Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uninstalled Privitize VPN - Is it completely removed?


  • This topic is locked This topic is locked
6 replies to this topic

#1 garcia2

garcia2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 18 February 2013 - 04:49 AM

I recently installed Privitize VPN on my PC. After researching this issue, I have taken steps toward removing the malicious programs. I just want to be sure that there are no leftovers.

 

 

A list of programs I have utilized include:

 

Adwcleaner by Xplode

Malwarebytes Anti-Malware

Hitman Pro

Advanced Uninstaller Pro 11

 

 

These tools have produced results, and Privitize VPN and other programs that were bundled with it have been removed. I do not know if there are more hiding somewhere. If there is anything else I need to do please run me through it.

 

Thank You,

 

Garcia



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 18 February 2013 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please run these tools and post the logs for my review.
It's the only way I can suggest an remedial action.
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 

  •  


  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  



  • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.

 

  • Double click on the DDS icon, allow it to run. 


  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 


  • Notepad will open with the results. 


  • Follow the instructions that pop up for posting the results. 

Please note:  You may have to disable any script protection running if the scan fails to run.
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===
Third party programs if not up to date can be an open door for an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  •  


  • Close all open programs and internet browsers.


  • Double click on AdwCleaner.exe to run the tool.


  • Click on Delete tab follow the prompts.


  • A log file will automatically open after the scan has finished.


  • Please post the content of that log file with your next answer.


  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 24 February 2013 - 09:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 01 March 2013 - 09:01 AM

This topic has been re-opened at the request of the person who originally posted.

#5 garcia2

garcia2
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 03 March 2013 - 06:37 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16482
Run by egarc_000 at 18:49:29 on 2013-02-28
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.16276.12922 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\SCM\MSIService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SCM\Radio Manager.exe
C:\Program Files (x86)\SCM\SCM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\MSI\KLM\KLM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://msi13.msn.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
mRun: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINZIP~1.LNK - C:\Program Files\WinZip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DisableCAD = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{578D84DB-A137-463D-8B22-1D3FD77F259C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{578D84DB-A137-463D-8B22-1D3FD77F259C}\27160756026716E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{578D84DB-A137-463D-8B22-1D3FD77F259C}\E45445745414256363 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Radio Manager] C:\Program Files (x86)\SCM\Radio Manager.exe
x64-Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-18 647736]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2012-10-18 30056]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\Drivers\bwcW8x64.sys [2012-9-25 74096]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-18 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-18 165760]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\SCM\MSIService.exe [2012-9-13 160768]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-10-18 142904]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-9-25 490496]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-18 364416]
R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2013-2-11 965296]
R3 akw8x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\Drivers\akw8x64.sys [2012-9-25 3203440]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-2-6 33944]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-17 342528]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;C:\Windows\System32\Drivers\e22w8x64.sys [2012-9-25 164720]
R3 MBfilt;MBfilt;C:\Windows\System32\Drivers\MBfilt64.sys [2013-2-6 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-10-18 14136]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-10-18 339600]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/10/18 08:15:50;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-5-23 243728]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-2-6 88728]
S3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;C:\Windows\System32\Drivers\AthDfu.sys [2012-10-18 55448]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-2-6 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-2-6 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-2-6 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-2-6 76952]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-2-6 135832]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-2-6 567808]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\Drivers\NETwNe64.sys [2012-6-2 11400192]
.
=============== Created Last 30 ================
.
2013-02-28 23:19:10    --------    d-----w-    C:\Users\egarc_000\AppData\Local\AVG Secure Search
2013-02-28 23:03:20    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E9B56C7-8081-4830-A090-B0E3CB198586}\mpengine.dll
2013-02-28 22:59:30    443392    ----a-w-    C:\Windows\System32\ReAgent.dll
2013-02-28 22:59:30    375808    ----a-w-    C:\Windows\SysWow64\ReAgent.dll
2013-02-28 22:59:30    1010688    ----a-w-    C:\Windows\System32\reseteng.dll
2013-02-27 03:08:26    9162192    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-18 09:17:07    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2013-02-18 09:14:40    --------    d-----w-    C:\ProgramData\HitmanPro
2013-02-18 09:08:38    242    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-02-18 06:02:04    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Innovative Solutions
2013-02-18 06:02:04    --------    d-----w-    C:\ProgramData\Innovative Solutions
2013-02-18 06:02:03    --------    d-----w-    C:\Program Files (x86)\Common Files\Innovative Solutions
2013-02-18 06:02:01    42496    ----a-w-    C:\Windows\SysWow64\AdvUninstCPL.cpl
2013-02-18 06:01:57    --------    d-----w-    C:\Program Files (x86)\Innovative Solutions
2013-02-18 04:30:38    --------    d-----w-    C:\Users\egarc_000\AppData\Roaming\Malwarebytes
2013-02-18 04:30:23    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-18 04:30:22    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-02-18 04:30:22    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-18 04:29:38    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Programs
2013-02-17 22:04:09    3554304    ----a-w-    C:\Windows\System32\tquery.dll
2013-02-17 22:03:59    562392    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-02-16 19:04:42    83456    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-02-16 19:04:42    49152    ----a-w-    C:\Windows\System32\DevDispItemProvider.dll
2013-02-16 19:04:42    39936    ----a-w-    C:\Windows\System32\drivers\hidi2c.sys
2013-02-16 19:04:42    36352    ----a-w-    C:\Windows\SysWow64\DevDispItemProvider.dll
2013-02-16 19:04:42    1184256    ----a-w-    C:\Windows\System32\Display.dll
2013-02-16 19:04:42    1164800    ----a-w-    C:\Windows\SysWow64\Display.dll
2013-02-16 19:04:41    7168    ----a-w-    C:\Windows\System32\KBDKURD.DLL
2013-02-16 19:04:41    6656    ----a-w-    C:\Windows\SysWow64\KBDKURD.DLL
2013-02-16 19:04:41    27136    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-02-16 19:03:46    641536    ----a-w-    C:\Windows\System32\WSShared.dll
2013-02-16 19:03:46    523776    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-02-16 19:03:46    198656    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.dll
2013-02-16 19:03:46    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-02-16 19:03:46    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-02-16 19:03:45    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-02-16 07:19:08    929792    ----a-w-    C:\Windows\SysWow64\mfnetsrc.dll
2013-02-16 07:19:08    850944    ----a-w-    C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-02-16 07:19:08    677888    ----a-w-    C:\Windows\System32\mfnetcore.dll
2013-02-16 07:19:08    673280    ----a-w-    C:\Windows\System32\mfmpeg2srcsnk.dll
2013-02-16 07:19:08    568832    ----a-w-    C:\Windows\SysWow64\mfnetcore.dll
2013-02-16 07:19:08    513024    ----a-w-    C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-02-16 07:19:08    1172992    ----a-w-    C:\Windows\System32\mfnetsrc.dll
2013-02-16 07:19:07    1048064    ----a-w-    C:\Windows\System32\mfasfsrcsnk.dll
2013-02-16 07:17:37    618496    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2013-02-16 07:17:36    82944    ----a-w-    C:\Windows\SysWow64\dskquota.dll
2013-02-16 07:17:36    109568    ----a-w-    C:\Windows\System32\dskquota.dll
2013-02-16 07:12:26    707584    ----a-w-    C:\Windows\System32\AppXDeploymentExtensions.dll
2013-02-16 07:12:26    178176    ----a-w-    C:\Windows\System32\SystemEventsBrokerServer.dll
2013-02-16 07:12:26    170496    ----a-w-    C:\Windows\System32\TimeBrokerServer.dll
2013-02-16 07:12:26    1131520    ----a-w-    C:\Windows\System32\AppXDeploymentServer.dll
2013-02-16 07:12:25    368640    ----a-w-    C:\Windows\System32\sppwinob.dll
2013-02-14 04:56:53    --------    d-----r-    C:\Program Files (x86)\Skype
2013-02-13 21:56:10    446976    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-02-13 21:56:09    68608    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-02-13 16:37:37    78168    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 16:37:37    692568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-11 17:14:17    16114176    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-11 17:14:17    15541248    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-11 03:02:15    17888    ----a-w-    C:\Windows\System32\msvcr100_clr0400.dll
2013-02-11 03:00:34    17888    ----a-w-    C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-02-11 02:22:57    405504    ----a-w-    C:\Windows\System32\pcasvc.dll
2013-02-11 02:22:57    31232    ----a-w-    C:\Windows\System32\pcadm.dll
2013-02-11 02:22:57    13312    ----a-w-    C:\Windows\System32\pcalua.exe
2013-02-11 02:22:57    11776    ----a-w-    C:\Windows\System32\pcaevts.dll
2013-02-09 22:45:32    --------    d-----w-    C:\Users\egarc_000\AppData\Local\WinZip
2013-02-09 22:42:01    --------    d-----w-    C:\Users\egarc_000\AppData\Local\AVG SafeGuard toolbar
2013-02-09 22:41:57    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2013-02-09 22:41:55    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-02-09 22:41:54    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2013-02-09 22:41:54    --------    d-----w-    C:\Program Files (x86)\AVG SafeGuard toolbar
2013-02-09 22:19:59    523088    ----a-w-    C:\Windows\System32\d3dx10_42.dll
2013-02-09 22:18:54    9216    ----a-w-    C:\Windows\System32\dpnhupnp.dll
2013-02-09 22:17:51    2361344    ----a-w-    C:\Windows\System32\msxml6.dll
2013-02-09 22:17:51    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2013-02-09 22:17:51    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-02-09 22:17:51    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2013-02-09 22:17:51    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-02-09 22:17:51    1836032    ----a-w-    C:\Windows\System32\msxml3.dll
2013-02-09 22:17:51    1802240    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2013-02-09 22:17:51    1438720    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-02-09 22:07:47    --------    d-----w-    C:\Windows\SysWow64\directx
2013-02-09 21:56:10    18528    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-02-07 04:44:14    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Apple Computer
2013-02-07 04:44:05    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-02-07 04:43:44    --------    d-----w-    C:\Program Files\iPod
2013-02-07 04:43:43    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-07 04:43:43    --------    d-----w-    C:\Program Files\iTunes
2013-02-07 04:43:43    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-02-07 04:43:39    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Apple
2013-02-07 04:43:27    --------    d-----w-    C:\Program Files\Bonjour
2013-02-07 04:43:27    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-02-07 04:13:15    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Google
2013-02-07 04:13:03    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Deployment
2013-02-07 04:13:03    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Apps
2013-02-07 04:00:41    40960    ----a-r-    C:\Users\egarc_000\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-02-07 04:00:41    40960    ----a-r-    C:\Users\egarc_000\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-02-07 03:51:18    --------    d-----w-    C:\Users\egarc_000\AppData\Local\CRE
2013-02-07 03:48:38    --------    d-----w-    C:\Users\egarc_000\AppData\Roaming\uTorrent
2013-02-07 03:09:23    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-02-07 03:01:18    --------    d-----w-    C:\ProgramData\Atheros
2013-02-07 03:01:17    --------    d-----w-    C:\Users\egarc_000\AppData\Roaming\Atheros
2013-02-07 02:58:14    76952    ----a-w-    C:\Windows\System32\drivers\btath_lwflt.sys
2013-02-07 02:58:14    178840    ----a-w-    C:\Windows\System32\drivers\btath_hcrp.sys
2013-02-07 02:58:14    135832    ----a-w-    C:\Windows\System32\drivers\btath_rcp.sys
2013-02-07 02:58:13    88728    ----a-w-    C:\Windows\System32\drivers\btath_flt.sys
2013-02-07 02:58:13    344216    ----a-w-    C:\Windows\System32\drivers\btath_a2dp.sys
2013-02-07 02:58:13    114840    ----a-w-    C:\Windows\System32\drivers\btath_avdt.sys
2013-02-07 02:58:12    567808    ----a-w-    C:\Windows\System32\drivers\btfilter.sys
2013-02-07 02:58:12    33944    ----a-w-    C:\Windows\System32\drivers\btath_bus.sys
2013-02-07 02:57:46    --------    d-----w-    C:\Program Files (x86)\Common Files\QCA_Bluetooth
2013-02-07 02:57:44    --------    d-----w-    C:\Program Files (x86)\Bluetooth Suite
2013-02-07 02:57:23    --------    d-----w-    C:\ProgramData\Bigfoot Networks
2013-02-07 02:57:23    --------    d-----w-    C:\Program Files\Qualcomm Atheros
2013-02-07 02:56:23    --------    d-----w-    C:\Users\egarc_000\AppData\Local\CrashDumps
2013-02-07 01:42:44    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-02-07 01:07:51    --------    d-----w-    C:\Users\egarc_000\AppData\Roaming\Intel Corporation
2013-02-07 01:06:56    --------    d-----w-    C:\Users\egarc_000\AppData\Local\MSI
2013-02-07 01:06:56    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Micro-Star_International_
2013-02-07 01:06:47    --------    d-----w-    C:\Users\egarc_000\AppData\Local\BMExplorer
2013-02-07 01:06:24    --------    d-----r-    C:\Users\egarc_000\Searches
2013-02-07 01:06:24    --------    d-----r-    C:\Users\egarc_000\Contacts
2013-02-07 01:06:08    --------    d-----w-    C:\Users\egarc_000\AppData\Roaming\Synaptics
2013-02-07 01:06:06    --------    d-----w-    C:\Users\egarc_000\AppData\Local\VirtualStore
2013-02-07 01:06:05    --------    d-----w-    C:\Users\egarc_000\AppData\Local\Packages
.
==================== Find3M  ====================
.
2013-01-31 03:29:52    2226408    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-17 04:04:06    4055552    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-16 00:35:49    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-01-16 00:31:26    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-01-16 00:25:17    1437696    ----a-w-    C:\Windows\SysWow64\GdiPlus.dll
2013-01-16 00:23:19    1690624    ----a-w-    C:\Windows\System32\GdiPlus.dll
2013-01-14 03:56:14    6967016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-10 01:53:32    28904    ----a-w-    C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39    1448168    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38    303848    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29    194280    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22    124648    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56    91880    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:54    1934056    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-01-10 01:29:21    785504    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53    83968    ----a-w-    C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46    1611776    ----a-w-    C:\Windows\SysWow64\mmc.exe
2013-01-09 23:26:35    410624    ----a-w-    C:\Windows\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35    261120    ----a-w-    C:\Windows\SysWow64\Windows.Media.dll
2013-01-09 23:26:23    1752064    ----a-w-    C:\Windows\SysWow64\setupapi.dll
2013-01-09 23:26:20    67584    ----a-w-    C:\Windows\SysWow64\samlib.dll
2013-01-09 23:26:08    115712    ----a-w-    C:\Windows\SysWow64\netprofm.dll
2013-01-09 23:26:04    890880    ----a-w-    C:\Windows\SysWow64\msctf.dll
2013-01-09 23:26:03    436736    ----a-w-    C:\Windows\SysWow64\MP4SDECD.DLL
2013-01-09 23:23:32    95232    ----a-w-    C:\Windows\System32\wiaacmgr.exe
2013-01-09 23:23:25    2094592    ----a-w-    C:\Windows\System32\mmc.exe
2013-01-09 23:23:23    240640    ----a-w-    C:\Windows\System32\fsquirt.exe
2013-01-09 23:23:18    256000    ----a-w-    C:\Windows\System32\WSDMon.dll
2013-01-09 23:23:16    1964544    ----a-w-    C:\Windows\System32\wlidsvc.dll
2013-01-09 23:23:14    594944    ----a-w-    C:\Windows\System32\Windows.Networking.dll
2013-01-09 23:23:14    406016    ----a-w-    C:\Windows\System32\Windows.Media.dll
2013-01-09 23:23:07    1886208    ----a-w-    C:\Windows\System32\setupapi.dll
2013-01-09 23:23:05    728064    ----a-w-    C:\Windows\System32\samsrv.dll
2013-01-09 23:22:53    464384    ----a-w-    C:\Windows\System32\netprofmsvc.dll
2013-01-09 23:22:53    151040    ----a-w-    C:\Windows\System32\netprofm.dll
2013-01-09 23:22:43    1120768    ----a-w-    C:\Windows\System32\msctf.dll
2013-01-09 23:22:41    666112    ----a-w-    C:\Windows\System32\MP4SDECD.DLL
2013-01-09 23:22:35    438272    ----a-w-    C:\Windows\System32\lsm.dll
2013-01-09 23:22:29    894464    ----a-w-    C:\Windows\System32\iphlpsvc.dll
2013-01-09 23:22:29    159232    ----a-w-    C:\Windows\System32\inetpp.dll
2013-01-09 23:22:26    49152    ----a-w-    C:\Windows\System32\drivers\UMDF\HidBthLE.dll
2013-01-09 23:22:05    1918464    ----a-w-    C:\Windows\System32\wbem\cimwin32.dll
2013-01-09 03:59:47    341504    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys
2013-01-09 03:59:16    74752    ----a-w-    C:\Windows\System32\drivers\BTHUSB.SYS
2013-01-09 03:58:34    51712    ----a-w-    C:\Windows\System32\drivers\bthenum.sys
2013-01-09 03:57:50    1175040    ----a-w-    C:\Windows\System32\drivers\bthport.sys
2013-01-04 05:32:36    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:19:53    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2012-12-20 00:37:37    1775616    ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-12-20 00:37:04    2881536    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-12-20 00:37:02    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2012-12-20 00:37:02    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2012-12-20 00:36:50    431616    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2012-12-20 00:29:16    2246656    ----a-w-    C:\Windows\System32\wininet.dll
2012-12-20 00:29:11    907776    ----a-w-    C:\Windows\System32\uxtheme.dll
2012-12-20 00:28:29    3966464    ----a-w-    C:\Windows\System32\jscript9.dll
2012-12-20 00:28:26    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2012-12-20 00:28:04    39936    ----a-w-    C:\Windows\apppatch\apppatch64\acspecfc.dll
2012-12-18 01:56:27    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2012-12-16 08:28:20    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01    35328    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33    362496    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09    300032    ----a-w-    C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 18:49:38.62 ===============
 
 
 
 

 Results of screen317's Security Check version 0.99.60  
   x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Google Chrome 24.0.1312.57  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 
 

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 18:17:35
# Updated 23/02/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : egarc_000 - ASHMIN
# Boot Mode : Normal
# Running from : C:\Users\egarc_000\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\egarc_000\AppData\Local\AVG Secure Search
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16482
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\egarc_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.1921] : homepage = "hxxp://searchab.com/?aff=7&uid=beea21e2-7981-11e2-be87-8c89a506ea05",
 
*************************
 
AdwCleaner[S1].txt - [6127 octets] - [18/02/2013 04:08:31]
AdwCleaner[S2].txt - [1287 octets] - [28/02/2013 18:17:35]
 
########## EOF - C:\AdwCleaner[S2].txt - [1347 octets] ##########
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 04 March 2013 - 11:12 AM

Your logs are clean.

 

 

If all is well:
 
Time for some housekeeping
 
To remove AdwCleaner.
 
Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.
 
If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.
 
Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
 
Surf Safely, and Think Prevention!
===
 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 10 March 2013 - 09:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users