Jump to content

PA2SK

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello again Borislav, You are correct, I have multiple anti virus programs installed. Normally I only use NOD32, however I tried additional programs to see if any of them could remove the infection. They all failed and I have now removed them. I am unable to disable NOD32 as access is locked by the network administrators. However I have run the scans you suggested anyway and I believe they were effective in removing the infection! I have posted the logs below, see if you agree. So far Google Chrome has not been directing me to anymore advertisement sites, which was my first indication I had a problem, but I will leave it open for a few hours and make sure. Thank you again for your help. If my system is indeed clean I will make a small donation to you. Thanks, Aaron ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.1.1 (07.15.2013:2)OS: Windows 7 Professional x64Ran by snydera on Wed 10/23/2013 at 14:11:40.65~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 10/23/2013 at 14:15:18.51End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.010 - Report created 23/10/2013 at 15:31:31# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username :# Running from : # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\PA2SK\AppData\Roaming\digitalsiteFile Deleted : C:\windows\Tasks\digitalsite.jobFile Deleted : C:\windows\System32\Tasks\digitalsite ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\dsiteproducts ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\PA2SK\AppData\Roaming\Mozilla\Firefox\Profiles\mfwztjcy.default\prefs.js ] [ File : C:\Users\helpme\AppData\Roaming\Mozilla\Firefox\Profiles\mxax0e5i.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\PA2SK\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1257 octets] - [23/10/2013 15:28:43]AdwCleaner[s0].txt - [1141 octets] - [23/10/2013 15:31:31] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1201 octets] ########## Malwarebytes Anti-Rootkit BETA 1.07.0.1007www.malwarebytes.org Database version: v2013.10.23.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721PA2SK :: PA2SK-WIN7 [administrator] 10/23/2013 3:35:34 PMmbar-log-2013-10-23 (15-35-34).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 368267Time elapsed: 8 minute(s), 36 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)
  2. Hello Borislav! Thank you for your help. I have run the scan and am posting results below. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2Run by PA2SK at 14:55:17 on 2013-10-22Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.32726.28648 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\nvwmi64.exeC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeC:\windows\system32\IProsetMonitor.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\windows\System32\svchost.exe -k HPZ12C:\windows\System32\svchost.exe -k HPZ12C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exeC:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\windows\system32\nvwmi64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\wpkg\WPKGSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Altiris\Dagent\dagent.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Altiris\Dagent\dagentui.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\windows\system32\rundll32.exeC:\windows\SysWOW64\rundll32.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Users\snydera\AppData\Local\Akamai\netsession_win.exeC:\Users\snydera\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exeC:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exeC:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\Citrix\ICA Client\redirector.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3DxVirtualLCD.exeC:\Program Files (x86)\Citrix\Receiver\Receiver.exeC:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3DxNumPad.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\System32\mobsync.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\WUDFHost.exeC:\windows\system32\taskeng.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <local>;*.localmWinlogon: Userinit = userinit.exeBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dlluRun: [Akamai NetSession Interface] "C:\Users\snydera\AppData\Local\Akamai\netsession_win.exe"mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startupmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~2.LNK - C:\windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START3~1.LNK - C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: ForceStartMenuLogOff = dword:1uPolicies-Explorer: HideSCAHealth = dword:1mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: NoPublishingWizard = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoWebServices = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableInstallerDetection = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableSecureUIAPaths = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: dontdisplaylastusername = dword:1IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTCP: NameServer = 35.8.35.149 35.9.56.201 35.8.33.24TCP: Interfaces\{235229E0-65D7-4BE0-B0CE-A4F528FCFABB} : DHCPNameServer = 35.8.35.149 35.9.56.201 35.8.33.24Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [DagentUI] C:\Program Files\Altiris\Dagent\dagentui.exex64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservicex64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquietx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareTray.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-Notify: WPKGLogon - C:\Program Files\wpkg\wpkglogon.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\snydera\AppData\Roaming\Mozilla\Firefox\Profiles\mfwztjcy.default\FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dllFF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dllFF - plugin: C:\Program Files (x86)\Citrix\Streaming Client\nprade.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dllFF - plugin: C:\windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-4-16 578008]R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-4-16 26072]R0 iaStorS;iaStorS;C:\windows\System32\drivers\iaStorS.sys [2013-4-16 652760]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-11-8 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2013-6-4 95152]R2 Altiris Deployment Agent;Altiris Deployment Agent;C:\Program Files\Altiris\Dagent\dagent.exe [2010-3-22 1960784]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2009-11-16 123200]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2013-4-16 14808]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\windows\System32\IPROSetMonitor.exe [2013-1-3 183200]R2 NVWMI;NVIDIA WMI Provider;C:\windows\System32\nvwmi64.exe [2013-7-30 1248544]R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2013;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2013-4-25 218248]R2 WpkgService;WPKG Service;C:\Program Files\wpkg\WPKGSrv.exe [2010-2-10 330752]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-11-8 80384]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-11-8 181248]R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareService.exe [2013-10-14 517344]S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2013-7-30 24576]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-5-24 116752]S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2013-7-6 77352]S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2012-5-10 71168]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-10-12 1431888]S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-10 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-24 413800]S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-10 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-4-10 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-10 1255736].=============== File Associations ===============.FileExt: .scr: DWGTrueViewScriptFile=C:\windows\System32\notepad.exe "%1".=============== Created Last 30 ================.2013-10-22 15:10:49 -------- d-----w- C:\ProgramData\Malwarebytes2013-10-22 15:10:46 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-22 15:10:45 116440 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys2013-10-22 14:27:52 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys2013-10-21 21:12:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35576381-C858-47A6-A21C-BCB3E1C69B16}\mpengine.dll2013-10-20 21:12:37 10280728 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-18 13:08:35 -------- d-----w- C:\Users\snydera\AppData\Roaming\LavasoftStatistics2013-10-18 13:05:21 -------- d-----w- C:\Program Files\Lavasoft2013-10-18 13:04:26 -------- d-----w- C:\Program Files\Common Files\Lavasoft2013-10-17 14:08:42 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll2013-10-17 14:08:00 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-10-17 13:53:16 -------- d-----w- C:\Program Files (x86)\Common Files\PDF Architect2013-10-17 13:52:45 -------- d-----w- C:\Users\snydera\AppData\Roaming\PDF Architect2013-10-17 13:50:10 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{186201B3-E61A-4A59-AF8D-8313836E61EB}\gapaengine.dll2013-10-17 13:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-10-17 13:49:02 -------- d-----w- C:\Program Files\Microsoft Security Client2013-10-14 20:56:46 -------- d-----w- C:\Program Files (x86)\PDFCreator2013-10-14 12:50:43 137000 ----a-w- C:\windows\SysWow64\MSMAPI32.OCX2013-10-14 12:50:42 23552 ----a-w- C:\windows\SysWow64\MSMPIDE.DLL2013-10-14 12:48:56 -------- d-----w- C:\Users\snydera\AppData\Local\Programs2013-10-14 12:48:21 -------- d-----w- C:\Program Files\DivX2013-10-14 12:48:19 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared2013-10-14 12:47:08 -------- d-----w- C:\Users\snydera\AppData\Roaming\LavFilters2013-10-14 12:47:08 -------- d-----w- C:\Users\snydera\AppData\Roaming\CDXReader2013-10-14 12:47:08 -------- d-----w- C:\ProgramData\DivX2013-10-14 12:47:08 -------- d-----w- C:\Program Files (x86)\OpenSource Flash Video Splitter2013-10-14 12:47:08 -------- d-----w- C:\Program Files (x86)\DSP-worx2013-10-14 12:46:59 -------- d-----w- C:\Users\snydera\AppData\Roaming\DigitalSite2013-10-13 09:33:49 633856 ----a-w- C:\windows\System32\comctl32.dll2013-10-13 09:33:49 530432 ----a-w- C:\windows\SysWow64\comctl32.dll2013-10-13 09:31:34 70656 ----a-w- C:\windows\SysWow64\fontsub.dll2013-10-13 09:31:34 46080 ----a-w- C:\windows\System32\atmlib.dll2013-10-13 09:31:34 41472 ----a-w- C:\windows\System32\lpk.dll2013-10-13 09:31:34 368128 ----a-w- C:\windows\System32\atmfd.dll2013-10-13 09:31:34 34304 ----a-w- C:\windows\SysWow64\atmlib.dll2013-10-13 09:31:34 295424 ----a-w- C:\windows\SysWow64\atmfd.dll2013-10-13 09:31:34 25600 ----a-w- C:\windows\SysWow64\lpk.dll2013-10-13 09:31:34 14336 ----a-w- C:\windows\System32\dciman32.dll2013-10-13 09:31:34 10240 ----a-w- C:\windows\SysWow64\dciman32.dll2013-10-13 09:31:34 100864 ----a-w- C:\windows\System32\fontsub.dll2013-10-13 09:29:21 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys2013-10-13 09:28:15 100864 ----a-w- C:\windows\System32\drivers\usbcir.sys2013-10-13 09:27:59 76800 ----a-w- C:\windows\System32\drivers\hidclass.sys2013-10-13 09:27:59 32896 ----a-w- C:\windows\System32\drivers\hidparse.sys2013-10-13 09:27:33 81920 ----a-w- C:\windows\SysWow64\davclnt.dll2013-10-13 09:27:33 259584 ----a-w- C:\windows\System32\WebClnt.dll2013-10-13 09:27:33 205824 ----a-w- C:\windows\SysWow64\WebClnt.dll2013-10-13 09:27:33 140800 ----a-w- C:\windows\System32\drivers\mrxdav.sys2013-10-13 09:27:33 102400 ----a-w- C:\windows\System32\davclnt.dll2013-10-13 09:24:55 497152 ----a-w- C:\windows\System32\drivers\afd.sys2013-10-13 09:24:55 327168 ----a-w- C:\windows\System32\mswsock.dll2013-10-13 09:24:55 231424 ----a-w- C:\windows\SysWow64\mswsock.dll2013-10-13 09:24:55 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-10-13 09:23:25 3155968 ----a-w- C:\windows\System32\win32k.sys2013-10-13 09:02:21 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll2013-10-13 09:02:21 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-10-13 09:00:53 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys2013-10-13 09:00:43 461312 ----a-w- C:\windows\System32\scavengeui.dll2013-10-13 09:00:17 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2013-10-13 09:00:17 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2013-10-13 09:00:17 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys2013-10-13 09:00:17 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2013-10-13 09:00:17 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2013-10-13 09:00:17 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2013-10-13 09:00:17 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2013-10-13 03:26:26 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F381A586-E0E9-4947-A45E-A3E53A6BBFFC}\mpengine.dll2013-10-12 20:40:04 -------- d-----w- C:\ProgramData\Simpoe2013-10-12 20:36:35 -------- d-----w- C:\ProgramData\COSMOS Applications2013-10-12 20:36:23 -------- d-----w- C:\ProgramData\SolidWorks Flow Simulation2013-10-12 20:22:12 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared2013-10-04 19:44:19 -------- d-----w- C:\Program Files\iPod2013-10-04 19:44:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-10-04 19:44:18 -------- d-----w- C:\Program Files\iTunes2013-10-04 19:44:18 -------- d-----w- C:\Program Files (x86)\iTunes2013-09-30 19:18:55 -------- d-----w- C:\ProgramData\MentorGraphics2013-09-23 09:15:55 155584 ----a-w- C:\windows\System32\drivers\ataport.sys.==================== Find3M ====================.2013-10-08 22:51:08 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-08 22:51:08 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe2013-08-20 12:07:13 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-30 19:56:50 24576 ----a-w- C:\windows\SetupAfterRebootService.exe2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL.============= FINISH: 14:55:36.57 =============== attach - Copy.zip
  3. I downloaded what I thought was a free pdf creator from this website: http://www.pdfforge.org/pdfcreator. After installing the program I realized I had made a mistake and clicked on an ad disguised as the download link, you can see this if you go to the website. I immediately uninstalled the program but it's clear to me I now have an infection. Google Chrome periodically opens a new tab taking me to some advertisement sites with zero input from me. I tried Microsoft Security Essentials and AdAware to no effect. I also tried MalwareBytes which found nothing. I believe I have some kind of Google Redirect virus. This is new to me as I thought commercial security software would detect this type of infection and remove it but it seems that's not the case. I have run Rogue Killer and got the following report: Please help me get rid of this! RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : snydera [Admin rights]Mode : Scan -- Date : 10/22/2013 10:55:22| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V1][sUSP PATH] DigitalSite.job : C:\Users\snydera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND[V2][sUSP PATH] DigitalSite : C:\Users\snydera\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ATA WDC WD10EZEX-75Z SCSI Disk Device +++++--- User ---[MBR] 7e04da700ef3b6e8bf595cf454c4b401[bSP] d0db89ad5aabd261370ef493fad62b26 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 499 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1024000 | Size: 953368 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10222013_105522.txt >>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.