Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection redirecting web pages


  • This topic is locked This topic is locked
7 replies to this topic

#1 scjkhb

scjkhb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 27 November 2013 - 01:29 PM

this malware is redirecting pages like google, yahoo, bing, and ect....   It redirects to an automotive parts seller.  Of course I have tried a few solutions before finding this site.  Running AVG2014 free anti virus and fire wall, also loaded Avast free to run another scan.  In addition I have down loaded and run the following malware programs Malwarebyte and Spybot.  I read your malware instructions and I was not sure how to end script running programs so I just ran the DDS utility anyways.

 

DDS Log results:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by computer at 6:09:37 on 2013-11-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1790.208 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=lt31&r=27360712c106l04c3w185a4682v263
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CD601EB7-1C91-4C98-82A2-C3848FEC529B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CD601EB7-1C91-4C98-82A2-C3848FEC529B}\354756675602A416D69637F6E6 : DHCPNameServer = 198.224.144.135 198.224.145.135
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-SSODL: WebCheck - <orphaned>
Hosts: 184.22.81.15 www.imeetzu.com
Hosts: 184.22.81.15 imeetzu.com
Hosts: 184.22.81.15 www.omegle.com
Hosts: 184.22.81.15 omegle.com
Hosts: 184.22.81.15 www.runescape.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fvthaq8s.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-11-26 17:44; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-26 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-26 205320]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-26 1032416]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-26 409832]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-26 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-26 84328]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-26 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-12 215040]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-18 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .vbs: VBSFile="C:\Windows\System32\Notepad.exe" %1 [default=Edit - 'Open' doesn't exist]
FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-11-27 14:08:11    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34C1BE38-BF87-415E-A2BD-AE8DBE89D7AA}\mpengine.dll
2013-11-27 03:46:34    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2013-11-27 03:46:28    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-11-27 03:46:16    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-27 01:49:42    --------    d-----w-    C:\Users\computer\AppData\Roaming\AVAST Software
2013-11-27 01:44:30    205320    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-11-27 01:44:29    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-11-27 01:44:28    1032416    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-11-27 01:44:26    84328    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-11-27 01:44:25    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-11-27 01:44:06    43152    ----a-w-    C:\Windows\avastSS.scr
2013-11-27 01:43:01    --------    d-----w-    C:\Program Files\AVAST Software
2013-11-27 01:41:26    --------    d-----w-    C:\ProgramData\AVAST Software
2013-11-26 23:43:04    --------    d-----w-    C:\Users\computer\AppData\Roaming\Malwarebytes
2013-11-26 23:42:45    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-11-26 23:42:42    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-11-26 23:42:42    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 20:40:43    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-11-26 20:38:58    --------    d-----w-    C:\Users\computer\AppData\Local\cache
2013-11-26 20:38:42    --------    d-----w-    C:\Users\computer\AppData\Local\Mobogenie
2013-11-26 20:36:38    --------    d-----w-    C:\Users\computer\AppData\Roaming\Systweak
2013-11-26 20:36:30    20312    ----a-w-    C:\Windows\System32\roboot64.exe
2013-11-26 20:36:12    --------    d-----w-    C:\Users\computer\AppData\Local\Programs
2013-11-26 20:35:49    --------    d-----w-    C:\temp
2013-11-26 20:35:43    --------    d-----w-    C:\Program Files\Level Quality Watcher
2013-11-26 20:33:08    --------    d-----w-    C:\Users\computer\AppData\Roaming\AVG2014
2013-11-26 20:30:42    --------    d--h--w-    C:\$AVG
2013-11-26 20:30:42    --------    d-----w-    C:\ProgramData\AVG2014
2013-11-26 20:29:26    --------    d-----w-    C:\Users\computer\AppData\Local\Avg2014
2013-11-26 18:14:45    --------    d-----w-    C:\Program Files (x86)\AVG
2013-11-15 01:05:24    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-07 21:56:24    --------    d-----w-    C:\ProgramData\Oracle
2013-11-07 21:55:12    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-06 05:55:48    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 05:52:42    240920    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 07:00:18    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 06:49:46    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
.
==================== Find3M  ====================
.
2013-11-23 03:53:30    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 03:53:30    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-11 13:50:16    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-25 06:25:58    194872    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-10-22 20:52:32    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-22 20:51:58    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-10-22 20:51:58    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-10-22 20:51:56    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-10-22 20:51:55    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-10-22 20:51:55    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-10-22 20:51:54    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-10-22 20:51:53    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-10-22 20:51:51    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-10-22 20:51:51    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-10-22 20:51:50    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-10-22 20:51:50    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-10-22 20:51:50    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-10-22 20:42:37    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-10-22 20:42:37    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-10-12 08:45:20    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:08:58    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-10-01 08:52:08    123704    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-10 08:43:02    31544    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
.
============= FINISH:  6:12:51.44 ===============
 



BC AdBot (Login to Remove)

 


#2 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 30 November 2013 - 05:28 AM

Hi scjkhb,
I will be helping you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.



#3 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 01 December 2013 - 07:23 AM

Hello scjkhb,

 

Please read all of these instructions before starting.

I need you to do the following:

  • Download adwCleaner from here and save to desktop
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Regards,

alexsmith2709



#4 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 04 December 2013 - 10:11 AM

Hi scjkhb,

Do you still require help to clean your computer?

 

alexsmith2709



#5 scjkhb

scjkhb
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 04 December 2013 - 12:42 PM

Sorry for my delay, as I have been out of town for work. I will be home later this week and I can complete the additional steps.

Thanks

#6 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 December 2013 - 05:46 AM

No problem. Thanks for the update.



#7 alexsmith2709

alexsmith2709

  • Members
  • 504 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 09 December 2013 - 01:35 PM

Hi scjkhb,

Are you still away for work and still need help or have you sorted things now?



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:37 PM

Posted 13 December 2013 - 10:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users