Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?


  • This topic is locked This topic is locked
2 replies to this topic

#1 fatboy02

fatboy02

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 08 May 2014 - 10:10 PM

Attached File  dds.txt   31.32KB   3 downloads Hoping someone can assist.  My laptop performs ok most of the time but other times it is sluggish and doesn't respond very well.  It's only a few months old so I am unsure what it might be.  Boot up time is quick but  every time I shut down I get the waiting on programs to close pop up window but it doesn't list what programs are waiting to close.  Thanks in advance for the review.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.55.2
Run by hbaq614 at 21:50:00 on 2014-05-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3737.443 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\VPDAgent_x64.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\svchost.exe -k GPSvcGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\AvtCachedService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Products\Input Processor\ctfprochdt.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\HALAPIC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.HES\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.HES\MSSQL\Binn\fdlauncher.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\WINDOWS\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.HES\MSSQL\Binn\fdhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\windows\System32\WUDFHost.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\hbaq614\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\WizMouse\WizMouse.exe
C:\Users\hbaq614\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
C:\Users\hbaq614\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\hbaq614\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Program Files (x86)\PicPick\picpick.exe
C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Users\hbaq614\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoJabberDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraShoreTelDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraBriaDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraNECDriver.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\SCNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Users\hbaq614\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULIB9AL2\picpick_inst.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\hbaq614\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://HALWORLD.CORP.COM
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://HALWORLD.CORP.COM
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Push Client] "C:\Users\Administrator\AppData\Local\ATT Connect\Participant\pull.exe"
uRun: [f.lux] "C:\Users\hbaq614\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [WizMouse] "C:\Program Files (x86)\WizMouse\WizMouse.exe"
uRun: [Spotify Web Helper] "C:\Users\hbaq614\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [IE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
uRun: [SkyDrive] "C:\Users\hbaq614\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Google Update] "C:\Users\hbaq614\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Google+ Auto Backup] "C:\Users\hbaq614\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe /startup
uRun: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
uRun: [GoogleChromeAutoLaunch_A76EEE41D065EADD57FAC6162F392222] "C:\Users\hbaq614\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --no-startup-window
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
uRunOnce: [Uninstall C:\Users\hbaq614\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\hbaq614\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
mRun: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SAPRUNHXP] C:\WINDOWS\System32\wscript.exe C:\WINDOWS\sapupdate.vbs
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [EDFcsn] C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\hbaq614\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\hbaq614\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\hbaq614\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\Users\hbaq614\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\hbaq614\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\JABRAD~1.LNK - C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\WINDOWS\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowCpl = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: UserPolicyMode = dword:2
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: //security_MMC.exe
Trusted Zone: airsecurity.com
Trusted Zone: airsecurity.com
Trusted Zone: houebiz056
Trusted Zone: houebiz056
Trusted Zone: ipims.com
Trusted Zone: ipims.com
Trusted Zone: knowledgepak.com
Trusted Zone: knowledgepak.com
Trusted Zone: lgc.com
Trusted Zone: lgc.com
Trusted Zone: np1cmpr001
Trusted Zone: outtask.com
Trusted Zone: outtask.com
Trusted Zone: petroed.com
Trusted Zone: petroed.com
Trusted Zone: sabanow.net
Trusted Zone: sabernow.net
Trusted Zone: skillstick.com
Trusted Zone: skillstick.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://accesshou.halliburton.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{C8A3D038-5416-47B7-8567-17D7E2A72D33} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{C8A3D038-5416-47B7-8567-17D7E2A72D33}\255637964656E6365694E6E6F57455543545 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{C8A3D038-5416-47B7-8567-17D7E2A72D33}\8416C6D4F62696C656 : DHCPNameServer = 34.34.132.1 34.36.132.1
TCP: Interfaces\{C8A3D038-5416-47B7-8567-17D7E2A72D33}\D496649643632303C45402A45647071636B6021443930302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ED45F07F-5485-4E53-84B1-6E9FB8A72B8A} : DHCPNameServer = 34.1.59.240 34.36.132.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: RunQLOnce - C:\Program Files (x86)\Microsoft Office\quicklaunch.vbs
mASetup: RunRIMRegistry - C:\WINDOWS\System32\wscript.exe C:\WINDOWS\RIMRegistry.vbs
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [VBoxTray] C:\WINDOWS\System32\VBoxTray.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HalHelp] "C:\Program Files (x86)\Halliburton\HalHelp\HalHelp.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Trusted Zone: //security_MMC.exe
x64-Trusted Zone: airsecurity.com
x64-Trusted Zone: airsecurity.com
x64-Trusted Zone: gohalliburton.com
x64-Trusted Zone: gohalliburton.com
x64-Trusted Zone: halliburton.com
x64-Trusted Zone: halliburton.com
x64-Trusted Zone: halliburton.jobs
x64-Trusted Zone: halliburton.jobs
x64-Trusted Zone: houebiz056
x64-Trusted Zone: houebiz056
x64-Trusted Zone: ipims.com
x64-Trusted Zone: ipims.com
x64-Trusted Zone: knowledgepak.com
x64-Trusted Zone: knowledgepak.com
x64-Trusted Zone: lgc.com
x64-Trusted Zone: lgc.com
x64-Trusted Zone: myhalliburton.com
x64-Trusted Zone: myhalliburton.com
x64-Trusted Zone: np1cmpr001
x64-Trusted Zone: outtask.com
x64-Trusted Zone: outtask.com
x64-Trusted Zone: petroed.com
x64-Trusted Zone: petroed.com
x64-Trusted Zone: sabanow.net
x64-Trusted Zone: sabernow.net
x64-Trusted Zone: skillstick.com
x64-Trusted Zone: skillstick.com
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - <orphaned>
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hbaq614\AppData\Roaming\Mozilla\Firefox\Profiles\544vqccc.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Users\hbaq614\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\hbaq614\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\hbaq614\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140409.011\BHDrvx64.sys [2014-4-22 1525976]
R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\WINDOWS\System32\drivers\CipcCdp.sys [2014-2-26 27392]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-05-06 21:34:29 -------- d-----w- C:\Users\hbaq614\AppData\Roaming\Jabra Call Manager
2014-05-06 21:26:00 -------- d-----w- C:\Users\hbaq614\AppData\Local\GN_Netcom_A_S
2014-05-06 21:26:00 -------- d-----w- C:\ProgramData\Jabra
2014-05-06 21:24:58 -------- d-----w- C:\Program Files (x86)\Jabra
2014-05-02 20:45:25 2382848 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2014-05-02 20:45:25 2382848 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-05-01 18:11:40 -------- d-----w- C:\Users\hbaq614\viewONE
2014-04-30 23:12:51 -------- d-----w- C:\Users\hbaq614\AppData\Local\Macromedia
2014-04-28 14:41:18 -------- d-----w- C:\Users\hbaq614\AppData\Local\ManagedFolderTools
2014-04-25 15:35:29 -------- d-----w- C:\ProgramData\boost_interprocess
2014-04-24 13:23:11 -------- d-----w- C:\Users\hbaq614\AppData\Local\assembly
2014-04-22 16:39:58 108968 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2014-04-22 16:32:46 -------- d-----w- C:\ProgramData\Oracle
2014-04-22 16:31:56 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-04-22 16:09:02 -------- d-----w- C:\NPE
2014-04-22 15:58:26 -------- d-----w- C:\Users\hbaq614\AppData\Local\NPE
2014-04-22 15:58:26 -------- d-----w- C:\ProgramData\Norton
2014-04-18 19:15:36 -------- d-----w- C:\Program Files (x86)\Datawatch Desktop
2014-04-18 18:53:25 -------- d-----w- C:\Users\hbaq614\Monarch
2014-04-18 15:00:36 -------- d-----w- C:\ProgramData\Logs
2014-04-18 07:08:59 119512 ----a-w- C:\WINDOWS\System32\drivers\6A844263.sys
2014-04-18 05:56:34 119512 ----a-w- C:\WINDOWS\System32\drivers\01AC6BD2.sys
2014-04-14 01:00:15 -------- d-----w- C:\WINDOWS\ERUNT
2014-04-13 18:56:58 -------- d-----w- C:\ProgramData\Sophos
2014-04-13 18:56:34 73728 ----a-r- C:\Users\hbaq614\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-04-13 18:56:34 73728 ----a-r- C:\Users\hbaq614\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-04-13 18:56:34 73728 ----a-r- C:\Users\hbaq614\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-04-13 18:56:26 -------- d-----w- C:\Program Files (x86)\Sophos
2014-04-12 14:14:58 -------- d-----w- C:\Users\hbaq614\AppData\Roaming\QuickScan
2014-04-11 15:10:19 3156480 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-04-11 15:10:02 624128 ----a-w- C:\WINDOWS\System32\qedit.dll
2014-04-11 15:10:02 509440 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
2014-04-11 03:36:03 119512 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-04-11 03:35:26 88280 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-04-11 03:35:26 63192 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-04-11 03:35:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
.
==================== Find3M ====================
.
2014-04-30 23:16:20 70832 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-04-30 23:16:20 692400 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-04-06 22:13:39 0 ----a-w- C:\WINDOWS\System32\olepro32.dll
2014-04-06 22:13:39 0 ----a-w- C:\WINDOWS\System32\D3DIM700.DLL
2014-04-06 22:13:38 0 ----a-w- C:\WINDOWS\System32\igdusc32.dll
2014-04-06 22:13:38 0 ----a-w- C:\WINDOWS\System32\igdumdim32.dll
2014-04-03 14:50:58 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-03-11 20:07:42 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr
2014-02-27 18:43:08 70768 ----a-w- C:\WINDOWS\SysWow64\nlssrv32.exe
2014-02-13 12:46:44 354656 ----a-w- C:\WINDOWS\SysWow64\DivXControlPanelApplet.cpl
.
============= FINISH: 21:52:46.66 ===============

Edited by nasdaq, 13 May 2014 - 10:20 AM.
DDS log posted for easy reference.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:45 PM

Posted 13 May 2014 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:45 PM

Posted 19 May 2014 - 09:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users