Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

apype.com infection Help.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Mcglynn77

Mcglynn77

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 13 February 2013 - 08:24 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393  BrowserJavaVersion: 10.13.2
Run by Matt at 20:01:56 on 2013-02-13
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.873 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://apype.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.313\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [A Youtube Downloader Free_Helper] c:\program files\a youtube downloader free\A Youtube Downloader Free_Helper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\bloggi~1.lnk - c:\program files\sony\bloggie software\BGVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bloggi~1.lnk - c:\program files\sony\bloggie software\BGVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hawkes~1.lnk - c:\program files\hawkes learning systems\hawkes update service manager\HawkesUpdater.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.313\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultraw~1.lnk - c:\program files\dell\dell wusb\WQ_Tray2.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{D0D760D9-F7CC-4EA4-8177-E35F2FA2E75E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\ej0h6xlg.default\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\sony\bloggie software\npsome.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-7-25 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-7-25 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-7-25 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-22 314456]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-8-16 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-22 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-22 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-22 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-7-25 127192]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2013-1-16 8192]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-9-9 98984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-28 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-28 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-28 21104]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\bbsvc.exe --> c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2007-10-23 45344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
.
=============== Created Last 30 ================
.
2013-02-12 10:54:19 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6a00b30-0ad6-446c-be26-b35401752617}\mpengine.dll
2013-02-10 22:59:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 21:12:11 -------- d-----w- c:\program files\ESET
2013-02-09 20:52:44 -------- d-----w- c:\windows\ERUNT
2013-02-09 20:52:11 -------- d-----w- C:\JRT
2013-01-28 23:41:56 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2013-01-28 23:40:27 -------- d-----w- c:\programdata\Malwarebytes
2013-01-28 23:40:24 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-28 23:40:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-20 21:14:52 -------- d-----w- c:\users\matt\appdata\roaming\.minecraft
2013-01-17 00:21:09 -------- dc-h--w- c:\programdata\{2CB7E68C-946F-4273-97CC-85B3F2AB1353}
2013-01-17 00:09:58 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2013-01-17 00:09:58 344064 ----a-w- c:\windows\system32\rsp_ogg_player_ocx2.dll
2013-01-17 00:09:58 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2013-01-17 00:09:57 94208 ----a-w- c:\windows\system32\MSSTKPRP.DLL
2013-01-17 00:09:57 344064 ----a-w- c:\windows\system32\rsp_ogg_player_ocx1.dll
2013-01-17 00:09:55 372736 ----a-w- c:\windows\system32\vbwExtender.ocx
2013-01-17 00:09:54 205848 ----a-w- c:\windows\system32\THREED32.OCX
2013-01-17 00:09:53 224016 ----a-w- c:\windows\system32\TABCTL32.OCX
2013-01-17 00:09:52 1328824 ----a-w- c:\windows\system32\SPR32X60.ocx
2013-01-17 00:09:51 159744 ----a-w- c:\windows\system32\rsp_ogg_vorbis_ocx_320reg.ocx
2013-01-17 00:09:49 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2013-01-17 00:09:47 557328 ----a-w- c:\windows\system32\DAO360.DLL
2013-01-17 00:07:24 -------- d-----w- c:\program files\Hawkes Learning Systems
2013-01-16 22:30:42 -------- d--h--w- c:\programdata\{9C9477C6-B3C2-455B-82F3-E537CBCAABF0}
2013-01-16 22:30:38 -------- d-----w- c:\users\matt\appdata\local\PackageAware
2013-01-15 11:04:34 -------- d-----w- c:\users\matt\AbiSuite
2013-01-15 11:03:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-15 10:54:00 -------- d-----w- c:\program files\AbiWord
.
==================== Find3M  ====================
.
2013-02-14 00:59:01 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 00:59:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 22:58:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-10 22:58:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 20:04:13.73 ===============



BC AdBot (Login to Remove)

 


#2 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 13 February 2013 - 08:28 PM

http://www.bleepingcomputer.com/forums/t/484404/apypecom/http--,,--//www.bleepingcomputer.com/forums/t/484404/apypecom/#entry2973949     this is the link from the other forum.



#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:44 AM

Posted 14 February 2013 - 12:43 AM

Hi,

 

Please post attach.txt (generated while running DDS) contents too.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 14 February 2013 - 04:34 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/10/2010 5:55:17 PM
System Uptime: 2/13/2013 2:41:41 PM (6 hours ago)
.
Motherboard: Dell Inc. |  | 0UK437
Processor: Intel® Core™2 Duo CPU     T5750  @ 2.00GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 89.369 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.099 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP910: 2/3/2013 9:58:47 AM - Scheduled Checkpoint
RP911: 2/5/2013 5:47:59 AM - Windows Update
RP913: 2/6/2013 6:38:36 PM - Removed Live! Cam Avatar Creator
RP915: 2/6/2013 6:40:49 PM - Removed GMI
RP917: 2/6/2013 6:42:08 PM - Removed Live! Cam Avatar
RP918: 2/6/2013 6:52:44 PM - SpeedyPC Pro Backup
RP919: 2/8/2013 5:52:21 AM - Windows Update
RP920: 2/9/2013 10:46:21 PM - Scheduled Checkpoint
RP921: 2/10/2013 4:19:49 PM - Removed Java 7 Update 9
RP922: 2/10/2013 4:23:05 PM - Removed Java™ 6 Update 31
RP923: 2/10/2013 5:27:54 PM - Installed Microsoft Fix it 50267
RP924: 2/10/2013 5:56:13 PM - Installed Java 7 Update 13
RP925: 2/12/2013 5:53:17 AM - Windows Update
RP926: 2/13/2013 7:45:16 PM - Windows Backup
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advanced Audio FX Engine
Advanced Video FX Engine
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Avatar Prerequisites
avast! Internet Security
Bing Bar
Bloggie Software
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Driver Download Manager
Dell Resource CD
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Dell WUSB
DivX Setup
Driver Whiz
ESET Online Scanner v3
Google Chrome
Google Earth Plug-in
Google Update Helper
Hawkes Update Service Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel® PROSet/Wireless Software
Intermediate Algebra (Fall 2012 Student)
iTunes
Java 7 Update 13
Java Auto Updater
Laptop Integrated Webcam Driver (1.04.01.1011) 
LEGO® Stop Animation Studio
Lexmark 3600-4600 Series
Lexmark Fax Solutions
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
mCorev32.ism_new
mCPlug
mDriver
MediaDirect
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Media Video 9 VCM
mMHouse
MobileMe Control Panel
Mozilla Firefox 16.0 (x86 en-US)
Mozilla Firefox 4.0b8 (x86 en-US)
Mozilla Firefox 8.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mWMI
MyTomTom 3.2.0.802
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Plants vs. Zombies
QuickTime
RICOH Media Driver ver.2.07.01.04
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
SigmaTel Audio
Skype Click to Call
Skype™ 5.10
SpeedyPC Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.4053
Visual Studio C++ 10.0 Runtime
Windows Driver Package - Digital Blue (CoachUsb) Image  (05/15/2009 4.75.1.0.32)
Windows Driver Package - Digital Blue (CoachVid) Image  (05/15/2009 4.75.1.0.32)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 10:38:43 PM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort1.
2/13/2013 7:34:14 PM, Error: Service Control Manager [7000]  - The BCM42RLY service failed to start due to the following error:  The system cannot find the file specified.
2/13/2013 5:36:22 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/11/2013 4:29:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/10/2013 5:34:56 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/10/2013 5:34:56 PM, Error: Service Control Manager [7000]  - The BingBar Service service failed to start due to the following error:  The system cannot find the file specified.
2/10/2013 4:34:28 PM, Error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================



#5 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 15 February 2013 - 04:41 PM

here is the attach file. i hope it works.


Edited by Mcglynn77, 15 February 2013 - 04:43 PM.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:44 AM

Posted 18 February 2013 - 04:47 AM

Hi,

 

I'm sorry for a delayed response.



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you. 

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 20 February 2013 - 06:14 PM

hi, sorry it has been a while, i ran the combofix.... now i cannot run any programs at all. it is saying there is a illegal operation on a registry key that has been marked for deletion . not looking good. any help? 



#8 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 20 February 2013 - 06:19 PM

here is the log. please help. thanks

Attached Files



#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:44 AM

Posted 21 February 2013 - 01:11 AM

Hi,

 

Please post fresh DDS logs too (dds.txt & attach.txt contents).


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 21 February 2013 - 04:42 PM

Here are the updated logs. Thanks for the help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19400  BrowserJavaVersion: 10.13.2
Run by Matt at 16:34:24 on 2013-02-21
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.1017 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\p2phost.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\PROGRA~1\MIF2B0~1\wkcalrem.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://apype.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [A Youtube Downloader Free_Helper] c:\program files\a youtube downloader free\A Youtube Downloader Free_Helper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\bloggi~1.lnk - c:\program files\sony\bloggie software\BGVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bloggi~1.lnk - c:\program files\sony\bloggie software\BGVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hawkes~1.lnk - c:\program files\hawkes learning systems\hawkes update service manager\HawkesUpdater.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultraw~1.lnk - c:\program files\dell\dell wusb\WQ_Tray2.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D0D760D9-F7CC-4EA4-8177-E35F2FA2E75E} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\ej0h6xlg.default\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox 4.0 beta 2\plugins\npqtplugin7.dll
FF - plugin: c:\program files\sony\bloggie software\npsome.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-7-25 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-7-25 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-7-25 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-22 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-22 314456]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-8-16 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-22 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-22 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-22 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-7-25 127192]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2013-1-16 8192]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-9-9 98984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-28 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-28 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-28 21104]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\bbsvc.exe --> c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2007-10-23 45344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-20 22:54:39 -------- d-----w- C:\$RECYCLE.BIN
2013-02-20 22:49:04 -------- d-----w- c:\users\matt\appdata\local\temp
2013-02-20 22:30:20 256000 ----a-w- c:\windows\PEV.exe
2013-02-20 22:30:20 208896 ----a-w- c:\windows\MBR.exe
2013-02-20 22:30:19 98816 ----a-w- c:\windows\sed.exe
2013-02-19 10:27:00 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4de3251d-56e0-42e6-83fe-906aa8e33386}\mpengine.dll
2013-02-10 22:59:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 21:12:11 -------- d-----w- c:\program files\ESET
2013-02-09 20:52:44 -------- d-----w- c:\windows\ERUNT
2013-02-09 20:52:11 -------- d-----w- C:\JRT
2013-01-28 23:41:56 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2013-01-28 23:40:27 -------- d-----w- c:\programdata\Malwarebytes
2013-01-28 23:40:24 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-28 23:40:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-02-14 00:59:01 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 00:59:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 22:58:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-10 22:58:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 11:59:52 916480 ----a-w- c:\windows\system32\wininet.dll
2013-01-05 11:54:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-05 11:54:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-05 11:54:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-05 11:54:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-01-05 10:23:06 385024 ----a-w- c:\windows\system32\html.iec
2013-01-05 08:47:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-05 08:44:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38:50 2048512 ----a-w- c:\windows\system32\win32k.sys
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 16:35:40.66 ===============

Attached Files



#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:44 AM

Posted 22 February 2013 - 12:51 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uStart Page = hxxp://apype.com
Firefox::
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\ej0h6xlg.default\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get Adobe Reader 11.0 here and updates 11.0.01 & 11.0.02 for it or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 7 Update 15.
  • Click the
    Download
     button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u15-windows-i586.exe to install the newest version.



* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its findings, a fresh dds.txt log and above mentioned ComboFix resultant log.

 


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 Mcglynn77

Mcglynn77
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 February 2013 - 10:14 AM

ComboFix 13-02-20.01 - Matt 02/23/2013   9:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.1080 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matt\AppData\Local\Temp\mia2\mEXEFunc.dll
c:\windows\TEMP\mia2\mEXEFunc.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-23 to 2013-02-23  )))))))))))))))))))))))))))))))
.
.
2013-02-23 14:45 . 2013-02-23 14:51 -------- d-----w- c:\users\Matt\AppData\Local\temp
2013-02-23 14:45 . 2013-02-23 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-22 08:15 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A56BAF9E-92E3-4F9D-9532-11EB4FC7499D}\mpengine.dll
2013-02-20 23:59 . 2013-02-20 23:59 -------- d-----w- c:\users\Matt\AppData\Roaming\Template
2013-02-20 23:52 . 2013-02-22 08:08 -------- d-----w- c:\program files\Microsoft Works
2013-02-10 23:00 . 2013-02-10 23:00 -------- d-----w- c:\program files\Common Files\Java
2013-02-10 22:59 . 2013-02-10 22:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 21:12 . 2013-02-09 21:12 -------- d-----w- c:\program files\ESET
2013-02-09 20:52 . 2013-02-09 20:52 -------- d-----w- c:\windows\ERUNT
2013-02-09 20:52 . 2013-02-09 20:52 -------- d-----w- C:\JRT
2013-01-28 23:41 . 2013-01-28 23:41 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2013-01-28 23:40 . 2013-01-28 23:40 -------- d-----w- c:\programdata\Malwarebytes
2013-01-28 23:40 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-28 23:40 . 2013-01-28 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 00:59 . 2012-08-17 00:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-14 00:59 . 2011-11-24 17:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 22:58 . 2012-11-20 23:29 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-10 22:58 . 2010-10-10 07:26 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28 . 2010-08-12 12:08 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-22 08:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 08:01 293376 ----a-w- c:\windows\system32\atmfd.dll
2011-11-10 23:45 . 2011-08-07 20:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"A Youtube Downloader Free_Helper"="c:\program files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe" [2012-09-27 1434112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]
Hawkes Update Notifier.lnk - c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe [2013-1-16 3768184]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Ultrawideband Control Center.lnk - c:\program files\Dell\Dell WUSB\WQ_Tray2.exe [2007-8-4 1965112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 08:04 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 00:59]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 13:47]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 13:47]
.
2013-02-23 c:\windows\Tasks\User_Feed_Synchronization-{4379A196-E800-4D7E-BBF6-F19A15A88357}.job
- c:\windows\system32\msfeedssync.exe [2013-02-13 08:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://apype.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ej0h6xlg.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-23 09:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
c:\windows\system32\lxdxcoms.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Completion time: 2013-02-23  09:57:59 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-23 14:57
ComboFix2.txt  2013-02-20 23:02
.
Pre-Run: 93,319,147,520 bytes free
Post-Run: 93,294,866,432 bytes free
.
- - End Of File - - 1771910BC05DDCAE9AF6A04FC6522DA7


#13 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:44 AM

Posted 25 February 2013 - 04:54 AM

Hi,

 

Please post other requested logs too when ready.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:44 AM

Posted 02 April 2013 - 11:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users