Jump to content

j_evenstar

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by j_evenstar

  1. Hi Maniac, I've been observing for a while and clicking on links many times. I'm not getting the pop-ups anymore so I think the malware issue's fixed.. Thank you so much!!
  2. Hello Maniac, Please see log file below. Thank you. # AdwCleaner v2.300 - Logfile created 05/05/2013 at 22:42:22 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Ruth - RUTH-PC # Boot Mode : Normal # Running from : C:\Users\Ruth\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Common Files\Tencent ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKCU\Software\TENCENT Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\025176A3BF9264F4FACAEA2AEB6618F6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\631F9E25D3C0BA340B38F99CF7E07A4F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9671A38E305589F45A57F69B86BD9926 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C0BA5BDCBE75A44496E56FFA50D24FF Key Deleted : HKLM\Software\TENCENT ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\f6qow5hi.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2766 octets] - [05/05/2013 16:04:49] AdwCleaner[R2].txt - [2826 octets] - [05/05/2013 22:40:55] AdwCleaner[s1].txt - [2793 octets] - [05/05/2013 22:42:22] ########## EOF - C:\AdwCleaner[s1].txt - [2853 octets] ##########
  3. Hello Maniac! Thank you very much for your reply. I followed your instructions and below are all the logs. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.05.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Ruth :: RUTH-PC [administrator] Protection: Enabled 5/5/2013 3:28:22 PM mbam-log-2013-05-05 (15-28-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201462 Time elapsed: 14 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.3 (04.29.2013:2) OS: Windows 7 Ultimate x86 Ran by Ruth on Sun 05/05/2013 at 16:09:15.67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 05/05/2013 at 16:20:27.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.300 - Logfile created 05/05/2013 at 16:04:49 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Ruth - RUTH-PC # Boot Mode : Normal # Running from : C:\Users\Ruth\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\Common Files\Tencent ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKCU\Software\TENCENT Key Found : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\025176A3BF9264F4FACAEA2AEB6618F6 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\631F9E25D3C0BA340B38F99CF7E07A4F Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9671A38E305589F45A57F69B86BD9926 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C0BA5BDCBE75A44496E56FFA50D24FF Key Found : HKLM\Software\TENCENT ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\f6qow5hi.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2637 octets] - [05/05/2013 16:04:49] ########## EOF - C:\AdwCleaner[R1].txt - [2697 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Ruth [Admin rights] Mode : Scan -- Date : 05/05/2013 16:32:50 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] ouc.exe -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-24A23T0 +++++ --- User --- [MBR] 13fc24db36b3bd5bbea1bf7b60a8a4af [bSP] 3390201175e52fa6dc8c23ab3c8ec481 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 260343 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05052013_02d1632.txt >> RKreport[1]_S_05052013_02d1632.txt
  4. Hello, I found this forum from Google blogs. I keep on getting pop-ups when I click on google search results, clicking the login button on facebook, and even when I click on the message pane here to start typing my message. I've used Malwarebytes, avast, and spybot search and destroy but even after the fixes I still get the pop-ups. I will greatly appreciate your help. I'm attaching below the DDS logs. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 Run by Ruth at 22:31:29 on 2013-05-04 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2037.852 [GMT 8:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\SupportAppXL\cdrom_mon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe C:\ProgramData\DatacardService\HWDeviceService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\TPHDEXLG.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\System32\TpShocks.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Users\Ruth\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.ph/ mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: MyPlayCity Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Google Update] "c:\users\ruth\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [TpShocks] c:\windows\system32\TpShocks.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" StartupFolder: c:\users\ruth\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ruth\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 TCP: Interfaces\{2DA1B015-42C6-4044-8F25-19ED96FCDC71} : DHCPNameServer = 192.168.254.1 TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF}\37B6972627F616462616E646 : DHCPNameServer = 111.68.59.70 114.108.192.30 TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF}\D4142514B41494 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{2F40EE69-D2AA-4271-8DF6-DFCE2C8569CF}\D69616023616374727F6 : DHCPNameServer = 121.1.3.81 121.1.3.16 TCP: Interfaces\{7EA86EDC-ECDC-4DD3-93CD-CB17FF2A0DB5} : DHCPNameServer = 10.198.220.124 202.126.40.5 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\f6qow5hi.default\ FF - prefs.js: browser.startup.homepage - about:home FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\users\ruth\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-3 49248] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-16 20496] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-16 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-16 368176] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-16 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-16 66336] R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2008-11-26 81920] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-10 45248] R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-16 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-1 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-1 701512] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-4 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-4 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-4 168384] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-8 43944] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-16 29472] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-10-30 73984] R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-3-21 275496] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-1 22856] R3 vm331avs;Digital Camera 1;c:\windows\system32\drivers\vm331avs.sys [2011-3-16 184448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\globe tattoo broadband\updatedog\ouc.exe [2012-10-30 655712] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-3 164736] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-10-30 102784] S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-10-30 11136] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-10-30 89856] S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-10-30 26624] S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2012-10-30 190976] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-3-16 174592] S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704] . =============== Created Last 30 ================ . 2013-05-04 02:45:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-05-04 02:45:12 15224 ----a-w- c:\windows\system32\sdnclean.exe 2013-05-04 02:44:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2013-05-01 13:59:20 -------- d-----r- c:\program files\Skype 2013-05-01 04:09:02 -------- d-----w- c:\users\ruth\appdata\roaming\Malwarebytes 2013-05-01 04:08:41 -------- d-----w- c:\programdata\Malwarebytes 2013-05-01 04:08:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-01 04:08:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-01 04:08:20 -------- d-----w- c:\users\ruth\appdata\local\Programs 2013-04-14 03:06:15 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe . ==================== Find3M ==================== . 2013-05-04 02:26:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-04 02:26:25 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:33:24 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-06 23:33:24 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-06 23:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 23:33:23 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr . ============= FINISH: 22:32:31.53 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 3/16/2011 10:46:00 PM System Uptime: 5/4/2013 10:02:46 PM (0 hours ago) . Motherboard: LENOVO | | Mariana-3B Processor: Intel® Atom™ CPU N550 @ 1.50GHz | CPU 1 | 1500/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 254 GiB total, 117.829 GiB free. D: is FIXED (NTFS) - 29 GiB total, 28.224 GiB free. H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\VPC2004\0 Manufacturer: Name: PNP Device ID: ACPI\VPC2004\0 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A2\7&1AB35688&0&3451C9D23CA9_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A2\7&1AB35688&0&3451C9D23CA9_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&1AB35688&0&CC55AD2E01D5_C00000000 Service: . ==== System Restore Points =================== . RP69: 3/7/2013 9:21:30 PM - Scheduled Checkpoint RP70: 3/16/2013 1:17:07 PM - Removed Google SketchUp 8 RP71: 3/16/2013 1:27:36 PM - Removed Skype Click to Call RP72: 3/28/2013 8:46:04 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Active Protection System Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Anki Apple Application Support Apple Mobile Device Support Apple Software Update Around The World in 80 Days Ask Toolbar avast! Free Antivirus Bonjour Broadcom 802.11 Network Adapter Broadcom Gigabit NetLink Controller Camfrog Video Chat 6.3 CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio Dropbox EPSON TX110 Series Printer Uninstall Freemake Video Converter version 3.2.1 Globe Broadband Globe Tattoo Broadband Google Chrome iCloud Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology iTunes Japanese Fonts Support For Adobe Reader X Lenovo Bluetooth with Enhanced Data Rate Software Lenovo EasyCamera Lenovo OneKey Recovery Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service oDesk Team OneNote Web Exporter (0.5.0) Picasa 3 QuickTime Rainbow Web Realtek USB 2.0 Card Reader RocketDock 1.3.5 Skype™ 6.3 SMART BRO Spybot - Search & Destroy VLC media player 1.1.11 Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) WinRAR 4.00 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 5/4/2013 10:06:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 5/4/2013 10:03:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect. 5/4/2013 10:03:16 PM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/27/2013 1:56:58 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 4/27/2013 1:56:58 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.