Author Topic: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:  (Read 1268 times)

Offline calotezz

  • Bronze Member
  • Posts: 3
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18057  BrowserJavaVersion: 10.67.2
Run by R. Miriam Hall at 22:52:52 on 2015-10-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2940.1477 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
C:\Windows\system32\GWX\GWX.exe
C:\Users\R. Miriam Hall\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Google Update] "C:\Users\R. Miriam Hall\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
uRun: [GoogleChromeAutoLaunch_0788AAA561A32E8F8966A36B38459702] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{E67A4104-C9C1-4FCB-A270-BF948C145575} : NameServer = 82.163.143.172,82.163.142.174
TCP: Interfaces\{E67A4104-C9C1-4FCB-A270-BF948C145575} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{E67A4104-C9C1-4FCB-A270-BF948C145575}\2456C6B696E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E67A4104-C9C1-4FCB-A270-BF948C145575}\3456E647572797C496E6B643339363 : NameServer = 82.163.143.172,82.163.142.174
TCP: Interfaces\{E67A4104-C9C1-4FCB-A270-BF948C145575}\3456E647572797C496E6B643339363 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{E67A4104-C9C1-4FCB-A270-BF948C145575}\3456E647572797C496E6B653730323 : DHCPNameServer = 192.168.0.1 205.171.2.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 0.0.0.1   mssplus.mcafee.com
Hosts: 0.0.0.1   mssplus.mcafee.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\R. Miriam Hall\AppData\Roaming\Mozilla\Firefox\Profiles\uwoid3y7.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
FF - plugin: C:\Users\R. Miriam Hall\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\R. Miriam Hall\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\R. Miriam Hall\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: plugin.state.npcontentblocker - 2
.
FF - user.js: plugin.state.nponlinebanking - 2
.
FF - user.js: plugin.state.npvkplugin - 2
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);C:\Windows\System32\drivers\cm_km_w.sys [2015-6-27 247016]
R1 klhk;klhk;C:\Windows\System32\drivers\klhk.sys [2015-7-19 225976]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2015-6-27 39280]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2015-6-27 24944]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2015-6-27 65208]
R1 Klwtp;Klwtp;C:\Windows\System32\drivers\klwtp.sys [2015-6-27 85360]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2015-6-27 190648]
R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [2015-6-27 194000]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2015-6-27 64368]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-9-9 517632]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2015-7-19 159960]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2015-6-27 40304]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-27 39280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-14 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-31 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-25 1255736]
.
=============== Created Last 30 ================
.
2015-10-15 03:28:31   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8203E47-5F48-4B2A-BFFE-DA66634E789F}\offreg.4492.dll
2015-10-14 13:44:58   1498624   ----a-w-   C:\Windows\SysWow64\ExplorerFrame.dll
2015-10-14 13:43:12   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-10-14 13:41:31   692672   ----a-w-   C:\Windows\System32\winload.efi
2015-10-14 13:41:31   616360   ----a-w-   C:\Windows\System32\winresume.efi
2015-10-14 13:41:26   63488   ----a-w-   C:\Windows\System32\setbcdlocale.dll
2015-10-14 13:41:26   59392   ----a-w-   C:\Windows\System32\appidapi.dll
2015-10-14 13:41:26   50688   ----a-w-   C:\Windows\SysWow64\appidapi.dll
2015-10-14 13:41:26   32768   ----a-w-   C:\Windows\System32\appidsvc.dll
2015-10-14 13:41:26   147456   ----a-w-   C:\Windows\System32\appidpolicyconverter.exe
2015-10-14 13:41:24   17920   ----a-w-   C:\Windows\System32\appidcertstorecheck.exe
2015-10-14 13:41:23   61440   ----a-w-   C:\Windows\System32\drivers\appid.sys
2015-10-13 12:56:37   11062400   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8203E47-5F48-4B2A-BFFE-DA66634E789F}\mpengine.dll
.
==================== Find3M  ====================
.
2015-10-14 03:57:54   780488   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-10-14 03:57:54   142536   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-08 05:03:35   190648   ----a-w-   C:\Windows\System32\drivers\kneps.sys
2015-09-29 03:16:51   5569472   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-09-29 03:13:50   1730496   ----a-w-   C:\Windows\System32\ntdll.dll
2015-09-29 03:11:19   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2015-09-29 03:11:19   243712   ----a-w-   C:\Windows\System32\wow64.dll
2015-09-29 03:11:19   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2015-09-29 03:11:19   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2015-09-29 03:11:06   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-09-29 03:11:03   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-09-29 03:11:01   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-09-29 03:11:01   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-09-29 03:10:59   1216512   ----a-w-   C:\Windows\System32\rpcrt4.dll
2015-09-29 03:10:56   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2015-09-29 03:10:55   315392   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-09-29 03:10:53   729088   ----a-w-   C:\Windows\System32\kerberos.dll
2015-09-29 03:10:53   424960   ----a-w-   C:\Windows\System32\KernelBase.dll
2015-09-29 03:10:47   44032   ----a-w-   C:\Windows\System32\cryptbase.dll
2015-09-29 03:10:47   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2015-09-29 03:10:47   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-09-29 03:10:30   112640   ----a-w-   C:\Windows\System32\smss.exe
2015-09-29 03:10:25   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-09-29 03:09:59   338432   ----a-w-   C:\Windows\System32\conhost.exe
2015-09-29 03:09:53   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-09-29 03:05:56   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-09-29 03:05:36   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-09-29 03:05:01   3990976   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05:01   3936192   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02:09   1311768   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2015-09-29 02:59:20   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-09-29 02:59:17   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-09-29 02:59:16   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-09-29 02:59:10   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2015-09-29 02:59:08   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-09-29 02:59:04   552960   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-09-29 02:58:57   36864   ----a-w-   C:\Windows\SysWow64\cryptbase.dll
2015-09-29 02:58:57   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-09-29 02:58:52   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2015-09-29 02:58:36   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2015-09-29 02:58:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-09-29 02:57:53   665088   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2015-09-29 02:57:53   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2015-09-29 02:57:52   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2015-09-29 02:53:44   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-09-29 02:53:28   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-09-29 01:50:29   159232   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2015-09-29 01:49:43   290816   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2015-09-29 01:49:31   129024   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2015-09-29 01:43:29   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2015-09-29 01:43:27   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2015-09-29 01:40:57   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-09-29 01:40:57   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 01:40:57   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 01:40:57   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-09-25 18:07:19   98816   ----a-w-   C:\Windows\System32\wudriver.dll
2015-09-25 18:07:19   3168768   ----a-w-   C:\Windows\System32\wucltux.dll
2015-09-25 18:07:19   192512   ----a-w-   C:\Windows\System32\wuwebv.dll
2015-09-25 18:06:54   91136   ----a-w-   C:\Windows\System32\WinSetupUI.dll
2015-09-25 18:06:44   12288   ----a-w-   C:\Windows\System32\wu.upgrade.ps.dll
2015-09-25 18:06:40   37888   ----a-w-   C:\Windows\System32\wuapp.exe
2015-09-25 17:59:08   93696   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2015-09-25 17:59:08   174080   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2015-09-25 17:58:25   35328   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2015-09-16 04:36:53   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-09-16 04:36:43   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-09-16 04:22:21   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-09-16 04:21:39   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-09-16 04:21:33   417792   ----a-w-   C:\Windows\System32\html.iec
2015-09-16 04:21:27   585728   ----a-w-   C:\Windows\System32\vbscript.dll
2015-09-16 04:21:17   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-09-16 04:09:30   5990912   ----a-w-   C:\Windows\System32\jscript9.dll
2015-09-16 04:08:40   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-09-16 04:08:38   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-09-16 04:08:23   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-09-16 04:01:30   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-16 03:50:29   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-16 03:45:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-09-16 03:33:26   504832   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-09-16 03:33:07   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-09-16 03:32:24   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2015-09-16 03:31:57   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-09-16 03:28:33   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-09-16 03:26:47   2126336   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-09-16 03:23:01   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-09-16 03:22:43   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-09-16 03:11:12   2487808   ----a-w-   C:\Windows\System32\wininet.dll
2015-09-16 03:10:46   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-09-16 03:05:51   4527616   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-09-16 02:55:49   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-09-16 02:55:45   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-09-16 02:37:26   2011136   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-09-15 18:17:05   157016   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-09-15 18:17:04   97112   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-09-15 18:11:30   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-09-15 18:11:30   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-09-15 18:11:28   342016   ----a-w-   C:\Windows\System32\schannel.dll
2015-09-15 18:11:28   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-09-15 18:11:24   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-09-15 18:11:20   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
.
============= FINISH: 22:53:44.61 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/24/2012 7:47:40 PM
System Uptime: 10/14/2015 10:11:04 PM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Pentium(R) Dual-Core CPU       T4400  @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 146.462 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 1 GiB total, 1.239 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
RP302: 9/25/2015 10:58:46 PM - Windows Update
RP303: 9/29/2015 3:14:30 AM - Windows Update
RP304: 10/2/2015 9:51:58 PM - Windows Update
RP305: 10/7/2015 1:02:14 AM - Windows Update
RP306: 10/8/2015 12:58:48 AM - Windows Update
RP307: 10/13/2015 7:55:55 AM - Windows Update
RP309: 10/14/2015 9:48:06 PM - Windows Modules Installer
RP310: 10/14/2015 9:49:01 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Flash Player 19 ActiveX
Adobe Refresh Manager
ATT-PRT22
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Definition Update for Microsoft Office 2010 (KB3085607) 64-Bit Edition
DNS Unlocker version 1.4
Google Chrome
Google Talk Plugin
Google Update Helper
Java 7 Update 67
Java Auto Updater
Kaspersky Internet Security
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Minecraft
Mozilla Firefox 36.0.1 (x86 en-US)
Mozilla Maintenance Service
SectionDouble
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)
Security Update for Microsoft Excel 2010 (KB3085609) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598244) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2965310) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB3054965) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB3085514) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Update for Microsoft Access 2010 (KB3055045) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 64-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 64-Bit Edition
Update for Microsoft Office 2010 (KB3055034) 64-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 64-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 64-Bit Edition
Update for Microsoft Office 2010 (KB3085512) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2965297) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB3085604) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB3085513) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 64-Bit Edition
Update for Microsoft Word 2010 (KB3085599) 64-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
10/8/2015 12:07:33 AM, Error: KLIF
  •   -

10/8/2015 12:07:01 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
10/8/2015 11:49:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DPS service.
10/7/2015 1:07:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.207.2126.0).
10/14/2015 10:15:29 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The system cannot find the file specified.
10/12/2015 1:38:33 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
.
==== End Of File ===========================


Malware detected: "pop ups", "redirects", virus: dds unlocker, HEUR:Trojan.win32.Generic Location:c:\Program...ersonal\SlipperyPersonal.ex
« Last Edit: October 23, 2015, 04:48:01 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #1 on: October 15, 2015, 03:19:49 AM »
Hello and welcome to SpywareHammer,

My screen name is kevinf80, either that or Kevin is good for replies. Ok lets continue:

P2P/illegal software Warning:

Quote
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the Forum policy on P2P and Illegal Software.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....
Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Let me see those logs in your reply....

Thank you,

Kevin...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #2 on: October 18, 2015, 01:20:13 PM »
Do you still need help...

Offline calotezz

  • Bronze Member
  • Posts: 3
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #3 on: October 19, 2015, 09:45:08 PM »
.txt file from FARBAR

Offline calotezz

  • Bronze Member
  • Posts: 3
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #4 on: October 19, 2015, 10:23:29 PM »
Rogue Killer .txt file. Thank you for all your help!!!!!!!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #5 on: October 20, 2015, 02:48:10 AM »
I also ask that you run Malwarebytes, was there any specific reason why that was not done? do not run now just follow the instructions that follow....

Please follow these instructions carefully:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=-
"DefaultConnectionSettings"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyServer"=-


Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.
Then reboot.

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Chrome is exploited and probably infected, we need to complete a "Clean Install" to remove exploits and patches.

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Next,

Please download Kaspersky Virus Removal Tool from http://devbuilds.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

  •   Right click on KVRT.exe and select Run as Administrator.
  •   Read the EULA, then select Accept.
  •   Wait for Kaspersky Virus Removal Tool to initialize.
  •   In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  •   Click Start scan.
  •   Wait for Kaspersky Virus Removal Tool to complete scanning.
  •   When the scan is finished, select Neutralize all for all detected objects.
  •   When complete select "Reports" let me see that log... If no malware/infection is found there will be no report.
  •   Close Kaspersky Virus Removal Tool when done.

Post the produced logs, also let me know if any remaining issues or concerns....



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #6 on: October 21, 2015, 02:45:44 PM »
Any progress.... :sd

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [InActive - K] "pop ups", "redirects", virus: DDS unlocker, HEUR:
« Reply #7 on: October 23, 2015, 04:46:20 AM »
Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!