Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some type of adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Some type of adware

Unread postby natasa78 » August 30th, 2012, 7:42 pm

Please help...during a few days, I have extremely slowly working of computer, precisely browsing web pages. Kaspersky noted:

-Deleted adware not-a-virus:AdWare.Win32.RelevantKnowledge.a C:\WINDOWS\Temp\~osCC.tmp\rlxf.dll 29.08.12 21:18:06
-Deleted adware not-a-virus:AdWare.Win32.RelevantKnowledge.a C:\WINDOWS\Temp\~osF6.tmp\rlxf.dll 30.08.12 07:51:51
-Deleted adware not-a-virus:AdWare.Win32.RelevantKnowledge.a C:\WINDOWS\Temp\~os33.tmp\rlxf.dll 30.08.12 17:16:15

ComboFix noted:

ComboFix 12-08-30.05 - natasa 31.08.12 1:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1488 [GMT 2:00]
Running from: c:\documents and settings\natasa\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\natasa\Desktop\Muzika\2001 - Najveci Hitovi\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\dzenan\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\marko bulat\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\mile kitic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\narodna mix\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\haus paki\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Kucari od Marije\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\PJER\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Probrana zika pocetak godine\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\probrano nesto 2\David Guetta Live in Amsterdam\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\probrano nesto 2\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\probrano nesto\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\strana\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Sveze,sveze ZIKA CMan\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Tore\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\usb\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\aca lukas\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\aco pejovic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\adam\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ana nikolic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\baja\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\boza nikolic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\branka sovrlic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\bulat\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\cane\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\Ceca Raznatovic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ceca\CECA London MIX\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ceca\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dado polumenta\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\DOMACA\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\DOMACA\New Folder\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dragana mirkovic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dzej\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dzenan\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\jaca muzika\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\jaca muzika\keva muzika\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\jani.zlo i ti\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\01 KAFANSKI HITOVI I\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\02 KAFANSKI HITOVI II\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\03 KAFANSKI HITOVI III\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\karma\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kemal\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\koktel bend\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\Lepa brena\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\luis\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ljuba alicic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\maja marijana\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\MARINKO ROKVIC\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\marko bulat\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\medeni mesec\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\MEHO PUZIC\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\MEHO PUZIC\merlin\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\merlin\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\mile kitic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\Models\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\My Disc\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\narodno-zlitza!\halid beslic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\narodno-zlitza!\narodna muzika\To\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\36\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Blood diamond\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Blood diamond\My Disc (F)\Blood Diamond\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Blood diamond\My Disc (F)\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Body of lies\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Chaser\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\City of men\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Constant Gardener\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Deception[2008]DvDrip-aXXo\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Gladiator\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Gran Torino\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Avi\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Divx\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\misc\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Wmp\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Miami vice\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Midnight exspres\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Monster\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Pianist\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Reader\AUDIO_TS\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Reader\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Reader\VIDEO_TS\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Install\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Install\MicroDVD\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Video\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\seven pounds.[2008.Eng].DVDScr.DivX-LTT\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Slumdog millionaire\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\The passion of the christ\Avi\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\The passion of the christ\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\The.Curious.Case.of.Benjamin.Button.DVDSCR.XviD-DEViSE\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\narodno-zlitza!\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\narodno-zlitza!\narodna muzika\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\nedeljko bajic baja\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\nino\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\sako polumenta\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\sasa matic\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\sinan sakic\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\ULTRA meGA mix of hits\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\zeljko vasic\Desktop_.ini
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\HDVid Web Player\HDVId091.dll
c:\program files\Realtek\Audio\InstallShield\Desktop_.ini
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\firefox\bootstrap.js
c:\program files\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files\RelevantKnowledge\firefox\harness-options.json
c:\program files\RelevantKnowledge\firefox\install.rdf
c:\program files\RelevantKnowledge\firefox\locale\en-GB.json
c:\program files\RelevantKnowledge\firefox\locale\eo.json
c:\program files\RelevantKnowledge\firefox\locale\fr-FR.json
c:\program files\RelevantKnowledge\firefox\locales.json
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js
c:\program files\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files\RelevantKnowledge\firefox\rlnx.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rlls.dl_
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\RelevantKnowledge\shfscp.dat
c:\windows\system32\DEBUG.log
d:\toshiba l300\BT-stack\Desktop_.ini
d:\toshiba l300\cmod-20080519190820\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\All\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ARA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ARB\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\CHS\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\CHT\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\CSY\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\DAN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\DEU\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ELL\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ENG\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ENU\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ESP\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\FIN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\FRA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\FRC\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\HEB\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\HUN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ITA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\JPN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\KOR\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\NLD\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\NOR\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\PLK\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\PTB\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\PTG\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\RUS\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\SVE\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\THA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\TRK\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Vista\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\x64\Desktop_.ini
d:\toshiba l300\Desktop_.ini
d:\toshiba l300\mdm-20080519181029\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\VISTAXP2K\amd64\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\VISTAXP2K\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\VISTAXP2K\x86\Desktop_.ini
d:\toshiba l300\mdm-20080519191204\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Config\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\Vista\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\Vista64\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\XP2K\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\XP2K64\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K_XP\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K_XP\us\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K3\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K3\us\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Vista\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Vista64\Desktop_.ini
d:\toshiba l300\sound-20080519190647\WDM\Desktop_.ini
d:\toshiba l300\Sound Driver\Config\Desktop_.ini
d:\toshiba l300\Sound Driver\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\VISTA\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\VISTA64\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\XP2K\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\XP2K64\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K_XP\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K_XP\us\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K3\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K3\us\Desktop_.ini
d:\toshiba l300\Sound Driver\Vista\Desktop_.ini
d:\toshiba l300\Sound Driver\Vista64\Desktop_.ini
d:\toshiba l300\Sound Driver\WDM\Desktop_.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 05:54 . 2012-08-30 05:54 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-17 20:04 . 2012-08-17 20:06 -------- d-----w- c:\documents and settings\natasa\Local Settings\Application Data\Facebook
2012-08-01 18:51 . 2012-08-01 18:51 -------- d-----w- c:\documents and settings\natasa\Application Data\Search Settings
2012-08-01 18:50 . 2012-08-01 18:50 -------- d-----w- c:\program files\Application Updater
2012-08-01 18:50 . 2012-08-01 18:50 -------- d-----w- c:\program files\pdfforge Toolbar
2012-08-01 18:50 . 2012-08-01 18:50 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:00 . 2012-06-13 17:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 20:00 . 2011-06-29 20:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 07:59 . 2012-02-05 07:47 227073794 ----a-w- c:\program files\LibO_3.3.4_Win_x86_install_multi.exe
2012-02-05 07:48 . 2012-02-05 07:47 8962975 ----a-w- c:\program files\LibO_3.3.4_Win_x86_helppack_sh.exe
2011-08-17 18:19 . 2011-08-17 05:00 125460744 ----a-w- c:\program files\ZuneSetupPkg.exe
2011-07-04 20:48 . 2011-07-04 20:48 872209 ----a-w- c:\program files\APmpg4v1-702.exe
2011-07-04 18:08 . 2011-07-04 18:07 9032272 ----a-w- c:\program files\megamanager.exe
2011-07-04 17:32 . 2011-07-04 17:30 21022914 ----a-w- c:\program files\vlc-1.1.10-win32.exe
2012-08-30 05:54 . 2011-06-29 12:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-09-03 640888]
"Facebook Update"="c:\documents and settings\natasa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-17 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"RTHDCPL"="RTHDCPL.EXE" [2011-06-28 16859648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
.
c:\documents and settings\natasa\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Movie Torrent\\Movie Torrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [10/26/2011 4:32 AM 37280]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7/26/2012 7:40 PM 794560]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [10/20/2010 1:38 PM 141688]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [9/3/2009 3:24 PM 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/13/2012 7:48 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:42 AM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 20:00]
.
2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-113007714-1417001333-1003Core.job
- c:\documents and settings\natasa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-17 20:04]
.
2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-113007714-1417001333-1003UA.job
- c:\documents and settings\natasa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-17 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/R ... FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/R ... CMSCCD.DLL
FF - ProfilePath - c:\documents and settings\natasa\Application Data\Mozilla\Firefox\Profiles\lfcacn2t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111009000104062&tb_oid=09-10-2011&tb_mrud=09-10-2011&query=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 01:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1096)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Common Files\Spigot\Search Settings\wth.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-08-31 01:26:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 23:26
.
Pre-Run: 7.801.393.152 bytes free
Post-Run: 8.043.601.920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0CF84A0A83AB5B96E06058818B1AA20A

THANK YOU IN ADVANCE FOR ANY HELP!

Natasa
natasa78
Active Member
 
Posts: 3
Joined: August 30th, 2012, 7:35 pm
Advertisement
Register to Remove

Re: Some type of adware

Unread postby NonSuch » August 31st, 2012, 1:33 am

Your post has been removed from another person's topic. Neither help nor comments, nor your log(s) are welcomed in topics not your own. If you require assistance, you must start your own topic and post your own DDS log.

Please avail yourself of the rules for posting in the Malware Removal room:

http://www.malwareremoval.com/forum/vie ... 11&t=47959

viewtopic.php?p=494335#p494335

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware