Ads popping up in bottom left corner

[Kobb]

Good Morning,

My PC is infected, the 2 symtoms are:

• Ads popping up in bottom left corner
  
• Some Google results misdirect to ad-sites
  

Thank you very much for your precious time helping me!

regards

Kobb

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Raphael at 13:46:08 on 2013-05-16

Microsoft Windows 8 Pro 6.2.9200.0.1252.41.2057.18.3992.2501 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dashost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ch/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [DU Meter] "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"

mRunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"

mRunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"

IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{7BFFD577-E8CF-4CE5-B110-DAA9241EA445} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{86C70A44-0B62-47C8-8D6A-691DD3428919} : DHCPNameServer = 10.9.11.21 10.9.11.22

TCP: Interfaces\{E8041559-0193-47B3-948D-875C9CF31AB6} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{E8041559-0193-47B3-948D-875C9CF31AB6}\960586F6E656 : DHCPNameServer = 194.230.55.97 212.98.37.131

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\qkwt1a52.default\

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2013-04-28 06:01; hOUiT7au@i0ixSKgctyasBk.com; C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\qkwt1a52.default\extensions\hOUiT7au@i0ixSKgctyasBk.com.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\Drivers\fltsrv.sys [2013-1-22 155272]

R0 gfibto;gfibto;C:\Windows\System32\Drivers\gfibto.sys [2013-5-15 14456]

R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\Drivers\tib_mounter.sys [2013-1-22 1093256]

R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-23 1025808]

R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-1-23 378432]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-1-22 3729400]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-1-23 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-23 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-23 44808]

R2 rimspci;rimspci;C:\Windows\System32\Drivers\rimspe64.sys [2009-10-26 61952]

R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2012-10-9 143024]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7027752]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-11 3467768]

R3 afcdp;afcdp;C:\Windows\System32\Drivers\afcdp.sys [2013-1-22 367200]

R3 e1yexpress;Intel® Gigabit-Netzwerkverbindungstreiber;C:\Windows\System32\Drivers\e1y60x64.sys [2012-6-2 283136]

R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

RUnknown aswnet;aswnet; [x]

S0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-5-16 65336]

S0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-5-16 189936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\Drivers\netaapl64.sys [2012-3-26 22528]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-3-11 19032]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-3-11 12384]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 vmbusr;Anbieter für Bus des virtuellen Computers;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]

.

=============== Created Last 30 ================

.

2013-05-16 10:55:57 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-16 10:55:57 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-16 10:04:15 -------- d-----w- C:\Users\Raphael\AppData\Roaming\Malwarebytes

2013-05-16 10:03:42 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-16 10:03:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-16 10:03:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-15 12:50:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-05-15 12:49:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-05-15 11:31:28 -------- d-----w- C:\Program Files\Synaptics

2013-05-15 10:07:49 -------- d-----w- C:\Users\Raphael\AppData\Roaming\LavasoftStatistics

2013-05-15 09:55:40 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-05-15 09:54:17 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-05-15 09:37:42 388096 ----a-r- C:\Users\Raphael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-05-15 09:37:42 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-05-13 17:25:34 -------- d-----w- C:\Program Files (x86)\Excel Password Unlocker

2013-05-13 16:50:00 -------- d-----w- C:\Users\Raphael\Downloads

2013-05-11 17:09:53 -------- d-----w- C:\Program Files (x86)\Audacity

2013-05-05 10:59:24 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-26 11:35:08 1161728 ----a-w- C:\Windows\System32\sppobjs.dll

2013-04-26 11:33:54 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys

2013-04-26 11:32:59 240640 ----a-w- C:\Windows\System32\fsquirt.exe

2013-04-26 11:29:23 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-04-26 11:29:23 1011200 ----a-w- C:\Windows\System32\reseteng.dll

2013-04-26 11:27:39 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-04-26 11:27:37 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-23 23:23:02 178416 ----a-w- C:\Windows\System32\SynTPCo14.dll

2013-04-23 23:23:00 460528 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2013-04-23 23:23:00 114416 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2013-04-23 23:23:00 1048816 ----a-w- C:\Windows\System32\SynCOM.dll

2013-04-23 23:22:58 229616 ----a-w- C:\Windows\System32\SynTPAPI.dll

2013-04-23 23:22:58 1048576 ----a-w- C:\Windows\System32\syndata.bin

2013-04-23 23:22:56 540400 ----a-w- C:\Windows\SysWow64\SynCOM.dll

2013-04-21 15:11:20 -------- d-----w- C:\Users\Raphael\AppData\Roaming\pdfforge

2013-04-21 15:11:18 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX

2013-04-21 15:11:17 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2013-04-21 15:11:13 110264 ----a-w- C:\Windows\System32\pdfcmon.dll

2013-04-21 15:11:12 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL

2013-04-21 15:11:12 -------- d-----w- C:\Program Files (x86)\PDFCreator

.

==================== Find3M ====================

.

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-15 11:56:38 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-15 11:56:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-03 15:30:21 503352 ----a-w- C:\Windows\System32\drivers\sptd.sys

2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys

2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys

2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys

2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys

2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys

2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe

2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll

2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll

2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll

2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll

2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll

2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll

2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll

2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll

2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll

2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl

2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll

2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll

2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll

2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll

2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll

2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll

2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll

2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll

2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll

2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll

2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl

2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys

2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys

2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys

2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll

2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

.

============= FINISH: 13:46:36,00 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 15.01.2013 21:33:33

System Uptime: 16.05.2013 09:54:43 (4 hours ago)

.

Motherboard: LENOVO | | 2808D9G

Processor: Intel® Core™2 Duo CPU P9400 @ 2.40GHz | None | 2401/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 41 GiB total, 8,262 GiB free.

D: is FIXED (NTFS) - 78 GiB total, 22,351 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Serieller PCI-Anschluss

Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_20EC17AA&REV_07\3&33FD14CA&0&1B

Manufacturer:

Name: Serieller PCI-Anschluss

PNP Device ID: PCI\VEN_8086&DEV_2A47&SUBSYS_20EC17AA&REV_07\3&33FD14CA&0&1B

Service:

.

Class GUID:

Description: PCI-Kommunikationscontroller (einfach)

Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&33FD14CA&0&18

Manufacturer:

Name: PCI-Kommunikationscontroller (einfach)

PNP Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&33FD14CA&0&18

Service:

.

==== System Restore Points ===================

.

RP31: 13.05.2013 13:34:06 - Scheduled Checkpoint

RP32: 15.05.2013 11:37:26 - Installed HiJackThis

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 3 (SP3)

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.01) - Deutsch

AllSync 3.1.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 2.0.3

avast! Free Antivirus

Bonjour

calibre

Dropbox

E-Finance Java

FileZilla Client 3.6.0.2

HiJackThis

iTunes

Java 7 Update 21

Java Auto Updater

Lenovo Power Management Driver

Malwarebytes Anti-Malware Version 1.75.0.1300

Microsoft-Maus- und Tastatur-Center

Microsoft Office Access MUI (German) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office Groove MUI (German) 2007

Microsoft Office InfoPath MUI (German) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office Outlook MUI (German) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Publisher MUI (German) 2007

Microsoft Office Shared 64-bit MUI (German) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office Word MUI (German) 2007

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 20.0.1 (x86 de)

Mozilla Maintenance Service

PDFCreator

Skype™ 6.1

Start8

TeamViewer 8

ThinkPad UltraNav Driver

True Image 2013

True Image 2013 Plus Pack

VLC media player 2.0.6

WinRAR archiver

.

==== End Of File ===========================

[Maniac]

Hello Kobb and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• RogueKiller log

[Kobb]

Hello Maniac,

thank you for helping me, I am very glad about that!

regards

Kobb

Log Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Datenbank Version: v2013.05.17.03

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Raphael :: HELDPAD [Administrator]

17.05.2013 10:54:35

mbam-log-2013-05-17 (10-54-35).txt

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 214670

Laufzeit: 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)

(Ende)

Log RogueKiller

RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy

mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com

Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Webseite : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Betriebssystem : Windows 8 (6.2.9200 ) 64 bits version

Gestartet in : Normaler Modus

Benutzer : Raphael [Admin Rechte]

Funktion : Scannen -- Datum : 05/17/2013 11:00:18

| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> GEFUNDEN

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activation.acronis.com

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 192.150.18.108

127.0.0.1 activate.adobe.com:443

127.0.0.1 3dns.adobe.com

127.0.0.1 3dns-1.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-4.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

[...]

¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MMCRE28G8MXP-0VBL1 +++++

--- User ---

[MBR] 02876ac2ee0d8f6e6b17d532734343a5

[bSP] ec8a41f426cde973ecdb1b1ec0b4d30e : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 41751 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 86224896 | Size: 80000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Abgeschlossen : << RKreport[1]_S_05172013_02d1100.txt >>

RKreport[1]_S_05172013_02d1100.txt

[Kobb]

Hello Maniac,

i noticed the log-file is in german, thats because I am from Switzerland. I changed applications to english now, here again:

regards Raphael

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.17.03

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Raphael :: HELDPAD [administrator]

17.05.2013 11:07:44

mbam-log-2013-05-17 (11-07-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214531

Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Raphael [Admin rights]

Mode : Scan -- Date : 05/17/2013 11:11:25

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activation.acronis.com

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 192.150.18.108

127.0.0.1 activate.adobe.com:443

127.0.0.1 3dns.adobe.com

127.0.0.1 3dns-1.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-4.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MMCRE28G8MXP-0VBL1 +++++

--- User ---

[MBR] 02876ac2ee0d8f6e6b17d532734343a5

[bSP] ec8a41f426cde973ecdb1b1ec0b4d30e : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 41751 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 86224896 | Size: 80000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05172013_02d1111.txt >>

RKreport[1]_S_05172013_02d1111.txt

[Kobb]

and I forgot to mention, the problem with the ads only occur on firefox, not on Internet Explorer. But I don't use IE usually.

thanks

Raphael

[AdvancedSetup]

This topic has been closed due to signs of software Piracy

127.0.0.1 activation.acronis.com

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 192.150.18.108

127.0.0.1 activate.adobe.com:443

127.0.0.1 3dns.adobe.com

127.0.0.1 3dns-1.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-4.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 www.adobeereg.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

[AdvancedSetup]

I have re-opened the topic and will assist the user in good faith removal of cracked software.

Please visit this webpage for instructions on running ComboFix:

Ensure that your antivirus is disabled when running combofix

http://www.bleepingc...to-use-combofix

When the tool is finished, it will produce a report for you.

Please attach the C:\ComboFix.txt log on your next reply so that we can continue checking and cleaning the system.

NOTE:!! NOTE:!!

If you get a message similar to this: "Illegal operation attempted on a registry key that has been marked for deletion" please just restart your computer and everything should start working again.

[Kobb]

Hello Ron,

i tried to install comboFix, but i says it doesnt work with win8. What should I do next?

regards

Kobb

[AdvancedSetup]

You have a couple of issues being reported that appear to be software drivers that are either missing or possibly not supported on Windows 8

You have an SPTD error showing in the Event Logs

SCSI Pass Through Direct (SPTD) is a proprietary device driver and application programming interface (API) developed by Duplex Secure Ltd.

You also have this error for a missing driver but not sure what the device is but should not be malware related.

Name: Serial PCI connector

Description: PCI-serial port

So at this time what issues are you having and does the computer appear to be infected?

Are the Ads popups still happening?

[AdvancedSetup]

Please note that in all cases I would prefer to get the logs as attachments not posted directly into your reply.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from here
  
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  
• Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected.

  [*]Click on OK

  [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
  
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7/8, double-click on XP.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next reply message
  
• When completed make sure to re-enable your antivirus
  

STEP 03

Please download AdwCleaner by Xplode to your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• If prompted by the User Account Control click Yes to allow it to run.
  
• Under Actions click on the Delete button.
  
• Click OK on all prompts.
  
• You will be prompted to restart your computer. A text file will open after the restart.
  
• Please post the entire contents of that logfile to your next reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
  

STEP 04

Please run the following scanner and post back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:
• 
  
  1. DDS.txt
     
  2. Attach.txt
     

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[Kobb]

Hello Ron,

all steps done.

JRT.txt

AdwCleanerS1.txt

dds.txt

attach.txt

thanks

regards

Kobb

[AdvancedSetup]

Please try running the JRT (Junkware Removal Tool) again but make sure that your antivirus is disabled and that you right click and choose "Run as administrator"

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• Report FF Proxy Settings
  
• Reset FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Devices
  
• List Users, Partitions and Memory size.
  
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

[AdvancedSetup]

Just checking back to see if you've had time to run this yet or not.

[Kobb]

Hello Ron,

ok I ran JRT and Minitoolbox.

regards

Kobb

Result.txt

[AdvancedSetup]

Where is the JRT log file?

Are you still getting these popups or redirects?

[Kobb]

Hello Ron,

yes i did, but I forgot to post the JRT-Log.

I ran both again, here are the log files:

JRT.txt

Result.txt

regards

Kobb

[AdvancedSetup]

Have the pop ups gone away ?

[Kobb]

Hello Ron,

no, the Pop ups stay the same in Firefox. By the way: Internet Explorer is not affected.

regards

Kobb

[AdvancedSetup]

Please visit this site and restore Firefox back to the factory default settings and let me know if that corrects it.

Restore Firefox Default Settings Without Uninstalling It

[Kobb]

Hello Ron,

the problems are solved. Thank you

regards

Raphael

[AdvancedSetup]

Great, glad to hear it.

I'll go ahead and close your post now then.

Please take the time to read the following and have a great upcoming weekend.

So how did I get infected in the first place?

Take care.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!