Jump to content

APN PIP?


Recommended Posts

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 11:40:23

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Branden - BRANDEN-PC

# Boot Mode : Normal

# Running from : C:\Users\Branden\Downloads\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Found : C:\Program Files (x86)\Common Files\Tencent

Folder Found : C:\Program Files (x86)\Tencent

Folder Found : C:\Users\Branden\AppData\Roaming\Tencent

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\TENCENT

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\TENCENT

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1053 octets] - [12/06/2013 11:40:23]

########## EOF - C:\AdwCleaner[R2].txt - [1113 octets] ##########

NOTE: i know about tencent ir ia in relaction to QQ internatiol a program I use to chat with friends overseas

but I am consired about the others

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by Branden at 11:58:35 on 2013-06-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2814.1480 [GMT -2.5:30]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 24.222.0.94 24.222.0.95

TCP: Interfaces\{67FEBE72-D610-4A8D-B371-F8EE823A48FE} : DHCPNameServer = 24.222.0.94 24.222.0.95

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\

FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll

FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Users\Branden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-05-08 00:24; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-05-08 01:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-05-08 01:05; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-05-08 01:06; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-8 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-8 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-8 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-8 378432]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-8 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-8 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-10 46808]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-8 109352]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-8 239176]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-5-8 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-8 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-8 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-06-11 21:09:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 21:09:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 14:02:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D457CDEF-CEB6-4F50-BCC1-892EAFA6FB68}\mpengine.dll

2013-06-05 14:19:39 56072 ----a-w- C:\Windows\System32\certsentry.dll

2013-06-05 14:19:39 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll

2013-06-04 19:48:35 -------- d-----w- C:\Users\Branden\AppData\Roaming\foobar2000

2013-06-04 19:48:19 -------- d-----w- C:\Program Files (x86)\foobar2000

2013-06-04 00:50:08 -------- d-----w- C:\Users\Branden\AppData\Local\Diagnostics

2013-05-29 16:18:17 -------- d-----w- C:\Users\Branden\AppData\Local\fontconfig

2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\AppData\Local\gegl-0.2

2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\.gimp-2.8

2013-05-29 16:13:27 -------- d-----w- C:\Program Files\GIMP 2

2013-05-28 18:56:08 -------- d-----w- C:\Music

2013-05-28 16:45:22 -------- d-----w- C:\Users\Branden\AppData\Roaming\DVD Flick

2013-05-28 16:44:30 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll

2013-05-28 16:44:29 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx

2013-05-28 16:44:29 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx

2013-05-28 16:44:29 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx

2013-05-28 16:44:29 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx

2013-05-28 16:44:29 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx

2013-05-28 16:44:29 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx

2013-05-28 16:44:29 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx

2013-05-28 16:44:28 -------- d-----w- C:\Program Files (x86)\DVD Flick

2013-05-26 21:08:16 -------- d-----w- C:\Program Files (x86)\BurnAware Free

2013-05-24 22:52:33 -------- d-----w- C:\Users\Branden\AppData\Roaming\SynthMaker

2013-05-24 22:52:26 -------- d-----w- C:\Users\Branden\AppData\Roaming\Acoustica

2013-05-24 22:50:30 -------- d-----w- C:\Program Files (x86)\VST

2013-05-24 22:49:53 -------- d-----w- C:\ProgramData\Acoustica

2013-05-24 22:49:53 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6

2013-05-21 23:49:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\Screaming Bee

2013-05-21 23:49:24 -------- d-----w- C:\Program Files (x86)\Common Files\Screaming Bee

2013-05-21 23:48:54 -------- d-----w- C:\ProgramData\Screaming Bee

2013-05-21 23:28:41 -------- d-----w- C:\Program Files (x86)\Audacity

2013-05-21 20:57:39 -------- d-----w- C:\Users\Branden\AppData\Roaming\Canneverbe Limited

2013-05-21 20:57:39 -------- d-----w- C:\ProgramData\Canneverbe Limited

2013-05-21 19:14:24 -------- d-----w- C:\cd images

2013-05-18 17:53:49 -------- d-----w- C:\Users\Branden\AppData\Local\TSVNCache

2013-05-17 17:01:07 -------- d-----w- C:\Users\Branden\AppData\Roaming\TortoiseSVN

2013-05-17 16:58:10 -------- d-----w- C:\work

2013-05-17 16:58:06 -------- d-----w- C:\Users\Branden\AppData\Roaming\Subversion

2013-05-17 16:53:24 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays

2013-05-17 16:53:19 -------- d-----w- C:\Program Files\TortoiseSVN

2013-05-17 16:53:19 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2013-05-17 16:51:36 -------- d-----w- C:\Users\Branden\AppData\Roaming\Unity

2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\PACE Anti-Piracy

2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Local\PACE Anti-Piracy

2013-05-17 15:16:24 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2013-05-17 15:09:45 -------- d-----w- C:\Users\Branden\AppData\Local\Unity

2013-05-17 15:02:33 -------- d-----w- C:\Program Files (x86)\Unity

2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-15 19:51:32 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 19:51:32 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 19:51:32 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 19:51:05 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 19:51:03 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 19:51:02 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 19:51:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 19:50:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 19:50:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 19:50:25 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-14 19:21:05 -------- d--h--w- C:\VTRoot

2013-05-14 17:41:24 -------- d-----w- C:\ProgramData\Shared Space

2013-05-13 18:51:14 -------- d-----w- C:\Users\Branden\AppData\Local\ElevatedDiagnostics

2013-05-13 17:36:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll

2013-05-13 17:32:18 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2013-05-13 17:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2013-05-13 17:31:30 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll

2013-05-13 17:29:09 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2013-05-13 17:29:09 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2013-05-13 17:29:08 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll

2013-05-13 17:29:08 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll

2013-05-13 17:29:08 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll

.

==================== Find3M ====================

.

2013-05-11 01:08:06 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-08 21:16:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-05-08 21:16:28 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-05-02 04:36:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-23 17:34:12 437176 ----a-w- C:\Windows\System32\guard64.dll

2013-04-23 17:34:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-04-15 21:08:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-04-15 21:08:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-04-15 21:08:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-04-15 21:08:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-04-15 21:08:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-04-15 21:08:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-04-15 21:08:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-04-15 21:08:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 17:20:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-30 00:12:42 3379272 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2013-03-29 20:34:04 21170176 ----a-w- C:\Windows\System32\RCoRes64.dat

2013-03-27 19:27:08 135240 ----a-w- C:\Windows\System32\RCoInstII64.dll

2013-03-26 19:36:30 2797128 ----a-w- C:\Windows\System32\RtPgEx64.dll

2013-03-26 19:34:40 2734624 ----a-w- C:\Windows\System32\FMAPO64.dll

2013-03-26 18:10:04 3693128 ----a-w- C:\Windows\System32\RtkAPO64.dll

2013-03-26 17:08:02 1659464 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2013-03-23 06:13:22 208072 ----a-w- C:\Windows\System32\AERTAC64.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 12:00:22.07 ===============

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

I'm sorry your topic appears to have been overlooked due to multiple replies.

If you're still needing help please do the following

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    STEP 03

    Please download Junkware Removal Tool to your desktop.

    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
    STEP 04

    Please download AdwCleaner by Xplode to your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
    Thanks
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.