Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help. Fake Redirecting Flash Update.


  • This topic is locked This topic is locked
20 replies to this topic

#1 minh90042

minh90042

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 May 2013 - 05:17 PM

HELP! I accidently download a fake adobe flash update and now google/firefox keeps on redirecting me to random websites. 


Edited by minh90042, 21 May 2013 - 05:21 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 21 May 2013 - 06:04 PM



Hello minh90042

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 May 2013 - 06:56 PM



DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 1.6.0_41
Run by Dennis at 17:12:55 on 2013-05-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2551 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Dennis\AppData\Local\DownloadTerms\temp.dat
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe /H
uRun: [Google Update] "C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(237).ini
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1E1CC265-5D87-4E4B-AFF2-1570C196FD1B} : DHCPNameServer = 192.168.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1syi1bf5.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-01 17:00; kgcngo@xmmomglptujvwxntife.org; C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1syi1bf5.default\extensions\kgcngo@xmmomglptujvwxntife.org
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 55056]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-5-26 467968]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-4 701512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-10-7 517632]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-22 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2011-5-26 31336]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2011-5-26 157288]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-1-25 39808]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-1-25 64256]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-4 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-22 413800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-9-17 24368]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-7 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-5-4 32000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-29 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S3 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
S3 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S3 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-16 12:36:31 0 ----a-w- C:\Windows\SysWow64\shoC3FE.tmp
2013-05-15 19:44:20 9195912 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-04 08:27:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-04 08:27:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-04 08:27:17 -------- d-----w- C:\Users\Dennis\AppData\Local\Programs
2013-05-04 07:45:42 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-05-04 07:33:12 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-02 21:10:31 -------- d-----w- C:\Program Files (x86)\EpicBot
2013-05-02 21:09:21 -------- d-----w- C:\Users\Dennis\AppData\Local\DownloadTerms
2013-05-02 10:06:47 -------- d-----w- C:\Simba
2013-04-24 07:41:31 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 19:44:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:44:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-04 00:51:37 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-04 00:51:37 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-24 09:57:01 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-04-24 09:57:01 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-04-24 09:57:01 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 17:13:10.95 ===============
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2011 12:19:51 PM
System Uptime: 5/21/2013 12:18:50 PM (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-870A-USB3
Processor: AMD Phenom™ II X4 925 Processor | Socket M2 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 923 GiB total, 477.474 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP355: 5/5/2013 7:00:04 PM - Windows Backup
RP356: 5/10/2013 3:00:16 AM - Windows Update
RP357: 5/12/2013 8:54:45 PM - Windows Backup
RP358: 5/16/2013 3:00:20 AM - Windows Update
RP359: 5/19/2013 7:56:54 PM - Windows Backup
.
==== Installed Programs ======================
.
µTorrent
4500_Help
64 Bit HP CIO Components Installer
AC3Filter 1.62b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In 
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
BattlEye for OA Uninstall
BattlEye Uninstall
Bigfoot Networks Killer Network Manager
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
DiskAid 4.64
DivX Setup
DownloadTerms
Etron USB3.0 Host Controller
EuroTalk Talk Now!
FileHippo.com Update Checker
GameSpy Arcade
Google Chrome
HP Officejet J4500 Series
Internet TV for Windows Media Center
iTunes
J4500
Java Auto Updater
Java™ 6 Update 41
Java™ SE Development Kit 6 Update 41
Junk Mail filter update
Kaspersky Internet Security 2013
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My MP4Box GUI 0.5.5.4
Nexon Game Manager
Norton Utilities
OpenOffice.org 3.3
Pando Media Booster
PC Wizard 2012.2.11
ProductContext
QuickTime
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Rome - Total War
Scan
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Shop To Win
Spotify
Steam
swMSM
Toolbox
Total War: SHOGUN 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.2
Warcraft III
WD Drive Utilities
WD Security
WD SmartWare
WebReg
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.11 (64-bit)
Zipeg
.
==== Event Viewer Messages From Past Week ========
.
5/21/2013 12:19:45 PM, Error: Service Control Manager [7000]  - The AODDriver4.2 service failed to start due to the following error:  The system cannot find the file specified.
5/21/2013 1:09:30 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/20/2013 4:49:57 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
5/14/2013 11:40:53 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bigfoot Networks Killer Service service.
.
==== End Of File ===========================
 
 

 

 

 


 


Edited by minh90042, 21 May 2013 - 07:15 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 21 May 2013 - 08:12 PM



Hello minh90042,

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 21 May 2013 - 10:34 PM

thank you so much  for helping! I have been surfing the web and so far so good. the redirecting has stop

 

# AdwCleaner v2.301 - Logfile created 05/21/2013 at 20:12:19
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dennis - DENNIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\Downloads\AdwCleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Dennis\AppData\LocalLow\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1syi1bf5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1105.2

File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7569 octets] - [04/05/2013 01:11:39]
AdwCleaner[R2].txt - [7629 octets] - [04/05/2013 01:12:18]
AdwCleaner[R3].txt - [1132 octets] - [04/05/2013 01:21:56]
AdwCleaner[R4].txt - [1320 octets] - [21/05/2013 20:06:24]
AdwCleaner[R5].txt - [1384 octets] - [21/05/2013 20:08:34]
AdwCleaner[R6].txt - [1444 octets] - [21/05/2013 20:09:37]
AdwCleaner[R7].txt - [1504 octets] - [21/05/2013 20:11:42]
AdwCleaner[R8].txt - [1315 octets] - [21/05/2013 20:12:19]
AdwCleaner[S1].txt - [8003 octets] - [04/05/2013 01:13:26]
AdwCleaner[S2].txt - [1193 octets] - [04/05/2013 01:22:36]

########## EOF - C:\AdwCleaner[R8].txt - [1495 octets] ##########

 

 

 

 

 

 

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dennis on Tue 05/21/2013 at 20:15:33.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D0F8EB5A-7AA3-411E-A330-C65905E7F0FE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoC3FE.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dennis\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Dennis\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\Dennis\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Dennis\appdata\local\{14BBED50-B168-4267-A2B4-43E086F8ADBD}
Successfully deleted: [Empty Folder] C:\Users\Dennis\appdata\local\{B54B0E29-B409-4444-B207-9F914AD4E918}
Successfully deleted: [Empty Folder] C:\Users\Dennis\appdata\local\{B5B62F09-C854-427D-929B-633E974C1A4A}



~~~ FireFox

Emptied folder: C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\1syi1bf5.default\minidumps [287 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/21/2013 at 20:22:17.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 21 May 2013 - 11:12 PM


Hello minh90042

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 May 2013 - 02:53 AM

before a ran combofix. i was redirected about 5x which was a lot less then before. while running combofix, it identified some maleware and a trojan virus and kaspersky gave me an option to terminated the trojan virus. which i did but i dont know if i was suppose to have done that. After the reboot i got an error" Illegal operation attempted" . restarted the computer. opened up google to bleepingcomputer and was redirected to nortonsecurity page.  



 

ComboFix 13-05-22.01 - Dennis 05/21/2013  23:55:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.2267 [GMT -7:00]
Running from: C:\Users\Dennis\Desktop\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Users\Dennis\AppData\Local\assembly\tmp
C:\Users\Dennis\AppData\Roaming\inst.exe
C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml
C:\Windows\SysWow64\URTTemp
C:\Windows\SysWow64\URTTemp\regtlib.exe
 
 
(((((((((((((((((((((((((   Files Created from 2013-04-22 to 2013-05-22  )))))))))))))))))))))))))))))))
 
 
2013-05-22 07:09:41 . 2013-05-22 07:09:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8491E9F-4C40-4229-BE66-87C64C82E5DC}\offreg.dll
2013-05-22 07:06:48 . 2013-05-22 07:06:48 -------- d-----w- C:\Users\Mcx1-DENNIS-PC\AppData\Local\temp
2013-05-22 07:06:48 . 2013-05-22 07:06:48 -------- d-----w- C:\Users\Mcx1-DENNIS-PC.Dennis-PC\AppData\Local\temp
2013-05-22 07:06:48 . 2013-05-22 07:06:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-05-22 03:13:29 . 2013-05-22 03:13:29 -------- d-----w- C:\Windows\ERUNT
2013-05-22 03:12:56 . 2013-05-22 03:12:56 -------- d-----w- C:\New folder
2013-05-22 03:02:13 . 2013-05-22 03:15:18 -------- d-----w- C:\JRT
2013-05-15 19:44:20 . 2013-05-15 19:44:21 9195912 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-10 10:03:32 . 2013-05-10 10:03:32 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-05-04 08:27:35 . 2013-05-04 08:27:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-04 08:27:35 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-05-04 08:27:17 . 2013-05-04 08:27:17 -------- d-----w- C:\Users\Dennis\AppData\Local\Programs
2013-05-04 07:45:42 . 2013-05-04 07:45:42 32000 ----a-w- C:\Windows\system32\drivers\hitmanpro37.sys
2013-05-04 07:33:12 . 2013-05-04 07:43:25 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-04 00:52:31 . 2013-05-04 00:52:31 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-05-02 21:10:31 . 2013-05-02 21:22:04 -------- d-----w- C:\Program Files (x86)\EpicBot
2013-05-02 10:06:47 . 2013-05-14 20:53:58 -------- d-----w- C:\Simba
2013-04-24 07:41:31 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-05-17 21:20:57 . 2012-05-26 18:07:12 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-16 10:06:19 . 2011-12-30 10:43:42 75016696 ----a-w- C:\Windows\system32\MRT.exe
2013-05-15 19:44:25 . 2012-04-17 21:57:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:44:25 . 2012-04-17 21:57:29 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-04 00:51:37 . 2012-05-01 05:06:51 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-04 00:51:37 . 2011-07-28 20:09:34 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-02 20:46:14 . 2011-03-29 02:36:46 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-24 10:39:36 . 2012-06-06 18:01:35 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-04-24 10:39:22 . 2012-06-06 18:01:22 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-24 10:39:12 . 2012-06-06 18:01:05 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-24 10:39:09 . 2012-06-06 18:01:02 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-24 09:57:01 . 2012-11-21 00:43:03 90208 ----a-w- C:\Windows\system32\drivers\klflt.sys
2013-04-24 09:57:01 . 2012-11-21 00:43:03 620128 ----a-w- C:\Windows\system32\drivers\klif.sys
2013-04-24 09:57:01 . 2012-08-14 00:49:40 178448 ----a-w- C:\Windows\system32\drivers\kneps.sys
2013-04-24 09:57:01 . 2012-06-08 19:38:10 55056 ----a-w- C:\Windows\system32\drivers\kltdi.sys
2013-04-13 05:49:23 . 2013-05-15 18:24:33 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 . 2013-05-15 18:24:33 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 . 2013-05-15 18:24:33 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 . 2013-05-15 18:24:33 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 . 2013-05-15 18:24:33 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 . 2013-05-15 18:24:33 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-07 22:54:02 . 2012-05-26 18:06:59 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-07 22:53:52 . 2012-05-26 18:06:41 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-06 10:10:43 . 2012-05-26 18:06:33 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-19 06:04:06 . 2013-04-09 22:05:21 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-19 05:46:56 . 2013-04-09 22:05:20 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-03-19 05:04:13 . 2013-04-09 22:05:21 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 . 2013-04-09 22:05:21 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 . 2013-04-09 22:05:20 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 . 2013-04-09 22:05:20 112640 ----a-w- C:\Windows\system32\smss.exe
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2010-12-29 18:20:00 14432 ----a-w- C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="C:\Program Files (x86)\Norton Utilities 14\RMTray.exe" [2009-09-14 18:53:32 279912]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-31 03:41:02 4288048]
"ISUSPM Startup"="c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 19:41:30 196608]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 13:07:18 69632]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 23:08:12 1259376]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 06:30:34 421776]
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-21 00:48:01 356376]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 23:49:30 642808]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2011-5-26 560128]
desktop(237).ini [2009-7-13 174]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
 
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 17:13:58 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R3 cpuz135;cpuz135;C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-08-11 16:49:52 24368]
R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\system32\drivers\hitmanpro37.sys [2013-05-04 07:45:42 32000]
R3 LGDDCDevice;LGDDCDevice;C:\Windows\system32\LGI2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;C:\Windows\system32\LGPII2CDriver.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 20:42:54 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-29 12:11:32 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 23:06:00 14464]
R3 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 18:40:06 319384]
R3 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 20:21:12 246688]
R3 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 18:40:08 1977224]
R3 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 18:40:08 1338264]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 02:10:10 57184]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2012-08-02 23:09:34 28504]
S1 kltdi;kltdi;C:\Windows\system32\DRIVERS\kltdi.sys [2013-04-24 09:57:01 55056]
S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys [2013-04-24 09:57:01 178448]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-12-19 19:56:00 240640]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 23:32:12 361984]
S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 17:13:58 57472]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-05-26 22:24:42 467968]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 22:22:40 822624]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 21:50:32 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 21:50:32 701512]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-09-09 14:00:58 517632]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 16:30:18 508776]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 16:18:24 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 11:11:52 96256]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\system32\DRIVERS\Edge7x64.sys [2011-05-26 22:24:58 31336]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\system32\DRIVERS\Xeno7x64.sys [2011-05-26 22:24:58 157288]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys [2011-01-26 05:41:00 39808]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys [2011-01-26 05:42:00 64256]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys [2012-10-26 01:23:06 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys [2012-10-26 01:23:06 29528]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2013-04-04 21:50:32 25928]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 11:58:30 413800]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 16:30:10 764264]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 16:30:18 268648]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 16:30:18 25960]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 16:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 16:30:22 219496]
 
 
Contents of the 'Scheduled Tasks' folder
 
2013-05-22 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:57:29 . 2013-05-15 19:44:26]
 
2013-05-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732195205-302563538-770068462-1001Core.job
- C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 03:26:28 . 2012-01-27 03:26:27]
 
2013-05-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732195205-302563538-770068462-1001UA.job
- C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 03:26:28 . 2012-01-27 03:26:27]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11:32:36 11545192]
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1syi1bf5.default\
FF - ExtSQL: 2013-05-01 17:00; kgcngo@xmmomglptujvwxntife.org; C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\1syi1bf5.default\extensions\kgcngo@xmmomglptujvwxntife.org
 
- - - - ORPHANS REMOVED - - - -
 
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye for A2 - C:\Program Files (x86)\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - C:\Program Files (x86)\Shop To Win\unins000.exe
AddRemove-DownloadTerms - C:\Users\Dennis\AppData\Local\DownloadTerms\uninst.exe
 
 
 
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
   25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{0095C290-A428-4BDD-B98C-E0A116F1C702}"=hex:51,66,7a,6c,4c,1d,38,12,fe,c1,86,
   04,1a,ea,b3,0e,c6,9a,a3,e1,13,af,83,16
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
   e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
 
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,12,f7,8d,dc,c6,cc,01
 
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,68,db,73,22,bc,19,48,bd,50,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,68,db,73,22,bc,19,48,bd,50,15,\
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
 
[HKEY_USERS\S-1-5-21-3732195205-302563538-770068462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3732195205-302563538-770068462-1001)
@Denied: (2) (LocalSystem)
"Progid"="soffice.StarWriterDocument.6"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
 
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
 
------------------------ Other Running Processes ------------------------
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
 
**************************************************************************
 
Completion time: 2013-05-22  00:25:15 - machine was rebooted

Edited by minh90042, 22 May 2013 - 03:13 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 22 May 2013 - 08:05 AM


Hello minh90042

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 22 May 2013 - 03:19 PM

12:56:59.0611 4496  ============================================================
12:56:59.0611 4496  Scan finished
12:56:59.0611 4496  ============================================================
12:56:59.0611 3328  Detected object count: 6
12:56:59.0611 3328  Actual detected object count: 6
12:58:22.0478 3328  Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:22.0478 3328  Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:22.0494 3328  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:22.0494 3328  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:22.0494 3328  McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:22.0494 3328  McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:22.0494 3328  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:22.0494 3328  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:22.0494 3328  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:58:22.0494 3328  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:58:22.0494 3328  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:58:22.0494 3328  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
12:59:29.0860 3844  Deinitialize success
 

 

 
 
 
 
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : Remove -- Date : 05/22/2013 13:04:19
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] {EAEA1D56-6E45-4229-8F80-3981EC27CE0A} : C:\Users\Dennis\Desktop\Frost Music\FrostWire.exe  [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{40021656-4d6d-26e9-ca6e-3085e6c4f832}\L --> REMOVED
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 41ce695bdf50fd7c93ee99600aeddcc5
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 8313 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 17027072 | Size: 945554 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_05222013_02d1304.txt >>
RKreport[1]_S_05222013_02d1301.txt ; RKreport[2]_D_05222013_02d1304.txt


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 22 May 2013 - 04:07 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 23 May 2013 - 04:09 PM

hello i just ran tdsskiller but i am still being redirected every so often.

like on amazon i will get redirected to  quibids but on youtube/netflix it will send me to a flash update or survey. also  on google/yahoo/youtube i have ads. particularly on youtube, the ads would be "back up" , "update flash" or random sites

sorry for the late reply and i just started to notice all of these patterns



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 23 May 2013 - 07:03 PM

which browser do you have the problem with


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 23 May 2013 - 11:36 PM

both google chrome and firefox but IE is fine



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:19 PM

Posted 24 May 2013 - 12:23 AM


Hello minh90042

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.
  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 minh90042

minh90042
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 24 May 2013 - 04:52 AM

yay firefox is running normally again. no more ads or redirecting

google chrome still have ads and redirect but not as much as before






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users