Jump to content

wos000

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by wos000

  1. Gringo - everything looks great at this point. I've sent a small token of my appreciation through paypal - hope others will do the same! Thanks for everything.
  2. Gringo - no threats were found, and computer is still running well (no more popups).
  3. Gringo - again thanks for the continued help. I deleted the Java update using Revo, cleaned out my temp files using CCleaner, and have attached logs from MBAM and HijackThis below. Computer is still running well. Thanks. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.03.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Will :: MASTERHAROLD [administrator] 4/2/2013 10:41:57 PM mbam-log-2013-04-02 (22-41-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 262425 Time elapsed: 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:43:56 PM, on 4/2/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\PROGRA~2\ASUS\AAHM\100~1.07\aaHM.exe C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Will\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AirPort Base Station Agent] "D:\Program Files\Airport Utility\APAgent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe -s O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\Will\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - Startup: Dropbox.lnk = Will\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MacDrive 9 service (MacDrive9Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9688 bytes
  4. Gringo -- I was able to run ComboFix again after starting it with the script without any errors. Computer is still running better than before; no unwanted ads on sites that were problematic before. Second ComboFix log (after restart): ComboFix 13-04-02.01 - Will 04/02/2013 21:50:34.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.6490 [GMT -4:00] Running from: c:\users\Will\Desktop\ComboFix.exe Command switches used :: c:\users\Will\Desktop\CFScript.txt AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 ))))))))))))))))))))))))))))))) . . 2013-04-03 01:53 . 2013-04-03 01:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-03 01:53 . 2013-04-03 01:53 -------- d-----w- c:\users\Mcx1-MASTERHAROLD\AppData\Local\temp 2013-04-03 01:53 . 2013-04-03 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-02 19:26 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CC99389-B7CE-4BD3-B385-3CBE9C3F3C95}\mpengine.dll 2013-04-02 19:20 . 2013-01-18 13:13 -------- d-----w- c:\windows\system32\TL-WN781ND_2.0_20130118 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\users\Will\AppData\Roaming\Malwarebytes 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\programdata\Malwarebytes 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-02 17:36 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\users\Will\AppData\Local\Programs 2013-03-26 19:20 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\program files\iPod 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\program files\iTunes 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\program files (x86)\iTunes 2013-03-15 03:23 . 2013-03-15 03:23 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-15 03:23 . 2013-03-15 03:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 03:25 . 2011-01-18 21:42 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-04 14:32 . 2013-03-04 14:32 10 ----a-w- c:\windows\Fonts\wfonts.key 2013-02-12 05:45 . 2013-03-14 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 23:15 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 23:15 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 23:15 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 23:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-17 05:28 . 2011-01-15 17:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-16 03:49 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-16 03:49 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-16 03:49 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-16 03:49 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-16 03:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-16 03:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-16 03:49 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-16 03:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-16 03:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-16 03:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-16 03:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-16 03:49 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-16 03:49 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872] "Spotify Web Helper"="c:\users\Will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-02 1104280] "Spotify"="c:\users\Will\AppData\Roaming\Spotify\spotify.exe" [2013-04-02 4503448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "AirPort Base Station Agent"="d:\program files\Airport Utility\APAgent.exe" [2009-11-11 771360] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "ASUS ShellProcess Execute"=c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe "IAStorIcon"=c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-09-27 55336] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-01-18 82816] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-02-10 32360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-16 62024] S0 MDFSYSNT;MacDrive file system driver; [x] S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2011-05-09 32936] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2011-05-06 70344] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-11-16 209808] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-28 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-28 38288] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-09-27 52896] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-16 913184] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 MacDrive9Service;MacDrive 9 service;c:\program files\Mediafour\MacDrive 9\MacDrive9Service.exe [2011-09-23 178176] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S3 applewtp;Apple Wireless Trackpad;c:\windows\system32\DRIVERS\applewtp.sys [2010-10-15 53760] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-09-27 38248] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-09-27 301680] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-09-27 31080] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-09-27 203624] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-09-27 58992] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-09-27 156520] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-09-27 278640] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-02-10 32360] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 23:26] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 23:26] . 2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545731212-3293166362-3251547071-1000Core.job - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 04:35] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545731212-3293166362-3251547071-1000UA.job - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 04:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIcon] @="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}" [HKEY_CLASSES_ROOT\CLSID\{6B21AF46-EE37-40D0-A707-C06C17D06CE9}] 2011-07-13 22:22 231936 ----a-w- c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIconReadOnly] @="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}" [HKEY_CLASSES_ROOT\CLSID\{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}] 2011-07-13 22:22 231936 ----a-w- c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-07 11465832] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-09-27 613024] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-09-27 379040] "EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] "MacDrive 9 application"="c:\program files\Mediafour\MacDrive 9\MacDrive.exe" [2011-10-05 506880] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-16 4090824] "TNod UP"="c:\program files\ESET\TNod User & Password Finder\TNODUP.exe" [2012-07-05 1028800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 360448] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 10.0.1.1 DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{593f40e7-49ed-4729-9b6d-9d064ddf93cc}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000005c "Therad"=dword:00000002 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):00,5c,13,dc,29,f9,c2,a7,4c,ba,6d,d4,e6,a6,99,d8,64,5e,d7,40,50, 77,a7,7e,31,e8,87,1c,e7,17,b2,32,56,6d,79,fc,11,05,b6,56,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{67033172-a2ad-43cc-bcc2-c00dc4d0b0cd}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000002f "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,2c,a8,c5,d0,31,44,0d,35,26,30,79,b8,99,75,\ . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ef,03,58,f9,e4,09,88,b3,3b,d6,9a,5f,2d,32,42,b6,ff,e3,4d,73,81, 02,32,34,60,2d,91,64,4c,0e,bc,7f,8a,29,75,55,67,eb,97,0f,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-02 21:54:38 ComboFix-quarantined-files.txt 2013-04-03 01:54 ComboFix2.txt 2013-04-03 01:29 . Pre-Run: 14,606,336,000 bytes free Post-Run: 14,520,229,888 bytes free . - - End Of File - - BDF2D4112D2C39F98C025E84D627E58B
  5. Gringo, Thanks again for your prompt replies! I ran combofix without any errors and have pasted the log below. As for my status: good! I am not seeing the ads anymore on websites that I knew to be previously affected -- obviously just doing a quick test, but so far this looks pretty good. Much appreciated! Combofix log: ComboFix 13-04-02.01 - Will 04/02/2013 21:24:35.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.6464 [GMT -4:00] Running from: c:\users\Will\Desktop\ComboFix.exe AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Will\AppData\Roaming\27233E c:\users\Will\AppData\Roaming\inst.exe c:\windows\SysWow64\local.txt . . ((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 ))))))))))))))))))))))))))))))) . . 2013-04-02 19:26 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CC99389-B7CE-4BD3-B385-3CBE9C3F3C95}\mpengine.dll 2013-04-02 19:20 . 2013-01-18 13:13 -------- d-----w- c:\windows\system32\TL-WN781ND_2.0_20130118 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\users\Will\AppData\Roaming\Malwarebytes 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\programdata\Malwarebytes 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-02 17:36 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 17:36 . 2013-04-02 17:36 -------- d-----w- c:\users\Will\AppData\Local\Programs 2013-03-26 19:20 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\program files\iPod 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\program files\iTunes 2013-03-24 02:41 . 2013-03-24 02:41 -------- d-----w- c:\program files (x86)\iTunes 2013-03-15 03:23 . 2013-03-15 03:23 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-15 03:23 . 2013-03-15 03:23 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 03:25 . 2011-01-18 21:42 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-04 14:32 . 2013-03-04 14:32 10 ----a-w- c:\windows\Fonts\wfonts.key 2013-02-12 05:45 . 2013-03-14 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 23:15 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 23:15 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 23:15 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 23:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-17 05:28 . 2011-01-15 17:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 05:53 . 2013-02-16 03:49 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-16 03:49 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-16 03:49 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-16 03:49 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-16 03:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-16 03:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-16 03:49 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-16 03:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-16 03:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-16 03:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-16 03:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-16 03:49 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-16 03:49 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872] "Spotify Web Helper"="c:\users\Will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-02 1104280] "Spotify"="c:\users\Will\AppData\Roaming\Spotify\spotify.exe" [2013-04-02 4503448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "AirPort Base Station Agent"="d:\program files\Airport Utility\APAgent.exe" [2009-11-11 771360] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "ASUS ShellProcess Execute"=c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe "IAStorIcon"=c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-09-27 55336] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-01-18 82816] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-02-10 32360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-16 62024] S0 MDFSYSNT;MacDrive file system driver; [x] S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2011-05-09 32936] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2011-05-06 70344] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-11-16 209808] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-28 148528] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-28 38288] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-09-27 52896] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-16 913184] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 MacDrive9Service;MacDrive 9 service;c:\program files\Mediafour\MacDrive 9\MacDrive9Service.exe [2011-09-23 178176] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S3 applewtp;Apple Wireless Trackpad;c:\windows\system32\DRIVERS\applewtp.sys [2010-10-15 53760] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-09-27 38248] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-09-27 301680] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-09-27 31080] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-09-27 203624] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-09-27 58992] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-09-27 156520] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-09-27 278640] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-02-10 32360] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 23:26] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 23:26] . 2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545731212-3293166362-3251547071-1000Core.job - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 04:35] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545731212-3293166362-3251547071-1000UA.job - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 04:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Will\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIcon] @="{6B21AF46-EE37-40D0-A707-C06C17D06CE9}" [HKEY_CLASSES_ROOT\CLSID\{6B21AF46-EE37-40D0-A707-C06C17D06CE9}] 2011-07-13 22:22 231936 ----a-w- c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MacDriveVolumeIconReadOnly] @="{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}" [HKEY_CLASSES_ROOT\CLSID\{E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}] 2011-07-13 22:22 231936 ----a-w- c:\program files\Mediafour\MacDrive 9\MDVolumeIcons.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-07 11465832] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-09-27 613024] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-09-27 379040] "EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] "MacDrive 9 application"="c:\program files\Mediafour\MacDrive 9\MacDrive.exe" [2011-10-05 506880] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-16 4090824] "TNod UP"="c:\program files\ESET\TNod User & Password Finder\TNODUP.exe" [2012-07-05 1028800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 360448] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg Trusted Zone: rhapsody.com\rhap-app-4-0 Trusted Zone: rhapsody.com\rhapreg TCP: DhcpNameServer = 10.0.1.1 DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A2B5B63E-6D7E-DD63-44B9-C0FA08046260}*] @Allowed: (Read) (RestrictedCode) "paninklcjdnpaimnlegnnfmiljmfmleg"=hex:6a,61,6a,6a,6c,61,66,64,66,66,62,68,68, 65,6a,68,67,6b,6e,62,00,f4 "oadldhaiepjgnjnojigpkefmlbcojn"=hex:6b,61,6a,6a,6b,61,69,6c,6c,69,65,69,6b,6d, 70,6e,68,66,68,6a,6d,6e,00,00 . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{593f40e7-49ed-4729-9b6d-9d064ddf93cc}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000005c "Therad"=dword:00000002 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):00,5c,13,dc,29,f9,c2,a7,4c,ba,6d,d4,e6,a6,99,d8,64,5e,d7,40,50, 77,a7,7e,31,e8,87,1c,e7,17,b2,32,56,6d,79,fc,11,05,b6,56,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{67033172-a2ad-43cc-bcc2-c00dc4d0b0cd}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000002f "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,2c,a8,c5,d0,31,44,0d,35,26,30,79,b8,99,75,\ . [HKEY_USERS\S-1-5-21-3545731212-3293166362-3251547071-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ef,03,58,f9,e4,09,88,b3,3b,d6,9a,5f,2d,32,42,b6,ff,e3,4d,73,81, 02,32,34,60,2d,91,64,4c,0e,bc,7f,8a,29,75,55,67,eb,97,0f,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-02 21:29:20 ComboFix-quarantined-files.txt 2013-04-03 01:29 . Pre-Run: 13,446,139,904 bytes free Post-Run: 14,530,953,216 bytes free . - - End Of File - - 98876841BEA74C6AD9A79C92FD0E0993
  6. Gringo, Below is the report created by Blitzblank after restarting: BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\etc\hosts", destinationFile = "(null)", replaceWithDummy = 0
  7. Gringo -- thanks for the prompt response! I've followed instructions as followed and copied the logs below. I'm still receiving ad.xtendmedia ads upon following the instructions and restarting: Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ESET Smart Security 5.2 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 26 Java version out of Date! Adobe Reader XI Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log`````````````````````` # AdwCleaner v2.200 - Logfile created 04/02/2013 at 20:30:26 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Will - MASTERHAROLD # Boot Mode : Normal # Running from : C:\Users\Will\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] File : C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\cgxj1q0v.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.43 File : C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [947 octets] - [02/04/2013 18:30:13] AdwCleaner[s1].txt - [1104 octets] - [02/04/2013 18:30:26] AdwCleaner[s2].txt - [939 octets] - [02/04/2013 20:30:26] ########## EOF - C:\AdwCleaner[s2].txt - [998 octets] ########## RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Will [Admin rights] Mode : Scan -- Date : 04/02/2013 20:34:36 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Mal.Hosts ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 109.163.226.208 www.google-analytics.com. 109.163.226.208 ad-emea.doubleclick.net. 109.163.226.208 www.statcounter.com. 69.72.252.254 www.google-analytics.com. 69.72.252.254 ad-emea.doubleclick.net. 69.72.252.254 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-00ZCT0 +++++ --- User --- [MBR] 490a8a6c0ac99db106a035daee26ffe5 [bSP] 95025fcd93a332dd6f284e400161a684 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD103SJ +++++ --- User --- [MBR] d99e518b67aadc229a58443039e5e16e [bSP] e530cb0a02c0d53962a652b214c56e15 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: Hitachi HDS721010CLA332 +++++ --- User --- [MBR] 76219106568136ad9ae30e4f40bc74f7 [bSP] 654f7785e824171caee6a463057b2c05 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 953668 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: OCZ-VERT EX2 SCSI Disk Device +++++ --- User --- [MBR] 8c4a8a9d8e195669fa38be71c78327e9 [bSP] 0f169d364a7dfefa29c05c12a57dd018 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_04022013_02d2034.txt >> RKreport[1]_S_04022013_02d2034.txt
  8. Hello, Recently I've been getting pop-up ads within websites in Chrome; they're linked to ad.xtendmedia and can be closed but I'd like to remove them from my system - they are not removed by just using Malwarebytes. Any help would be greatly appreciated! I've having trouble copying and pasting the text into the post, so I have attached the logs to this post. Please let me know if this is a problem. Thanks! dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.