Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I.E. 9 Ads auto launch on User Account


  • This topic is locked This topic is locked
4 replies to this topic

#1 rodbhi

rodbhi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 22 September 2013 - 01:08 PM

Ads Auto Launch in I.E. 9 on just one of the user accounts on this computer. I.E. 9 does not have to be opened for the ads tolaunch.  I have taken the following steps:

 

 Ran Spybot Search & Destroy scan

 Ran Hitman Pro

 Ran Malwarebytes Anti Mal-Ware Scan

 Ran MS Security Essentials

 

The scans find threats and clean but the issues remain.

 

 

Running WIndows 7 Home Edition

Also Admin account is not having this issue.

 

How can I get the ads for auto launching and make the computer safe.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447  BrowserJavaVersion: 10.17.2
Run by Isabel at 10:49:14 on 2013-09-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4029.1998 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Soda PDF 5\HelperService.exe
C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\ProgramData\GorillaPrice\WatGorp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Tango\Tango.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\QNAP\QGet\QGet.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\QNAP\QGet\QGetServer.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://samsung.msn.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Soda PDF 5 IE Helper: {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Soda PDF 5 IE Toolbar: {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Facebook Update] "C:\Users\Isabel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QGet] "C:\Program Files (x86)\QNAP\QGet\QGet.exe" /min
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QNAPQG~1.LNK - C:\Program Files (x86)\QNAP\QGet\QGet.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download by QGet - C:\Program Files (x86)\QNAP\QGet\QGetCatch.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EEB8436D-7E09-4C35-BCCC-A227973061A8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EEB8436D-7E09-4C35-BCCC-A227973061A8}\16A7D2963707 : DHCPNameServer = 216.163.120.19 207.171.255.132
TCP: Interfaces\{EEB8436D-7E09-4C35-BCCC-A227973061A8}\E45445745414257353 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Isabel\AppData\Roaming\Mozilla\Firefox\Profiles\5nr5oyqv.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Isabel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Isabel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Isabel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Isabel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Isabel\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-07 21:30; FFSodaPDF5Converter@sodapdf.com; C:\Program Files (x86)\Soda PDF 5\FFSoda5Ext
FF - ExtSQL: !HIDDEN! 2012-02-02 16:04; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-3-20 203888]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-4-18 13824]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 GorillaPrice;GorillaPrice;C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -service --> C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -service [?]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-8 109352]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-21 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-21 682344]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-6 1370400]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-5-31 2804568]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-31 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
R2 Soda PDF 5 Helper Service;Soda PDF 5 Helper Service;C:\Program Files (x86)\Soda PDF 5\HelperService.exe [2013-6-12 1097544]
R2 Soda PDF 5 Service;Soda PDF 5 Service;C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [2013-6-12 794440]
R2 WatGorp;WatGorp;C:\ProgramData\GorillaPrice\WatGorp.exe -service --> C:\ProgramData\GorillaPrice\WatGorp.exe -service [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-4-18 111616]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-5-29 24176]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2010-7-8 401696]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-12-24 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-12-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-22 07:23:59    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44C449EA-2D50-4D62-8F17-9DD2766FF89F}\offreg.dll
2013-09-21 15:18:37    9694160    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44C449EA-2D50-4D62-8F17-9DD2766FF89F}\mpengine.dll
2013-09-19 19:40:54    --------    d-----w-    C:\Program Files\iPod
2013-09-19 19:40:52    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-19 19:40:52    --------    d-----w-    C:\Program Files\iTunes
2013-09-19 19:40:52    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-19 19:35:48    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-09-15 15:38:35    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-12 23:57:17    --------    d-----w-    C:\Program Files (x86)\PDFBinder
2013-09-11 01:47:14    33240    ----a-w-    C:\windows\System32\drivers\GEARAspiWDM.sys
2013-09-09 01:23:31    12872    ----a-w-    C:\windows\System32\bootdelete.exe
2013-09-09 01:14:05    --------    d-----w-    C:\Program Files\HitmanPro
2013-09-09 01:12:40    --------    d-----w-    C:\ProgramData\HitmanPro
2013-09-09 00:47:07    --------    d-----w-    C:\ProgramData\boost_interprocess
2013-09-09 00:09:04    --------    d-----w-    C:\Users\Isabel\AppData\Local\avgchrome
2013-09-08 19:36:36    --------    d-----w-    C:\Users\Isabel\AppData\Roaming\Open Download Manager
2013-09-08 19:35:55    --------    d-----w-    C:\ProgramData\GorillaPrice
2013-09-08 19:35:46    --------    d-----w-    C:\Program Files (x86)\GorillaPrice
2013-09-08 19:35:03    --------    d-----w-    C:\windows\SysWow64\modules
2013-09-08 19:35:03    --------    d-----w-    C:\windows\SysWow64\images
2013-09-08 19:35:03    --------    d-----w-    C:\windows\SysWow64\html
2013-09-08 19:35:03    --------    d-----w-    C:\windows\SysWow64\css
2013-09-08 19:35:02    --------    d-----w-    C:\windows\SysWow64\js
2013-09-08 19:32:51    --------    d-----w-    C:\ProgramData\DSearchLink
2013-09-08 04:29:52    --------    d-----w-    C:\Program Files (x86)\Soda PDF 5
2013-09-08 04:18:40    --------    d-----w-    C:\Users\Isabel\AppData\Roaming\PDF Software
2013-09-08 04:18:07    --------    d-----w-    C:\Program Files (x86)\Common Files\Soda PDF 5
2013-09-07 06:27:47    --------    d-----w-    C:\Program Files (x86)\Ultimate Gaming
2013-09-07 06:27:46    --------    d-----w-    C:\ProgramData\Ultimate Gaming
2013-09-05 14:04:02    209272    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2013-09-05 14:04:02    209272    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-20 01:27:11    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 01:27:11    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-10 10:04:13    4167680    ----a-w-    C:\Program Files (x86)\GUT6DF4.tmp
.
============= FINISH: 10:50:28.05 ===============
 

Attached Files

  • Attached File  DDS.txt   19.75KB   1 downloads

Edited by Noviciate, 22 September 2013 - 02:35 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 PM

Posted 22 September 2013 - 02:36 PM

Good evening. :)

Is this the log from the User account with the issue?


So long, and thanks for all the fish.

 

 


#3 rodbhi

rodbhi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 22 September 2013 - 07:01 PM

Thanks for the reponse. I ran this using the admin's account.

 

 



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 PM

Posted 23 September 2013 - 02:12 PM

Good evening. :)

Assuming that the account with the problem is not the admin account, you need to log into the account with the problem and run DDS from that one and post accordingly.


So long, and thanks for all the fish.

 

 


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 PM

Posted 12 October 2013 - 04:21 PM

Thread locked as there has been no reply for over two weeks.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users