Sign in to follow this  
Followers 0
asianmusicguy

APN PIP?

6 posts in this topic

to be clear nonr of my regular scans are detecting anything put on a whim today i ran a adwclearner

snd it found this APN PIP on the registry

any ideas? let me know if we should run the cleaning process

and i will post logs

Share this post


Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 11:40:23

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Branden - BRANDEN-PC

# Boot Mode : Normal

# Running from : C:\Users\Branden\Downloads\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Found : C:\Program Files (x86)\Common Files\Tencent

Folder Found : C:\Program Files (x86)\Tencent

Folder Found : C:\Users\Branden\AppData\Roaming\Tencent

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\TENCENT

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\TENCENT

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1053 octets] - [12/06/2013 11:40:23]

########## EOF - C:\AdwCleaner[R2].txt - [1113 octets] ##########

NOTE: i know about tencent ir ia in relaction to QQ internatiol a program I use to chat with friends overseas

but I am consired about the others

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by Branden at 11:58:35 on 2013-06-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2814.1480 [GMT -2.5:30]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 24.222.0.94 24.222.0.95

TCP: Interfaces\{67FEBE72-D610-4A8D-B371-F8EE823A48FE} : DHCPNameServer = 24.222.0.94 24.222.0.95

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\

FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll

FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Users\Branden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-05-08 00:24; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-05-08 01:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-05-08 01:05; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2013-05-08 01:06; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-8 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-8 189936]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-8 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-8 378432]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-8 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-8 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-10 46808]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-8 109352]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-8 239176]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-5-8 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-8 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-8 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-06-11 21:09:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 21:09:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 14:02:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D457CDEF-CEB6-4F50-BCC1-892EAFA6FB68}\mpengine.dll

2013-06-05 14:19:39 56072 ----a-w- C:\Windows\System32\certsentry.dll

2013-06-05 14:19:39 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll

2013-06-04 19:48:35 -------- d-----w- C:\Users\Branden\AppData\Roaming\foobar2000

2013-06-04 19:48:19 -------- d-----w- C:\Program Files (x86)\foobar2000

2013-06-04 00:50:08 -------- d-----w- C:\Users\Branden\AppData\Local\Diagnostics

2013-05-29 16:18:17 -------- d-----w- C:\Users\Branden\AppData\Local\fontconfig

2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\AppData\Local\gegl-0.2

2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\.gimp-2.8

2013-05-29 16:13:27 -------- d-----w- C:\Program Files\GIMP 2

2013-05-28 18:56:08 -------- d-----w- C:\Music

2013-05-28 16:45:22 -------- d-----w- C:\Users\Branden\AppData\Roaming\DVD Flick

2013-05-28 16:44:30 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll

2013-05-28 16:44:29 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx

2013-05-28 16:44:29 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx

2013-05-28 16:44:29 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx

2013-05-28 16:44:29 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx

2013-05-28 16:44:29 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx

2013-05-28 16:44:29 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx

2013-05-28 16:44:29 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx

2013-05-28 16:44:28 -------- d-----w- C:\Program Files (x86)\DVD Flick

2013-05-26 21:08:16 -------- d-----w- C:\Program Files (x86)\BurnAware Free

2013-05-24 22:52:33 -------- d-----w- C:\Users\Branden\AppData\Roaming\SynthMaker

2013-05-24 22:52:26 -------- d-----w- C:\Users\Branden\AppData\Roaming\Acoustica

2013-05-24 22:50:30 -------- d-----w- C:\Program Files (x86)\VST

2013-05-24 22:49:53 -------- d-----w- C:\ProgramData\Acoustica

2013-05-24 22:49:53 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6

2013-05-21 23:49:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\Screaming Bee

2013-05-21 23:49:24 -------- d-----w- C:\Program Files (x86)\Common Files\Screaming Bee

2013-05-21 23:48:54 -------- d-----w- C:\ProgramData\Screaming Bee

2013-05-21 23:28:41 -------- d-----w- C:\Program Files (x86)\Audacity

2013-05-21 20:57:39 -------- d-----w- C:\Users\Branden\AppData\Roaming\Canneverbe Limited

2013-05-21 20:57:39 -------- d-----w- C:\ProgramData\Canneverbe Limited

2013-05-21 19:14:24 -------- d-----w- C:\cd images

2013-05-18 17:53:49 -------- d-----w- C:\Users\Branden\AppData\Local\TSVNCache

2013-05-17 17:01:07 -------- d-----w- C:\Users\Branden\AppData\Roaming\TortoiseSVN

2013-05-17 16:58:10 -------- d-----w- C:\work

2013-05-17 16:58:06 -------- d-----w- C:\Users\Branden\AppData\Roaming\Subversion

2013-05-17 16:53:24 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays

2013-05-17 16:53:19 -------- d-----w- C:\Program Files\TortoiseSVN

2013-05-17 16:53:19 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays

2013-05-17 16:51:36 -------- d-----w- C:\Users\Branden\AppData\Roaming\Unity

2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\PACE Anti-Piracy

2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Local\PACE Anti-Piracy

2013-05-17 15:16:24 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2013-05-17 15:09:45 -------- d-----w- C:\Users\Branden\AppData\Local\Unity

2013-05-17 15:02:33 -------- d-----w- C:\Program Files (x86)\Unity

2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-15 19:51:32 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 19:51:32 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 19:51:32 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 19:51:05 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 19:51:03 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 19:51:02 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 19:51:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 19:50:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 19:50:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 19:50:25 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-14 19:21:05 -------- d--h--w- C:\VTRoot

2013-05-14 17:41:24 -------- d-----w- C:\ProgramData\Shared Space

2013-05-13 18:51:14 -------- d-----w- C:\Users\Branden\AppData\Local\ElevatedDiagnostics

2013-05-13 17:36:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll

2013-05-13 17:32:18 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2013-05-13 17:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2013-05-13 17:31:30 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll

2013-05-13 17:29:09 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2013-05-13 17:29:09 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2013-05-13 17:29:08 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll

2013-05-13 17:29:08 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll

2013-05-13 17:29:08 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll

.

==================== Find3M ====================

.

2013-05-11 01:08:06 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-08 21:16:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-05-08 21:16:28 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-05-02 04:36:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-23 17:34:12 437176 ----a-w- C:\Windows\System32\guard64.dll

2013-04-23 17:34:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-04-15 21:08:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-04-15 21:08:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-04-15 21:08:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-04-15 21:08:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-04-15 21:08:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-04-15 21:08:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-04-15 21:08:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-04-15 21:08:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 17:20:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-30 00:12:42 3379272 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2013-03-29 20:34:04 21170176 ----a-w- C:\Windows\System32\RCoRes64.dat

2013-03-27 19:27:08 135240 ----a-w- C:\Windows\System32\RCoInstII64.dll

2013-03-26 19:36:30 2797128 ----a-w- C:\Windows\System32\RtPgEx64.dll

2013-03-26 19:34:40 2734624 ----a-w- C:\Windows\System32\FMAPO64.dll

2013-03-26 18:10:04 3693128 ----a-w- C:\Windows\System32\RtkAPO64.dll

2013-03-26 17:08:02 1659464 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2013-03-23 06:13:22 208072 ----a-w- C:\Windows\System32\AERTAC64.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 12:00:22.07 ===============

Share this post


Link to post
Share on other sites

I'm sorry your topic appears to have been overlooked due to multiple replies.

If you're still needing help please do the following

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    STEP 03

    Please download Junkware Removal Tool to your desktop.

    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
    STEP 04

    Please download AdwCleaner by Xplode to your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
    Thanks

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.