreg.dll



2013-02-10 07:17 . 2013-01-18 19:15         9161176                ----a-w-                c:\programdata\Microsoft\Windows
Defender\Definition Updates\{CBDB1CF7-5DBE-41EE-8DBB-AD50A52DAF92}\mpengine.dll



2013-02-10 02:54 . 2013-02-10 02:54         14690376             ----a-w-                c:\users\Guest\AppData\Roaming\lpuninstall.exe



2013-02-09 19:18 . 2013-02-09 19:18         16365936             ----a-w-                c:\windows\SysWow64\FlashPlayerInstaller.exe



2013-01-31 02:43 . 2013-01-31 03:10         --------   d-----w-                c:\users\AppData\Roaming\Download
Manager



2013-01-25 06:49 . 2013-01-25 06:49         --------   d-----w-                c:\program files (x86)\Common
Files\Skype



2013-01-24 20:45 . 2013-01-24 20:45         --------   d-----w-                c:\program files (x86)\WinSCP



2013-01-18 03:21 . 2013-02-11 06:33         --------   d-----w-                c:\usersAppData\Local\VMware



2013-01-18 03:21 . 2013-02-11 06:33         --------   d-----w-                c:\usersAppData\Roaming\VMware



2013-01-17 19:25 . 2013-01-17 19:25         --------   d-----w-                c:\programdata\Ask



2013-01-16 17:52 . 2010-02-23 08:16         294912  ----a-w-                c:\windows\system32\browserchoice.exe



2013-01-16 01:45 . 2012-10-24 21:17         67224    ----a-w-                c:\windows\system32\vsocklib.dll



2013-01-16 01:45 . 2012-10-24 21:17         70296    ----a-w-                c:\windows\system32\drivers\vsock.sys



2013-01-16 01:45 . 2012-10-24 21:17         63128    ----a-w-                c:\windows\SysWow64\vsocklib.dll



2013-01-16 01:45 . 2012-11-01 09:34         67224    ----a-w-                c:\windows\system32\drivers\vmx86.sys



2013-01-16 01:44 . 2012-11-01 09:35         357016  ----a-w-                c:\windows\SysWow64\vmnetdhcp.exe



2013-01-16 01:44 . 2012-11-01 09:34         435864  ----a-w-                c:\windows\SysWow64\vmnat.exe



2013-01-16 01:44 . 2012-11-01 09:34         30360    ----a-w-                c:\windows\system32\drivers\vmnetuserif.sys



2013-01-16 01:44 . 2012-11-01 09:35         933528  ----a-w-                c:\windows\system32\vnetlib64.dll



2013-01-16 01:43 . 2012-10-12 00:15         52376    ----a-w-                c:\windows\system32\drivers\hcmon.sys



2013-01-16 01:42 . 2013-01-16 01:42         --------   d-----w-                c:\program files\Common
Files\VMware



2013-01-16 01:41 . 2013-02-10 09:22         --------   d-----w-                c:\programdata\VMware



2013-01-16 01:41 . 2013-01-16 01:41         --------   d-----w-                c:\program files (x86)\VMware



2013-01-16 01:41 . 2013-01-16 01:41         --------   d-----w-                c:\program files (x86)\Common
Files\VMware



.



.



.



((((((((((((((((((((((((((((((((((((((((   Find3M Report  
))))))))))))))))))))))))))))))))))))))))))))))))))))



.



2013-02-10 09:25 . 2012-01-22 23:18         861088  ----a-w-                c:\windows\SysWow64\npdeployJava1.dll



2013-02-10 09:25 . 2010-07-20 14:49         782240  ----a-w-                c:\windows\SysWow64\deployJava1.dll



2013-02-09 19:18 . 2012-06-01 16:27         697712  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe



2013-02-09 19:18 . 2012-01-13 16:39         74096    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl



2013-01-17 08:28 . 2011-02-07 14:33         273840  ------w- c:\windows\system32\MpSigStub.exe



2013-01-10 16:40 . 2010-11-11 23:01         67599240             ----a-w-                c:\windows\system32\MRT.exe



2012-12-16 17:11 . 2012-12-21 09:01         46080    ----a-w-                c:\windows\system32\atmlib.dll



2012-12-16 14:45 . 2012-12-21 09:01         367616  ----a-w-                c:\windows\system32\atmfd.dll



2012-12-16 14:13 . 2012-12-21 09:01         295424  ----a-w-                c:\windows\SysWow64\atmfd.dll



2012-12-16 14:13 . 2012-12-21 09:01         34304    ----a-w-                c:\windows\SysWow64\atmlib.dll



2012-12-07 13:20 . 2013-01-09 19:05         441856  ----a-w-                c:\windows\system32\Wpc.dll



2012-12-07 13:15 . 2013-01-09 19:05         2746368                ----a-w-                c:\windows\system32\gameux.dll



2012-12-07 12:26 . 2013-01-09 19:05         308736  ----a-w-                c:\windows\SysWow64\Wpc.dll



2012-12-07 12:20 . 2013-01-09 19:05         2576384                ----a-w-                c:\windows\SysWow64\gameux.dll



2012-12-07 11:20 . 2013-01-09 19:05         30720    ----a-w-                c:\windows\system32\usk.rs



2012-12-07 11:20 . 2013-01-09 19:05         43520    ----a-w-                c:\windows\system32\csrr.rs



2012-12-07 11:20 . 2013-01-09 19:05         23552    ----a-w-                c:\windows\system32\oflc.rs



2012-12-07 11:20 . 2013-01-09 19:05         45568    ----a-w-                c:\windows\system32\oflc-nz.rs



2012-12-07 11:20 . 2013-01-09 19:05         44544    ----a-w-                c:\windows\system32\pegibbfc.rs



2012-12-07 11:20 . 2013-01-09 19:05         20480    ----a-w-                c:\windows\system32\pegi-fi.rs



2012-12-07 11:20 . 2013-01-09 19:05         20480    ----a-w-                c:\windows\system32\pegi-pt.rs



2012-12-07 11:19 . 2013-01-09 19:05         20480    ----a-w-                c:\windows\system32\pegi.rs



2012-12-07 11:19 . 2013-01-09 19:05         46592    ----a-w-                c:\windows\system32\fpb.rs



2012-12-07 11:19 . 2013-01-09 19:05         40960    ----a-w-                c:\windows\system32\cob-au.rs



2012-12-07 11:19 . 2013-01-09 19:05         21504    ----a-w-                c:\windows\system32\grb.rs



2012-12-07 11:19 . 2013-01-09 19:05         15360    ----a-w-                c:\windows\system32\djctq.rs



2012-12-07 11:19 . 2013-01-09 19:05         55296    ----a-w-                c:\windows\system32\cero.rs



2012-12-07 11:19 . 2013-01-09 19:05         51712    ----a-w-                c:\windows\system32\esrb.rs



2012-12-07 10:46 . 2013-01-09 19:05         43520    ----a-w-                c:\windows\SysWow64\csrr.rs



2012-12-07 10:46 . 2013-01-09 19:05         30720    ----a-w-                c:\windows\SysWow64\usk.rs



2012-12-07 10:46 . 2013-01-09 19:05         45568    ----a-w-                c:\windows\SysWow64\oflc-nz.rs



2012-12-07 10:46 . 2013-01-09 19:05         44544    ----a-w-                c:\windows\SysWow64\pegibbfc.rs



2012-12-07 10:46 . 2013-01-09 19:05         20480    ----a-w-                c:\windows\SysWow64\pegi-pt.rs



2012-12-07 10:46 . 2013-01-09 19:05         23552    ----a-w-                c:\windows\SysWow64\oflc.rs



2012-12-07 10:46 . 2013-01-09 19:05         20480    ----a-w-                c:\windows\SysWow64\pegi-fi.rs



2012-12-07 10:46 . 2013-01-09 19:05         46592    ----a-w-                c:\windows\SysWow64\fpb.rs



2012-12-07 10:46 . 2013-01-09 19:05         20480    ----a-w-                c:\windows\SysWow64\pegi.rs



2012-12-07 10:46 . 2013-01-09 19:05         21504    ----a-w-                c:\windows\SysWow64\grb.rs



2012-12-07 10:46 . 2013-01-09 19:05         40960    ----a-w-                c:\windows\SysWow64\cob-au.rs



2012-12-07 10:46 . 2013-01-09 19:05         15360    ----a-w-                c:\windows\SysWow64\djctq.rs



2012-12-07 10:46 . 2013-01-09 19:05         51712    ----a-w-                c:\windows\SysWow64\esrb.rs



2012-12-07 10:46 . 2013-01-09 19:05         55296    ----a-w-                c:\windows\SysWow64\cero.rs



2012-11-30 05:45 . 2013-01-09 19:04         362496  ----a-w-                c:\windows\system32\wow64win.dll



2012-11-30 05:45 . 2013-01-09 19:04         243200  ----a-w-                c:\windows\system32\wow64.dll



2012-11-30 05:45 . 2013-01-09 19:04         13312    ----a-w-                c:\windows\system32\wow64cpu.dll



2012-11-30 05:45 . 2013-01-09 19:04         215040  ----a-w-                c:\windows\system32\winsrv.dll



2012-11-30 05:43 . 2013-01-09 19:04         16384    ----a-w-                c:\windows\system32\ntvdm64.dll



2012-11-30 05:41 . 2013-01-09 19:04         424448  ----a-w-                c:\windows\system32\KernelBase.dll



2012-11-30 05:41 . 2013-01-09 19:04         1161216                ----a-w-                c:\windows\system32\kernel32.dll



2012-11-30 05:38 . 2013-01-09 19:04         6144       ---ha-w-               c:\windows\system32\api-ms-win-security-base-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-util-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-string-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         4608       ---ha-w-               c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         4608       ---ha-w-               c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         5120       ---ha-w-               c:\windows\system32\api-ms-win-core-file-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-io-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll



2012-11-30 05:38 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\system32\api-ms-win-core-console-l1-1-0.dll



2012-11-30 04:54 . 2013-01-09 19:04         5120       ----a-w-                c:\windows\SysWow64\wow32.dll



2012-11-30 04:53 . 2013-01-09 19:04         274944  ----a-w-                c:\windows\SysWow64\KernelBase.dll



2012-11-30 04:45 . 2013-01-09 19:04         4608       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         4096       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3584       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         5120       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll



2012-11-30 04:45 . 2013-01-09 19:04         3072       ---ha-w-               c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll



.



.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points  
))))))))))))))))))))))))))))))))))))))))))))))))))



.



.



*Note* empty entries & legit default entries are not
shown



REGEDIT4



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper
Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]



2012-01-04 23:02              233288  ----a-w-                c:\program
files (x86)\Expat Shield\HssIE\ExpatIE.dll



.



[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]



@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              129272  ----a-w-                c:\users\
AppData\Roaming\Dropbox\bin\DropboxExt.17.dll



.



[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]



@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              129272  ----a-w-                c:\users
\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll



.



[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]



@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              129272  ----a-w-                c:\users\
AppData\Roaming\Dropbox\bin\DropboxExt.17.dll



.



[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]



@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              129272  ----a-w-                c:\users
\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll



.



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]



"Sidebar"="c:\program files\Windows
Sidebar\sidebar.exe" [2010-11-20 1475584]



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]



"ArcSoft Connection Service"="c:\program
files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
[2010-10-28 207424]



"SwitchBoard"="c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]



"Acrobat Assistant 8.0"="c:\program files
(x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]



"Malwarebytes Anti-Malware"="c:\program files
(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]



.



c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\



Uninstall LastPass RunOnce.lnk -
c:\users\Guest\AppData\Roaming\lpuninstall.exe [2013-2-9 14690376]



.



c:\users \AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\



Dropbox.lnk - c:\users \AppData\Roaming\Dropbox\bin\Dropbox.exe
[2013-1-20 28539272]



MagicDisc.lnk - c:\program files
(x86)\MagicDisc\MagicDisc.exe [2012-6-2 576000]



.



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]



"ConsentPromptBehaviorAdmin"= 0 (0x0)



"ConsentPromptBehaviorUser"= 3 (0x3)



"EnableLUA"= 0 (0x0)



"EnableUIADesktopToggle"= 0 (0x0)



"PromptOnSecureDesktop"= 0 (0x0)



.



[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\drivers32]



"mixer"=wdmaud.drv



.



R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework
NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
[2010-03-18 138576]



R2 KMService;KMService;c:\windows\system32\srvany.exe [x]



R2 SkypeUpdate;Skype Updater;c:\program files
(x86)\Skype\Updater\Updater.exe [2013-01-08 161536]



R2 VMwareHostd;VMware Workstation Server;c:\program files
(x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-01 13234176]



R3 ExpatTrayService;Expat Shield Tray Service;c:\program
files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520]



R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program
files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]



R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter
Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys
[2010-03-18 7680512]



R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter
Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys
[2009-06-10 5434368]



R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]



R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card
Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]



R3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]



R3
SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]



R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS
[2009-06-10 1485312]



R3
SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10
740864]



R3 SwitchBoard;Adobe SwitchBoard;c:\program files
(x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]



R3
TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]



R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program
files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance
Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]



R3 WatAdminSvc;Windows Activation Technologies
Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]



R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon
Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]



R4 MSSQLServerADHelper100;SQL Active Directory Helper
Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
[2009-07-22 61976]



R4 RsFx0105;RsFx0105
Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]



R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program
files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
[2011-09-23 431464]



S0 vmci;VMware VMCI Bus
Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]



S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys
[2012-10-24 70296]



S2 AESTFilters;Andrea ST Filters Service;c:\program
files\IDT\WDM\AESTSr64.exe [2010-11-18 89600]



S2 ExpatShieldService;Expat Shield Service;c:\program files
(x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608]



S2 ExpatSrv;Expat Shield Routing Service;c:\program files
(x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]



S2 ExpatWd;Expat Shield Monitoring Service;c:\program files
(x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]



S2 HP Wireless Assistant Service;HP Wireless Assistant
Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
[2010-06-18 103992]



S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe
[2011-05-13 30520]



S2 TeamViewer7;TeamViewer 7;c:\program files
(x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]



S2 UNS;Intel® Management & Security Application User
Notification Service;c:\program files (x86)\Intel\Intel® Management Engine
Components\UNS\UNS.exe [2010-05-01 2533400]



S2 VMUSBArbService;VMware USB Arbitration Service;c:\program
files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-12
918680]



S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver
(shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]



S3 clwvd;HP Webcam
Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-25 32880]



S3 dc3d;MS Hardware Device Detection Driver
(USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]



S3 HECIx64;Intel® Management Engine
Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]



S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys
[2010-02-27 158976]



S3 IntcDAud;Intel® Display
Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]



S3 wdkmd;Intel WiDi
KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]



.



.



Contents of the 'Scheduled Tasks' folder



.



2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job



-
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01
19:18]



.



2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job



- c:\program files (x86)\Google\Update\GoogleUpdate.exe
[2012-05-13 08:11]



.



2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job



- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13
08:11]



.



2013-02-12
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4169401764-339046626-797800063-1001Core.job



- c:\usersAppData\Local\Google\Update\GoogleUpdate.exe
[2010-11-08 21:48]



.



2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4169401764-339046626-797800063-1001UA.job



- c:\users\ AppData\Local\Google\Update\GoogleUpdate.exe
[2010-11-08 21:48]



.



.



--------- X64 Entries -----------



.



.



[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]



2012-01-04 23:02              287048  ----a-w-                c:\program
files (x86)\Expat Shield\HssIE\ExpatIE_64.dll



.



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]



@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              162552  ----a-w-                c:\users\
AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll



.



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]



@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              162552  ----a-w-                c:\users\
AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll



.



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]



@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              162552  ----a-w-                c:\users
\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll



.



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]



@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"



[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]



2012-11-13 23:32              162552  ----a-w-                c:\users\
AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]



"SynTPEnh"="c:\program files
(x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]



"IntelWireless"="c:\program files\Common
Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]



"HPWirelessAssistant"="c:\program
files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe"
[2010-06-18 8192]



"SysTrayApp"="c:\program
files\IDT\WDM\sttray64.exe" [2010-11-18 487424]



"IgfxTray"="c:\windows\system32\igfxtray.exe"
[2010-07-29 161304]



"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
[2010-07-29 386584]



"Persistence"="c:\windows\system32\igfxpers.exe"
[2010-07-29 415256]



.



------- Supplementary Scan -------



.



uStart Page =
hxxp://xfinity.comcast.net/?cid=insDate01132013



uLocal Page = c:\windows\system32\blank.htm



uDefault_Search_URL = hxxp://www.google.com/ie



mLocal Page = c:\windows\SysWOW64\blank.htm



uInternet Settings,ProxyOverride = local



uSearchAssistant = hxxp://www.google.com/ie



uSearchURL,(Default) = hxxp://www.google.com/search?q=%s



IE: Add to Google Photos Screensa&ver -
c:\windows\system32\GPhotos.scr/200



IE: Append Link Target to Existing PDF - c:\program files
(x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html



IE: Append to Existing PDF - c:\program files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html



IE: Convert Link Target to Adobe PDF - c:\program files
(x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html



IE: Convert to Adobe PDF - c:\program files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html



IE: E&xport to Microsoft Excel -
c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000



IE: Read EXIF - c:\program files (x86)\ArcSoft\RAW Thumbnail
Viewer\ArcEXIFM.htm



IE: Se&nd to OneNote -
c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105



TCP: DhcpNameServer = 192.168.2.1



FF - ProfilePath - c:\users\ AppData\Roaming\Mozilla\Firefox\Profiles\uxakk76q.default\



FF - prefs.js: browser.search.selectedEngine - Ask.com



FF - prefs.js: browser.startup.homepage -
hxxp://search.babylon.com/?babsrc=HP_Prot



FF - prefs.js: keyword.URL - 
hxxp://search.babylon.com/?affID=110014&babsrc=KW_ss&mntrId=dab0c8200000000000000026c7c32fb9&q=



FF - ExtSQL: 2013-01-17 12:35; toolbar@ask.com; c:\users\AppData\Roaming\Mozilla\Firefox\Profiles\uxakk76q.default\extensions\toolbar@ask.com



FF - user.js: extensions.autoDisableScopes - 14



FF - user.js: security.csp.enable - false



FF - user.js: extensions.BabylonToolbar_i.id -
dab0c8200000000000000026c7c32fb9



FF - user.js: extensions.BabylonToolbar_i.hardId -
dab0c8200000000000000026c7c32fb9



FF - user.js: extensions.BabylonToolbar_i.instlDay - 15483



FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17



FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17



FF - user.js: extensions.BabylonToolbar_i.vrsnTs -
1.5.3.1719:52



FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon



FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar



FF - user.js: extensions.BabylonToolbar_i.aflt - babsst



FF - user.js: extensions.BabylonToolbar_i.smplGrp - none



FF - user.js: extensions.BabylonToolbar_i.tlbrId - base



FF - user.js: extensions.BabylonToolbar_i.newTab - false



FF - user.js: extensions.BabylonToolbar_i.babTrack -
affID=110014



FF - user.js: extensions.BabylonToolbar_i.babExt -



FF - user.js: extensions.BabylonToolbar_i.srcExt - ss



FF - user.js: extensions.BabylonToolbar_i.instlRef - sst



.



.



--------------------- LOCKED REGISTRY KEYS ---------------------



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]



@Denied: (A 2) (Everyone)



@="FlashBroker"



"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]



"Enabled"=dword:00000001



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]



@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]



@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]



@Denied: (A 2) (Everyone)



@="IFlashBroker5"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]



@="{00020424-0000-0000-C000-000000000046}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]



@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"



"Version"="1.0"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]



@Denied: (A 2) (Everyone)



@="FlashBroker"



"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]



"Enabled"=dword:00000001



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]



@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]



@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]



@Denied: (A 2) (Everyone)



@="Shockwave Flash Object"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]



@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"



"ThreadingModel"="Apartment"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]



@="0"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]



@="ShockwaveFlash.ShockwaveFlash.11"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]



@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx,
1"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]



@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]



@="1.0"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]



@="ShockwaveFlash.ShockwaveFlash"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]



@Denied: (A 2) (Everyone)



@="Macromedia Flash Factory Object"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]



@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"



"ThreadingModel"="Apartment"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]



@="FlashFactory.FlashFactory.1"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]



@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx,
1"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]



@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]



@="1.0"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]



@="FlashFactory.FlashFactory"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]



@Denied: (A 2) (Everyone)



@="IFlashBroker5"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]



@="{00020424-0000-0000-C000-000000000046}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]



@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"



"Version"="1.0"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart
Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]



@Denied: (A) (Everyone)



"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema
Library\ActionsPane3]



@Denied: (A) (Everyone)



.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema
Library\ActionsPane3\0]



"Key"="ActionsPane3"



"Location"="c:\\Program Files (x86)\\Common
Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"



.



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]



@Denied: (Full) (Everyone)



.



Completion time: 2013-02-12 
19:12:22



ComboFix-quarantined-files.txt  2013-02-13 02:12



ComboFix2.txt 
2013-02-10 09:11



Pre-Run: 205,937,635,328 bytes free



Post-Run: 205,730,099,200 bytes free



.



- - End Of File - - 599CEAC5F7863372E68E36F94D2DBFA0


Edited by boopme, 12 February 2013 - 09:41 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 15 February 2013 - 10:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 

  •  


  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  



  • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.

 

  • Double click on the DDS icon, allow it to run. 


  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 


  • Notepad will open with the results. 


  • Follow the instructions that pop up for posting the results. 

Please note:  You may have to disable any script protection running if the scan fails to run.
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click on Delete tab follow the prompts.


  • A log file will automatically open after the scan has finished.


  • Please post the content of that log file with your next answer.


  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

 
 
Please post the logs and let me know what problems exists.
 
===
 
Please open the logs with NotePad, and make sure that the blank lines (seen on your previous log) are not present when you post them.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 21 February 2013 - 10:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users