asianmusicguy Posted June 12, 2013 ID:690211 Share Posted June 12, 2013 to be clear nonr of my regular scans are detecting anything put on a whim today i ran a adwclearnersnd it found this APN PIP on the registryany ideas? let me know if we should run the cleaning processand i will post logs Link to post Share on other sites More sharing options...
asianmusicguy Posted June 12, 2013 Author ID:690245 Share Posted June 12, 2013 # AdwCleaner v2.303 - Logfile created 06/12/2013 at 11:40:23# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Branden - BRANDEN-PC# Boot Mode : Normal# Running from : C:\Users\Branden\Downloads\AdwCleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFolder Found : C:\Program Files (x86)\Common Files\TencentFolder Found : C:\Program Files (x86)\TencentFolder Found : C:\Users\Branden\AppData\Roaming\Tencent***** [Registry] *****Key Found : HKCU\Software\APN PIPKey Found : HKCU\Software\TENCENTKey Found : HKLM\Software\PIPKey Found : HKLM\Software\TENCENT***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16483[OK] Registry is clean.-\\ Mozilla Firefox v21.0 (en-US)File : C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\prefs.js[OK] File is clean.*************************AdwCleaner[R2].txt - [1053 octets] - [12/06/2013 11:40:23]########## EOF - C:\AdwCleaner[R2].txt - [1113 octets] ##########NOTE: i know about tencent ir ia in relaction to QQ internatiol a program I use to chat with friends overseasbut I am consired about the others Link to post Share on other sites More sharing options...
asianmusicguy Posted June 12, 2013 Author ID:690246 Share Posted June 12, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16483Run by Branden at 11:58:35 on 2013-06-12Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2814.1480 [GMT -2.5:30].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\HitmanPro\hmpsched.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LSI SoftModem\agr64svc.exeC:\Program Files (x86)\Comodo\Dragon\dragon_updater.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Microsoft LifeCam\MSCamS64.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Windows\system32\Dwm.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\COMODO\COMODO Internet Security\CisTray.exeC:\Windows\system32\taskeng.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\PeerBlock\peerblock.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Windows\system32\taskeng.exec:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXEC:\Windows\splwow64.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exeBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exemRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exemRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exemRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 24.222.0.94 24.222.0.95TCP: Interfaces\{67FEBE72-D610-4A8D-B371-F8EE823A48FE} : DHCPNameServer = 24.222.0.94 24.222.0.95Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exex64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dllFF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Users\Branden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - ExtSQL: 2013-05-08 00:24; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FFFF - ExtSQL: 2013-05-08 01:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF - ExtSQL: 2013-05-08 01:05; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpiFF - ExtSQL: 2013-05-08 01:06; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Branden\AppData\Roaming\Mozilla\Firefox\Profiles\66mx9q6i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-8 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-8 189936]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-8 1025808]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-8 378432]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-8 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-8 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-10 46808]R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-8 109352]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-8 239176]R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2013-5-8 24176]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-8 59392]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-8 1255736].=============== File Associations ===============.FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice].=============== Created Last 30 ================.2013-06-11 21:09:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-11 21:09:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 14:02:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D457CDEF-CEB6-4F50-BCC1-892EAFA6FB68}\mpengine.dll2013-06-05 14:19:39 56072 ----a-w- C:\Windows\System32\certsentry.dll2013-06-05 14:19:39 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll2013-06-04 19:48:35 -------- d-----w- C:\Users\Branden\AppData\Roaming\foobar20002013-06-04 19:48:19 -------- d-----w- C:\Program Files (x86)\foobar20002013-06-04 00:50:08 -------- d-----w- C:\Users\Branden\AppData\Local\Diagnostics2013-05-29 16:18:17 -------- d-----w- C:\Users\Branden\AppData\Local\fontconfig2013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\AppData\Local\gegl-0.22013-05-29 16:18:14 -------- d-----w- C:\Users\Branden\.gimp-2.82013-05-29 16:13:27 -------- d-----w- C:\Program Files\GIMP 22013-05-28 18:56:08 -------- d-----w- C:\Music2013-05-28 16:45:22 -------- d-----w- C:\Users\Branden\AppData\Roaming\DVD Flick2013-05-28 16:44:30 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll2013-05-28 16:44:29 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx2013-05-28 16:44:29 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx2013-05-28 16:44:29 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx2013-05-28 16:44:29 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx2013-05-28 16:44:29 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx2013-05-28 16:44:29 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx2013-05-28 16:44:29 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx2013-05-28 16:44:28 -------- d-----w- C:\Program Files (x86)\DVD Flick2013-05-26 21:08:16 -------- d-----w- C:\Program Files (x86)\BurnAware Free2013-05-24 22:52:33 -------- d-----w- C:\Users\Branden\AppData\Roaming\SynthMaker2013-05-24 22:52:26 -------- d-----w- C:\Users\Branden\AppData\Roaming\Acoustica2013-05-24 22:50:30 -------- d-----w- C:\Program Files (x86)\VST2013-05-24 22:49:53 -------- d-----w- C:\ProgramData\Acoustica2013-05-24 22:49:53 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 62013-05-21 23:49:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\Screaming Bee2013-05-21 23:49:24 -------- d-----w- C:\Program Files (x86)\Common Files\Screaming Bee2013-05-21 23:48:54 -------- d-----w- C:\ProgramData\Screaming Bee2013-05-21 23:28:41 -------- d-----w- C:\Program Files (x86)\Audacity2013-05-21 20:57:39 -------- d-----w- C:\Users\Branden\AppData\Roaming\Canneverbe Limited2013-05-21 20:57:39 -------- d-----w- C:\ProgramData\Canneverbe Limited2013-05-21 19:14:24 -------- d-----w- C:\cd images2013-05-18 17:53:49 -------- d-----w- C:\Users\Branden\AppData\Local\TSVNCache2013-05-17 17:01:07 -------- d-----w- C:\Users\Branden\AppData\Roaming\TortoiseSVN2013-05-17 16:58:10 -------- d-----w- C:\work2013-05-17 16:58:06 -------- d-----w- C:\Users\Branden\AppData\Roaming\Subversion2013-05-17 16:53:24 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays2013-05-17 16:53:19 -------- d-----w- C:\Program Files\TortoiseSVN2013-05-17 16:53:19 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays2013-05-17 16:51:36 -------- d-----w- C:\Users\Branden\AppData\Roaming\Unity2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Roaming\PACE Anti-Piracy2013-05-17 15:16:24 -------- d-----w- C:\Users\Branden\AppData\Local\PACE Anti-Piracy2013-05-17 15:16:24 -------- d-----w- C:\ProgramData\PACE Anti-Piracy2013-05-17 15:09:45 -------- d-----w- C:\Users\Branden\AppData\Local\Unity2013-05-17 15:02:33 -------- d-----w- C:\Program Files (x86)\Unity2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-15 21:48:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-15 19:51:32 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-05-15 19:51:32 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-05-15 19:51:32 144384 ----a-w- C:\Windows\System32\cdd.dll2013-05-15 19:51:05 1930752 ----a-w- C:\Windows\System32\authui.dll2013-05-15 19:51:03 111448 ----a-w- C:\Windows\System32\consent.exe2013-05-15 19:51:02 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-05-15 19:51:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-05-15 19:50:28 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll2013-05-15 19:50:28 230400 ----a-w- C:\Windows\System32\wwansvc.dll2013-05-15 19:50:25 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-05-14 19:21:05 -------- d--h--w- C:\VTRoot2013-05-14 17:41:24 -------- d-----w- C:\ProgramData\Shared Space2013-05-13 18:51:14 -------- d-----w- C:\Users\Branden\AppData\Local\ElevatedDiagnostics2013-05-13 17:36:24 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll2013-05-13 17:32:18 -------- d-----w- C:\Program Files (x86)\Common Files\HP2013-05-13 17:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard2013-05-13 17:31:30 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll2013-05-13 17:29:09 642360 ----a-w- C:\Windows\System32\hpzids40.dll2013-05-13 17:29:09 551424 ----a-w- C:\Windows\System32\hppldcoi.dll2013-05-13 17:29:08 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll2013-05-13 17:29:08 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll2013-05-13 17:29:08 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll.==================== Find3M ====================.2013-05-11 01:08:06 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr2013-05-08 21:16:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2013-05-08 21:16:28 175616 ----a-w- C:\Windows\System32\msclmd.dll2013-05-02 04:36:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-23 17:34:12 437176 ----a-w- C:\Windows\System32\guard64.dll2013-04-23 17:34:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll2013-04-15 21:08:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-04-15 21:08:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-04-15 21:08:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-04-15 21:08:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-04-15 21:08:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-04-15 21:08:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-04-15 21:08:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-04-15 21:08:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-04-04 17:20:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-30 00:12:42 3379272 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys2013-03-29 20:34:04 21170176 ----a-w- C:\Windows\System32\RCoRes64.dat2013-03-27 19:27:08 135240 ----a-w- C:\Windows\System32\RCoInstII64.dll2013-03-26 19:36:30 2797128 ----a-w- C:\Windows\System32\RtPgEx64.dll2013-03-26 19:34:40 2734624 ----a-w- C:\Windows\System32\FMAPO64.dll2013-03-26 18:10:04 3693128 ----a-w- C:\Windows\System32\RtkAPO64.dll2013-03-26 17:08:02 1659464 ----a-w- C:\Windows\System32\RTSnMg64.cpl2013-03-23 06:13:22 208072 ----a-w- C:\Windows\System32\AERTAC64.dll2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe.============= FINISH: 12:00:22.07 =============== Link to post Share on other sites More sharing options...
asianmusicguy Posted June 12, 2013 Author ID:690349 Share Posted June 12, 2013 just a little bump to be seen Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 25, 2013 Root Admin ID:695367 Share Posted June 25, 2013 I'm sorry your topic appears to have been overlooked due to multiple replies. If you're still needing help please do the following STEP 01 Backup the Registry: Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.Double click on erunt-setup.exe to Install ERUNT by following the prompts.Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable.Make sure that at least the first two check boxes are selected.Click on OKThen click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe STEP 02 Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 03 Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 04 Please download AdwCleaner by Xplode to your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.If prompted by the User Account Control click Yes to allow it to run.Under Actions click on the Delete button.Click OK on all prompts.You will be prompted to restart your computer. A text file will open after the restart.Please post the entire contents of that logfile to your next reply.You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.STEP 05 Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic.Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2013 Root Admin ID:699736 Share Posted July 7, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts