Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help with some adware!!!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help with some adware!!!!!

Unread postby natasa78 » August 31st, 2012, 8:15 am

Please help...during a few days, I have extremely slowly working of computer, precisely browsing web pages. Kaspersky noted:

-Deleted adware not-a-virus:AdWare.Win32.RelevantKnowledge.a C:\WINDOWS\Temp\~osCC.tmp\rlxf.dll 29.08.12 21:18:06
-Deleted adware not-a-virus:AdWare.Win32.RelevantKnowledge.a C:\WINDOWS\Temp\~osF6.tmp\rlxf.dll 30.08.12 07:51:51
-Deleted adware not-a-virus:AdWare.Win32.RelevantKnowledge.a C:\WINDOWS\Temp\~os33.tmp\rlxf.dll 30.08.12 17:16:15

ComboFix noted:

ComboFix 12-08-30.05 - natasa 31.08.12 1:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1488 [GMT 2:00]
Running from: c:\documents and settings\natasa\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\natasa\Desktop\Muzika\2001 - Najveci Hitovi\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\dzenan\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\marko bulat\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\mile kitic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\narodna mix\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\haus paki\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Kucari od Marije\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\PJER\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Probrana zika pocetak godine\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\probrano nesto 2\David Guetta Live in Amsterdam\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\probrano nesto 2\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\probrano nesto\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\strana\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Sveze,sveze ZIKA CMan\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\Tore\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\Kucari\usb\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\aca lukas\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\aco pejovic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\adam\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ana nikolic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\baja\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\boza nikolic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\branka sovrlic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\bulat\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\cane\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\Ceca Raznatovic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ceca\CECA London MIX\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ceca\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dado polumenta\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\DOMACA\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\DOMACA\New Folder\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dragana mirkovic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dzej\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\dzenan\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\jaca muzika\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\jaca muzika\keva muzika\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\jani.zlo i ti\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\01 KAFANSKI HITOVI I\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\02 KAFANSKI HITOVI II\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\03 KAFANSKI HITOVI III\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kafanski hitovi\kafanski hitovi\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\karma\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\kemal\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\koktel bend\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\Lepa brena\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\luis\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\ljuba alicic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\maja marijana\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\MARINKO ROKVIC\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\marko bulat\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\medeni mesec\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\MEHO PUZIC\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\MEHO PUZIC\merlin\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\merlin\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\mile kitic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\Models\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\My Disc\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\narodno-zlitza!\halid beslic\Desktop_.ini
c:\documents and settings\natasa\Desktop\Muzika\zika kiki\narodnjaci\narodno-zlitza!\narodna muzika\To\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\36\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Blood diamond\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Blood diamond\My Disc (F)\Blood Diamond\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Blood diamond\My Disc (F)\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Body of lies\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Chaser\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\City of men\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Constant Gardener\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Deception[2008]DvDrip-aXXo\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Gladiator\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Gran Torino\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Avi\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Divx\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\misc\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Hannibal\Hannibal (F)\Wmp\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Miami vice\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Midnight exspres\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Monster\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Pianist\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Reader\AUDIO_TS\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Reader\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Reader\VIDEO_TS\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Install\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Install\MicroDVD\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Red dragon\NEW (F)\Video\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\seven pounds.[2008.Eng].DVDScr.DivX-LTT\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\Slumdog millionaire\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\The passion of the christ\Avi\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\The passion of the christ\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\Filmovi\The.Curious.Case.of.Benjamin.Button.DVDSCR.XviD-DEViSE\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\narodno-zlitza!\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\narodno-zlitza!\narodna muzika\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\nedeljko bajic baja\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\nino\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\sako polumenta\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\sasa matic\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\sinan sakic\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\ULTRA meGA mix of hits\Desktop_.ini
c:\documents and settings\natasa\Desktop\update\New Folder\Muzika\zika kiki\narodnjaci\zeljko vasic\Desktop_.ini
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\HDVid Web Player\HDVId091.dll
c:\program files\Realtek\Audio\InstallShield\Desktop_.ini
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\firefox\bootstrap.js
c:\program files\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files\RelevantKnowledge\firefox\harness-options.json
c:\program files\RelevantKnowledge\firefox\install.rdf
c:\program files\RelevantKnowledge\firefox\locale\en-GB.json
c:\program files\RelevantKnowledge\firefox\locale\eo.json
c:\program files\RelevantKnowledge\firefox\locale\fr-FR.json
c:\program files\RelevantKnowledge\firefox\locales.json
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js
c:\program files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js
c:\program files\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files\RelevantKnowledge\firefox\rlnx.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rlcm.crx
c:\program files\RelevantKnowledge\rlcm.txt
c:\program files\RelevantKnowledge\rlls.dl_
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\RelevantKnowledge\shfscp.dat
c:\windows\system32\DEBUG.log
d:\toshiba l300\BT-stack\Desktop_.ini
d:\toshiba l300\cmod-20080519190820\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\All\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ARA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ARB\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\CHS\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\CHT\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\CSY\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\DAN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\DEU\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ELL\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ENG\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ENU\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ESP\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\FIN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\FRA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\FRC\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\HEB\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\HUN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\ITA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\JPN\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\KOR\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\NLD\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\NOR\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\PLK\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\PTB\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\PTG\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\RUS\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\SVE\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\THA\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\CHIP\TRK\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Lang\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\Vista\Desktop_.ini
d:\toshiba l300\csutil-20080519182648\x64\Desktop_.ini
d:\toshiba l300\Desktop_.ini
d:\toshiba l300\mdm-20080519181029\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\VISTAXP2K\amd64\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\VISTAXP2K\Desktop_.ini
d:\toshiba l300\mdm-20080519185916\VISTAXP2K\x86\Desktop_.ini
d:\toshiba l300\mdm-20080519191204\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Config\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\Vista\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\Vista64\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\XP2K\Desktop_.ini
d:\toshiba l300\sound-20080519190647\HDMI\XP2K64\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K_XP\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K_XP\us\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K3\Desktop_.ini
d:\toshiba l300\sound-20080519190647\MSHDQFE\Win2K3\us\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Vista\Desktop_.ini
d:\toshiba l300\sound-20080519190647\Vista64\Desktop_.ini
d:\toshiba l300\sound-20080519190647\WDM\Desktop_.ini
d:\toshiba l300\Sound Driver\Config\Desktop_.ini
d:\toshiba l300\Sound Driver\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\VISTA\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\VISTA64\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\XP2K\Desktop_.ini
d:\toshiba l300\Sound Driver\HDMI\XP2K64\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K_XP\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K_XP\us\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K3\Desktop_.ini
d:\toshiba l300\Sound Driver\MSHDQFE\Win2K3\us\Desktop_.ini
d:\toshiba l300\Sound Driver\Vista\Desktop_.ini
d:\toshiba l300\Sound Driver\Vista64\Desktop_.ini
d:\toshiba l300\Sound Driver\WDM\Desktop_.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 05:54 . 2012-08-30 05:54 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-17 20:04 . 2012-08-17 20:06 -------- d-----w- c:\documents and settings\natasa\Local Settings\Application Data\Facebook
2012-08-01 18:51 . 2012-08-01 18:51 -------- d-----w- c:\documents and settings\natasa\Application Data\Search Settings
2012-08-01 18:50 . 2012-08-01 18:50 -------- d-----w- c:\program files\Application Updater
2012-08-01 18:50 . 2012-08-01 18:50 -------- d-----w- c:\program files\pdfforge Toolbar
2012-08-01 18:50 . 2012-08-01 18:50 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:00 . 2012-06-13 17:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 20:00 . 2011-06-29 20:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 07:59 . 2012-02-05 07:47 227073794 ----a-w- c:\program files\LibO_3.3.4_Win_x86_install_multi.exe
2012-02-05 07:48 . 2012-02-05 07:47 8962975 ----a-w- c:\program files\LibO_3.3.4_Win_x86_helppack_sh.exe
2011-08-17 18:19 . 2011-08-17 05:00 125460744 ----a-w- c:\program files\ZuneSetupPkg.exe
2011-07-04 20:48 . 2011-07-04 20:48 872209 ----a-w- c:\program files\APmpg4v1-702.exe
2011-07-04 18:08 . 2011-07-04 18:07 9032272 ----a-w- c:\program files\megamanager.exe
2011-07-04 17:32 . 2011-07-04 17:30 21022914 ----a-w- c:\program files\vlc-1.1.10-win32.exe
2012-08-30 05:54 . 2011-06-29 12:57 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-09-03 640888]
"Facebook Update"="c:\documents and settings\natasa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-17 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"RTHDCPL"="RTHDCPL.EXE" [2011-06-28 16859648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
.
c:\documents and settings\natasa\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Movie Torrent\\Movie Torrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [10/26/2011 4:32 AM 37280]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7/26/2012 7:40 PM 794560]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [10/20/2010 1:38 PM 141688]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [9/3/2009 3:24 PM 24848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/13/2012 7:48 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:42 AM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 20:00]
.
2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-113007714-1417001333-1003Core.job
- c:\documents and settings\natasa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-17 20:04]
.
2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-113007714-1417001333-1003UA.job
- c:\documents and settings\natasa\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-17 20:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/R ... FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/R ... CMSCCD.DLL
FF - ProfilePath - c:\documents and settings\natasa\Application Data\Mozilla\Firefox\Profiles\lfcacn2t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111009000104062&tb_oid=09-10-2011&tb_mrud=09-10-2011&query=
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 01:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1096)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Common Files\Spigot\Search Settings\wth.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-08-31 01:26:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 23:26
.
Pre-Run: 7.801.393.152 bytes free
Post-Run: 8.043.601.920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0CF84A0A83AB5B96E06058818B1AA20A

THANK YOU IN ADVANCE FOR ANY HELP!

Natasa
natasa78
Active Member
 
Posts: 3
Joined: August 30th, 2012, 7:35 pm
Advertisement
Register to Remove

Re: Please help with some adware!!!!!

Unread postby deltalima » August 31st, 2012, 8:18 am

ComboFix Log posted - no other log.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own, especially without the Recovery Console installed for XP or access to the Recovery Environment for Vista or Windows 7, is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.
Please follow the instructions, start a new topic and post your logs, include your ComboFix log in the same post.


This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware