Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New to Malware probs


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lollipop2013

Lollipop2013

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 29 May 2013 - 02:21 PM

Hi and good evening.

 

I have a DDS Log and am hoping someone will explain

A. have I done it correctly

B. How to put it right,

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16483
Run by Williams F1 at 20:00:45 on 2013-05-29
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3002.1218 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Norton Family\Engine\2.8.0.5\ccSvcHst.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\WebCake\WebCakeDesktop.Updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Family\Engine\2.8.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\Williams F1\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Williams F1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=27D100234DBF6F82
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=GB&userid=1c8f87f5-35df-4e54-a21d-da82265aadf0&searchtype=ds&q={searchTerms}&installDate=01/01/1970
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uSearchAssistant = about:blank
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearsharetb\BearShareDx.dll
BHO: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - c:\program files\hewlett-packard\smartprint\QuickPrintBHO.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\program files\imesh applications\mediabar\toolbar\imeshdtxmltbpi.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files\iminent toolbar\tbcore3.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.3.1.22\ips\ipsbho.dll
BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll
BHO: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - <orphaned>
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - 
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Norton Family BHO: {B8E07826-0971-4f16-B133-047B88034E89} - c:\program files\norton family\engine\2.8.0.5\coieplg.dll
BHO: Tube Karaoke: {F351B686-F6AF-45F1-9EB9-684C805B25B1} - 
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files\iminent toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\program files\bearsharetb\BearShareDx.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\program files\imesh applications\mediabar\toolbar\imeshdtxmltbpi.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - 
TB: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files\iminent toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.3.1.22\coieplg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} - <orphaned>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\williams f1\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AROReminder] c:\program files\aro 2011\ARO.exe -rem
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /systray /nologon
uRun: [SearchProtect] c:\users\williams f1\appdata\roaming\searchprotect\bin\cltmng.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [DependencyCheck] Performed
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TQ566808] "E:\Setup.exe"
mRun: [PC Cleaners] "c:\program files\pc cleaners\PCCleaners.exe" /minimize
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\users\willia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\willia~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openoffice.org 3.1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-f400-8796-100000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\HPQuickPrintLauncher.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5CC22021-5841-47C1-A032-942064F45A93} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9EB976AA-7A77-4B7C-A2BC-3F8221A7C90F} : DHCPNameServer = 88.82.13.28 88.82.13.28
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\williams f1\appdata\roaming\mozilla\firefox\profiles\v1zpigbl.default\
FF - prefs.js: browser.startup.homepage - 
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\williams f1\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - ExtSQL: !HIDDEN! 2010-01-14 08:47; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 27d1504a00000000000000234dbf6f82
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15853
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.515:09:57
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121150&tt=gc_
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extentions.webcake.installId - 2449c7ff-8539-4d6b-85e1-eb0cc8ebaeb0
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1403010.016\symds.sys [2013-5-10 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1403010.016\symefa.sys [2013-5-10 934488]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-26 37664]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\bashdefs\20130515.001\BHDrvx86.sys [2013-5-20 1000024]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys [2013-5-10 134304]
R1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\nsm\0208000.005\ccsetx86.sys [2013-5-16 134304]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd03030.013\ccSetx86.sys [2013-5-10 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\ipsdefs\20130528.001\IDSvix86.sys [2013-5-29 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1403010.016\ironx86.sys [2013-5-10 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys [2013-5-10 350368]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-5-15 101168]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-21 21504]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2013.3.3.19\ccSvcHst.exe [2013-5-10 144520]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.3.1.22\ccsvchst.exe [2013-5-10 144520]
R2 NSM;Norton Family;c:\program files\norton family\engine\2.8.0.5\ccsvchst.exe [2013-5-16 143928]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2013-2-23 90112]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-10-10 793048]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-9 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-5-27 1153368]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-26 1015984]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\webcake\WebCakeDesktop.Updater.exe [2013-5-28 23552]
R2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\free ride games\X6XSEx_Pr143.sys [2013-5-28 47432]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-2-6 585728]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-9 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-10 106656]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-4-16 72832]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-30 112128]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1108000.005\cchpx86.sys [2010-9-24 501888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\pc tools utilities\tools\defrag\DMDefragSrv.exe [2011-10-11 1050592]
S2 gupdate1c980ccafd0fad0;Google Update Service (gupdate1c980ccafd0fad0);c:\program files\google\update\GoogleUpdate.exe [2009-1-27 133104]
S2 NAV;Norton AntiVirus;"c:\program files\norton antivirus\engine\17.8.0.5\ccsvchst.exe" /s "nav" /m "c:\program files\norton antivirus\engine\17.8.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\engine\17.8.0.5\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\pc tools utilities\tools\repair\DMRepairSrv.exe [2011-10-11 1034208]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-4-16 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-4-16 11136]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-4-16 85760]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2012-4-16 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-4-16 26496]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-10-11 108056]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2011-10-11 127256]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2013-2-23 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2013-2-23 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2013-2-23 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2013-2-23 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2013-2-23 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2013-2-23 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2013-2-23 109864]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-4-22 12984]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\system32\drivers\nsm\0208000.005\symrdr.sys [2013-5-16 202144]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2009-12-13 30336]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-05-29 17:13:08 388096 ----a-r- c:\users\williams f1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-05-29 17:01:25 -------- d-----w- c:\program files\Trend Micro
2013-05-28 16:31:21 -------- d-----w- c:\programdata\boost_interprocess
2013-05-28 14:13:16 -------- d-----w- C:\Remote Programs
2013-05-28 14:13:04 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-05-28 14:13:04 -------- d-----w- c:\programdata\Free Ride Games
2013-05-28 14:13:01 1169609 ----a-w- c:\windows\unins000.exe
2013-05-28 14:12:53 -------- d-----w- c:\program files\vGrabber-software
2013-05-28 14:12:40 58264 ------w- c:\windows\ExentInfo.exe
2013-05-28 14:11:02 -------- d-----w- c:\users\williams f1\appdata\roaming\WebCake
2013-05-28 14:11:02 -------- d-----w- c:\program files\WebCake
2013-05-28 14:09:10 -------- d-----w- c:\programdata\Babylon
2013-05-27 18:26:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-27 18:26:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-26 11:51:18 -------- d-----w- c:\users\williams f1\appdata\local\AVG SafeGuard toolbar
2013-05-26 11:50:55 -------- d-----w- C:\rei
2013-05-26 11:50:25 -------- d-----w- c:\program files\Reimage
2013-05-26 11:49:54 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-05-26 11:49:29 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-26 11:49:20 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-05-26 11:49:17 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-05-26 11:42:15 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-20 19:41:37 -------- d-----w- c:\users\williams f1\appdata\roaming\IDM
2013-05-20 19:41:37 -------- d-----w- c:\users\williams f1\appdata\roaming\DMCache
2013-05-20 19:41:37 -------- d-----w- c:\programdata\IDM
2013-05-20 19:41:22 -------- d-----w- c:\program files\Internet Download Manager
2013-05-20 16:50:14 69632 ----a-r- c:\users\williams f1\appdata\roaming\microsoft\installer\{89505a66-35f0-4401-b3ad-d077051f8698}\ARPPRODUCTICON.exe
2013-05-20 16:50:14 49152 ----a-r- c:\users\williams f1\appdata\roaming\microsoft\installer\{89505a66-35f0-4401-b3ad-d077051f8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-20 16:48:16 -------- d-----w- c:\program files\LyricsFinder
2013-05-20 16:48:09 -------- d-----w- c:\program files\MiPony
2013-05-19 15:24:10 -------- d-----w- c:\program files\SearchProtect
2013-05-19 15:23:04 -------- d-----w- c:\users\williams f1\appdata\local\CRE
2013-05-19 13:32:37 5765 ----a-w- c:\windows\system32\Memman.vxd
2013-05-19 13:32:37 389120 ----a-w- c:\windows\system32\actskn43.ocx
2013-05-19 13:32:37 253952 ----a-w- c:\windows\system32\skinboxer43.dll
2013-05-19 13:32:37 221184 ----a-w- c:\windows\system32\hookmenu.ocx
2013-05-19 13:32:37 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2013-05-19 13:32:37 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2013-05-19 13:32:37 -------- d-----w- c:\users\williams f1\appdata\roaming\AntiHijack DAT
2013-05-19 13:32:36 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2013-05-19 13:32:36 132880 ----a-w- c:\windows\system32\msinet.ocx
2013-05-19 13:32:36 -------- d-----w- c:\program files\Hacker Freeze
2013-05-16 10:29:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 04:29:39 202144 ----a-r- c:\windows\system32\drivers\nsm\0208000.005\symrdr.sys
2013-05-16 04:29:39 134304 ----a-r- c:\windows\system32\drivers\nsm\0208000.005\ccsetx86.sys
2013-05-16 04:29:36 -------- d-----w- c:\windows\system32\drivers\nsm\0208000.005
2013-05-16 00:38:26 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 00:38:19 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 00:38:19 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 05:28:56 101168 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-10 17:28:08 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-05-10 10:42:47 350368 ----a-r- c:\windows\system32\drivers\nis\1403010.016\symtdiv.sys
2013-05-10 10:42:46 934488 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symefa.sys
2013-05-10 10:42:46 602712 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtsp.sys
2013-05-10 10:42:46 367704 ----a-w- c:\windows\system32\drivers\nis\1403010.016\symds.sys
2013-05-10 10:42:46 338592 ----a-r- c:\windows\system32\drivers\nis\1403010.016\symnets.sys
2013-05-10 10:42:46 32344 ----a-w- c:\windows\system32\drivers\nis\1403010.016\srtspx.sys
2013-05-10 10:42:46 21400 ----a-r- c:\windows\system32\drivers\nis\1403010.016\symelam.sys
2013-05-10 10:42:46 175264 ----a-r- c:\windows\system32\drivers\nis\1403010.016\ironx86.sys
2013-05-10 10:42:46 134304 ----a-w- c:\windows\system32\drivers\nis\1403010.016\ccsetx86.sys
2013-05-10 10:41:53 -------- d-----w- c:\windows\system32\drivers\nis\1403010.016
2013-05-10 10:41:27 -------- d-----w- c:\windows\system32\drivers\NIS
2013-05-10 10:41:25 -------- d-----w- c:\program files\Norton Internet Security
2013-05-10 10:14:13 134304 ----a-r- c:\windows\system32\drivers\nst\7dd03030.013\ccSetx86.sys
2013-05-10 10:13:24 -------- d-----w- c:\windows\system32\drivers\nst\7DD03030.013
2013-05-10 10:13:24 -------- d-----w- c:\windows\system32\drivers\NST
2013-05-10 10:13:18 -------- d-----w- c:\program files\Norton Identity Safe
2013-05-10 08:24:29 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d0b0494b-5d19-41fc-9846-c8d7a8bcc0ba}\mpengine.dll
2013-05-06 10:27:45 88576 ----a-w- c:\windows\system32\tlntsess.exe
2013-05-06 10:27:45 71168 ----a-w- c:\windows\system32\telnet.exe
2013-05-05 18:58:56 -------- d-----w- c:\users\williams f1\appdata\local\SwvUpdater
2013-05-05 17:54:46 -------- d-----w- c:\windows\system32\msmq
2013-05-05 15:13:58 -------- d-----w- c:\users\williams f1\appdata\local\{BBBF3EB4-5007-45EF-A7A0-957375ED5C7E}
2013-05-05 12:42:52 -------- d-----w- C:\inetpub
2013-05-03 16:24:52 -------- d-----w- c:\users\williams f1\appdata\local\{A6E12853-3BD4-41C0-81CC-0499B53F7602}
2013-05-03 07:33:32 -------- d-----w- c:\users\williams f1\appdata\local\{3EC2CEB0-B122-4D3F-80D9-AA4F171F4B04}
2013-05-02 10:13:26 -------- d-----w- c:\program files\Amazon Browser Bar
2013-05-02 10:13:20 -------- d-----w- c:\program files\Amazon
2013-05-02 10:12:31 -------- d-----w- c:\program files\Solid Savings
2013-05-01 21:44:53 -------- d-----w- c:\users\williams f1\appdata\local\{B880CB4E-6227-459A-A3C7-2D8629D235AE}
2013-05-01 10:39:42 -------- d-----w- c:\windows\system32\BrowserProtect
2013-05-01 09:38:32 -------- d-----w- c:\program files\Nokia
2013-05-01 08:18:47 -------- d-----w- c:\users\williams f1\appdata\local\{64E47F98-6098-4DDD-A657-C6B8928BE7CF}
2013-04-30 07:21:07 -------- d-----w- c:\users\williams f1\appdata\local\{543755FB-1609-4828-9F5A-3F2F4D6B3CAF}
.
==================== Find3M  ====================
.
2013-05-15 07:24:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 07:24:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-10 10:43:40 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-05-08 06:10:12 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-08 06:10:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-07 14:55:28 507904 ----a-r- c:\windows\system32\btwapi.dll
2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
============= FINISH: 20:01:43.07 ===============
 

thanks a million

 

Lollipop



BC AdBot (Login to Remove)

 


#2 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 01 June 2013 - 12:31 AM

Hi and Welcome!! Lollipop2013 :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

===========================

You miss the Attach.txt

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next

AdwCleaner
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • Attach.txt
  • checkup.txt
  • AdwCleaner[S1].txt
  • All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#3 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 04 June 2013 - 10:56 PM

Still need help?

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#4 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 06 June 2013 - 09:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users