Jump to content


Photo
- - - - -

APN PIP?


  • This topic is locked This topic is locked
5 replies to this topic

#1 asianmusicguy

asianmusicguy

    Regular Member

  • Honorary Members
  • PipPip
  • 96 posts

Posted 12 June 2013 - 09:42 AM

to be clear nonr of my regular scans are detecting anything put on a whim today i ran a adwclearner

snd it found this APN PIP on the registry
any ideas? let me know if we should run the cleaning process
and i will post logs

#2 asianmusicguy

asianmusicguy

    Regular Member

  • Honorary Members
  • PipPip
  • 96 posts

Posted 12 June 2013 - 11:21 AM

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 11:40:23
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Branden - BRANDEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Branden\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\Common Files\Tencent
Folder Found : C:\Program Files (x86)\Tencent
Folder Found : C:\Users\Branden\AppData\Roaming\Tencent

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\TENCENT
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1053 octets] - [12/06/2013 11:40:23]

########## EOF - C:\AdwCleaner[R2].txt - [1113 octets] ##########

NOTE: i know about tencent ir ia in relaction to QQ internatiol a program I use to chat with friends overseas
but I am consired about the others

#3 asianmusicguy

asianmusicguy

    Regular Member

  • Honorary Members
  • PipPip
  • 96 posts

Posted 12 June 2013 - 11:23 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by Branden at 11:58:35 on 2013-06-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2814.1480 [GMT -2.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{67FEBE72-D610-4A8D-B371-F8EE823A48FE} : DHCPNameServer = 24.222.0.94 24.222.0.95
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Branden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-08 00:24; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-05-08 01:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-08 01:05; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-05-08 01:06; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-8 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-8 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-8 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-8 378432]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-8 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-8 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-10 46808]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-8 109352]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-8 239176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-5-8 24176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-8 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-11 21:09:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:09:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 14:02:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D457CDEF-CEB6-4F50-BCC1-892EAFA6FB68}\mpengine.dll
2013-06-05 14:19:39 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-06-05 14:19:39 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-06-04 19:48:35 -------- d-----w- C:\Users\Branden\AppData\Roaming\foobar2000
2013-06-04 19:48:19 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-06-04 00:50:08 -------- d-----w- C:\Users\Branden\AppData\Local\Diagnostics
2013-05-29 16:18:17 -------- d-----w- C:\Users\Branden\AppData\Local\fontconfig
2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\AppData\Local\gegl-0.2
2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\.gimp-2.8
2013-05-29 16:13:27 -------- d-----w- C:\Program Files\GIMP 2
2013-05-28 18:56:08 -------- d-----w- C:\Music
2013-05-28 16:45:22 -------- d-----w- C:\Users\Branden\AppData\Roaming\DVD Flick
2013-05-28 16:44:30 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll
2013-05-28 16:44:29 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2013-05-28 16:44:29 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2013-05-28 16:44:29 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx
2013-05-28 16:44:29 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2013-05-28 16:44:29 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx
2013-05-28 16:44:29 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx
2013-05-28 16:44:29 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx
2013-05-28 16:44:28 -------- d-----w- C:\Program Files (x86)\DVD Flick
2013-05-26 21:08:16 -------- d-----w- C:\Program Files (x86)\BurnAware Free
2013-05-24 22:52:33 -------- d-----w- C:\Users\Branden\AppData\Roaming\SynthMaker
2013-05-24 22:52:26 -------- d-----w- C:\Users\Branden\AppData\Roaming\Acoustica
2013-05-24 22:50:30 -------- d-----w- C:\Program Files (x86)\VST
2013-05-24 22:49:53 -------- d-----w- C:\ProgramData\Acoustica
2013-05-24 22:49:53 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
2013-05-21 23:49:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\Screaming Bee
2013-05-21 23:49:24 -------- d-----w- C:\Program Files (x86)\Common Files\Screaming Bee
2013-05-21 23:48:54 -------- d-----w- C:\ProgramData\Screaming Bee
2013-05-21 23:28:41 -------- d-----w- C:\Program Files (x86)\Audacity
2013-05-21 20:57:39 -------- d-----w- C:\Users\Branden\AppData\Roaming\Canneverbe Limited
2013-05-21 20:57:39 -------- d-----w- C:\ProgramData\Canneverbe Limited
2013-05-21 19:14:24 -------- d-----w- C:\cd images
2013-05-18 17:53:49 -------- d-----w- C:\Users\Branden\AppData\Local\TSVNCache
2013-05-17 17:01:07 -------- d-----w- C:\Users\Branden\AppData\Roaming\TortoiseSVN
2013-05-17 16:58:10 -------- d-----w- C:\work
2013-05-17 16:58:06 -------- d-----w- C:\Users\Branden\AppData\Roaming\Subversion
2013-05-17 16:53:24 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2013-05-17 16:53:19 -------- d-----w- C:\Program Files\TortoiseSVN
2013-05-17 16:53:19 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2013-05-17 16:51:36 -------- d-----w- C:\Users\Branden\AppData\Roaming\Unity
2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\PACE Anti-Piracy
2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Local\PACE Anti-Piracy
2013-05-17 15:16:24 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2013-05-17 15:09:45 -------- d-----w- C:\Users\Branden\AppData\Local\Unity
2013-05-17 15:02:33 -------- d-----w- C:\Program Files (x86)\Unity
2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 19:51:32 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 19:51:32 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 19:51:32 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 19:51:05 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 19:51:03 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 19:51:02 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 19:51:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 19:50:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 19:50:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 19:50:25 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-14 19:21:05 -------- d--h--w- C:\VTRoot
2013-05-14 17:41:24 -------- d-----w- C:\ProgramData\Shared Space
2013-05-13 18:51:14 -------- d-----w- C:\Users\Branden\AppData\Local\ElevatedDiagnostics
2013-05-13 17:36:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll
2013-05-13 17:32:18 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-05-13 17:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2013-05-13 17:31:30 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll
2013-05-13 17:29:09 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2013-05-13 17:29:09 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2013-05-13 17:29:08 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll
2013-05-13 17:29:08 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll
2013-05-13 17:29:08 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll
.
==================== Find3M ====================
.
2013-05-11 01:08:06 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-08 21:16:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-08 21:16:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-02 04:36:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-23 17:34:12 437176 ----a-w- C:\Windows\System32\guard64.dll
2013-04-23 17:34:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-04-15 21:08:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-04-15 21:08:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-04-15 21:08:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-04-15 21:08:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-04-15 21:08:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-04-15 21:08:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-04-15 21:08:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-04-15 21:08:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-04 17:20:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-30 00:12:42 3379272 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2013-03-29 20:34:04 21170176 ----a-w- C:\Windows\System32\RCoRes64.dat
2013-03-27 19:27:08 135240 ----a-w- C:\Windows\System32\RCoInstII64.dll
2013-03-26 19:36:30 2797128 ----a-w- C:\Windows\System32\RtPgEx64.dll
2013-03-26 19:34:40 2734624 ----a-w- C:\Windows\System32\FMAPO64.dll
2013-03-26 18:10:04 3693128 ----a-w- C:\Windows\System32\RtkAPO64.dll
2013-03-26 17:08:02 1659464 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2013-03-23 06:13:22 208072 ----a-w- C:\Windows\System32\AERTAC64.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 12:00:22.07 ===============

#4 asianmusicguy

asianmusicguy

    Regular Member

  • Honorary Members
  • PipPip
  • 96 posts

Posted 12 June 2013 - 05:33 PM

just a little bump to be seen

#5 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,162 posts
  • Gender:Male
  • Location:US

Posted 24 June 2013 - 07:27 PM

I'm sorry your topic appears to have been overlooked due to multiple replies.
If you're still needing help please do the following

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE
    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    STEP 03

    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
    STEP 04

    Please download AdwCleaner by Xplode to your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt where the number in brackets indicates how often it was run.
    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
    Thanks


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#6 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,162 posts
  • Gender:Male
  • Location:US

Posted 07 July 2013 - 03:11 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users