nip

Members

View Profile See their activity

Posts
3
Joined
August 1, 2011
Last visited
January 27, 2020

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by nip

Virus infection that won't go away

nip replied to nip's topic in Resolved Malware Removal Logs

Many thanks for the help. Below are the logs. When I tried to run Combofix it said that Sophos Anti-Virus was still running although I had uninstalled it a few days ago. I ran combofix anyways and it removed some files, which seems to have stopped the IP address redirects, and allowed me to successfully remove Sophos by deleting all of its files. The MBAM log is the most recent (post-Combofix) Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7373 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 8/4/2011 11:18:04 AM mbam-log-2011-08-04 (11-18-04).txt Scan type: Quick scan Objects scanned: 170357 Time elapsed: 3 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix ComboFix 11-08-03.03 - Nir 08/04/2011 8:23.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2727 [GMT 3:00] Running from: c:\users\Nir\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Nir\Documents\~WRL0005.tmp c:\users\Nir\Documents\~WRL0006.tmp c:\users\Nir\Documents\~WRL0147.tmp c:\users\Nir\Documents\~WRL3015.tmp . . ((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 ))))))))))))))))))))))))))))))) . . 2011-08-04 05:33 . 2011-08-04 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-30 13:04 . 2011-07-30 13:04 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems 2011-07-30 13:04 . 2011-05-23 14:59 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe 2011-07-30 06:04 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-30 06:04 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-30 06:04 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-30 06:04 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-30 06:04 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-30 06:04 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-30 06:04 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-30 06:04 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr 2011-07-30 06:04 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-07-30 06:04 . 2011-07-30 06:04 -------- d-----w- c:\programdata\AVAST Software 2011-07-30 06:04 . 2011-07-30 06:04 -------- d-----w- c:\program files\AVAST Software 2011-07-29 10:24 . 2011-07-30 13:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-29 10:21 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A358B4-0E13-4F67-8955-EAC31BA85839}\mpengine.dll 2011-07-29 09:49 . 2011-07-30 21:56 -------- d-----w- C:\sh4ldr 2011-07-29 09:49 . 2011-07-29 09:49 -------- d-----w- c:\program files\Enigma Software Group 2011-07-29 09:49 . 2011-07-30 21:56 -------- d-----w- c:\windows\8AE3EC14EAF84064958AC340C66EDD44.TMP 2011-07-29 09:48 . 2011-07-29 09:48 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2011-07-29 09:19 . 2011-07-29 09:19 -------- d-----w- C:\VundoFix Backups 2011-07-29 07:49 . 2011-07-29 07:49 388096 ----a-r- c:\users\Nir\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-29 07:49 . 2011-07-29 07:49 -------- d-----w- c:\program files (x86)\Trend Micro 2011-07-29 07:23 . 2011-07-29 07:23 -------- d-----w- c:\users\Nir\AppData\Roaming\Malwarebytes 2011-07-29 07:22 . 2011-07-06 16:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-29 07:22 . 2011-07-29 07:22 -------- d-----w- c:\programdata\Malwarebytes 2011-07-29 07:22 . 2011-08-01 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-29 07:22 . 2011-07-06 16:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-28 18:14 . 2011-07-28 18:14 -------- d-----w- c:\programdata\A-PDF 2011-07-28 18:13 . 2011-07-28 18:13 63488 --sha-r- c:\windows\SysWow64\C_100025.dll 2011-07-27 13:47 . 2011-07-27 13:47 -------- d-----w- c:\program files\iPod 2011-07-27 13:47 . 2011-07-27 13:48 -------- d-----w- c:\program files\iTunes 2011-07-27 13:44 . 2011-07-27 13:44 -------- d-----w- c:\program files\Bonjour 2011-07-27 13:44 . 2011-07-27 13:44 -------- d-----w- c:\program files (x86)\Bonjour 2011-07-27 13:23 . 2011-07-27 13:23 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-07-14 13:16 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-14 13:16 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-14 13:16 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-07-14 13:16 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe 2011-07-14 13:16 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-14 13:16 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-14 13:16 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-14 13:16 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-14 13:16 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-14 13:16 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-14 13:16 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-12 08:34 . 2011-07-12 08:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 08:34 . 2011-07-12 08:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 08:20 . 2011-07-12 08:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 08:20 . 2011-07-12 08:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-11 11:59 . 2011-07-11 11:59 -------- d-----w- c:\users\Nir\AppData\Local\WinZip 2011-07-08 20:47 . 2011-07-08 20:47 -------- d-----w- c:\users\Nir\AppData\Roaming\dvdcss . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 09:13 . 2011-06-24 09:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-22 15:01 . 2011-04-27 15:33 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2011-06-03 05:57 . 2011-07-14 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-27 06:33 . 2011-05-27 06:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-05-27 06:33 . 2011-05-27 06:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-05-27 06:33 . 2011-05-27 06:33 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-05-27 06:33 . 2011-05-27 06:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-05-27 06:33 . 2011-05-27 06:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-05-27 06:33 . 2011-05-27 06:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-05-27 06:33 . 2011-05-27 06:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-05-27 06:33 . 2011-05-27 06:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-05-27 06:33 . 2011-05-27 06:33 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-05-27 06:33 . 2011-05-27 06:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-05-27 06:33 . 2011-05-27 06:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-05-27 06:33 . 2011-05-27 06:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-05-27 06:33 . 2011-05-27 06:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-05-27 06:33 . 2011-05-27 06:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-05-27 06:33 . 2011-05-27 06:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-05-27 06:33 . 2011-05-27 06:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-05-27 06:33 . 2011-05-27 06:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-05-27 06:33 . 2011-05-27 06:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-05-27 06:33 . 2011-05-27 06:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-05-27 06:33 . 2011-05-27 06:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-27 06:33 . 2011-05-27 06:33 222208 ----a-w- c:\windows\system32\msls31.dll 2011-05-27 06:33 . 2011-05-27 06:33 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-05-27 06:32 . 2011-05-27 06:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-27 06:32 . 2011-05-27 06:32 12288 ----a-w- c:\windows\system32\mshta.exe 2011-05-27 06:32 . 2011-05-27 06:32 114176 ----a-w- c:\windows\system32\admparse.dll 2011-05-27 06:32 . 2011-05-27 06:32 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-05-27 06:32 . 2011-05-27 06:32 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-27 06:32 . 2011-05-27 06:32 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-27 06:32 . 2011-05-27 06:32 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-27 06:32 . 2011-05-27 06:32 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-27 06:32 . 2011-05-27 06:32 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-05-27 06:32 . 2011-05-27 06:32 448512 ----a-w- c:\windows\system32\html.iec 2011-05-27 06:32 . 2011-05-27 06:32 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-05-27 06:32 . 2011-05-27 06:32 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-27 06:32 . 2011-05-27 06:32 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-27 06:32 . 2011-05-27 06:32 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-05-27 06:32 . 2011-05-27 06:32 160256 ----a-w- c:\windows\system32\wextract.exe 2011-05-27 06:32 . 2011-05-27 06:32 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-05-24 16:14 . 2010-06-13 13:48 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:42 . 2011-06-29 22:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 22:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 22:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 22:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 22:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-05-23 15:06 . 2011-05-23 15:06 144160 ----a-w- c:\windows\system32\drivers\savonaccess.sys 2011-05-23 15:05 . 2011-05-23 15:05 26104 ----a-w- c:\windows\system32\drivers\sdcfilter.sys 2011-05-23 14:58 . 2011-05-23 14:57 183024 ----a-w- c:\windows\system32\sdccoinstaller.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-01-30 1219488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\users\Nir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Nir\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584] FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-9 12862] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-9 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [x] R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-06-22 52496] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-415731565-1628306373-2865189918-1000Core.job - c:\users\Nir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-21 04:40] . 2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-415731565-1628306373-2865189918-1000UA.job - c:\users\Nir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-21 04:40] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-08 616832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\3416666656E45627F67416C61647163716271697: NameServer = 208.67.222.222 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\944555D2E4544502D4963716669627: NameServer = 208.67.222.222 FF - ProfilePath - c:\users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\ FF - prefs.js: browser.startup.homepage - www.radikal.com.tr FF - prefs.js: network.proxy.type - 2 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd SafeBoot-SAVService Toolbar-Locked - (no file) AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-04 08:38:57 ComboFix-quarantined-files.txt 2011-08-04 05:38 . Pre-Run: 57,168,404,480 bytes free Post-Run: 56,402,784,256 bytes free . - - End Of File - - 5AAE8507A068074F0D696F8B3C82E91D
- August 4, 2011
- 6 replies
Virus infection that won't go away

nip replied to nip's topic in Resolved Malware Removal Logs

I realized that the log files were not attached in the original post so they are in the reply. ark (2).zip
- August 1, 2011
- 6 replies
Virus infection that won't go away

nip posted a topic in Resolved Malware Removal Logs

I've been attempting to get rid of a virus/malware for the past few days that I got from a downloaded .exe program that I foolishly opened. When I opened the file, I had Sophos Anti-Virus running. Since then, I've installed Malwarebytes, and other programs to no avail. I've also run scans with Eset, Trend Micro, etc. I've uninstalled Sophos and put on Avast running a variety of scans, including boottime scans, again with no luck. The virus does a few things One it attempts to open my browser window to a variety of sites which Malwarebytes is often but not always successful in blocking. The IP addresses of these sites were at first 78.140.141.4 (dutch) and late 95.168.173.225 (german). The process that is being used for this is apparently rundll.exe. The more annoying this is that the virus disabled Windows Defender and Windows Security Center immediately and won't allow me to turn them back on, even from Services. I am running Windows 7. Below is the DDS file requested. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Nir at 13:35:20 on 2011-08-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1776 [GMT 3:00] . AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\SysWOW64\brsvc01a.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\SysWOW64\brss01a.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Windows\system32\Dwm.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Users\Nir\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Nir\Downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://asus.msn.com mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] "C:\Users\Nir\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-9IA92.exe" /REG /REGSVRMODE StartupFolder: C:\Users\Nir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nir\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Nir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL TCP: DhcpNameServer = 193.140.192.20 193.140.192.50 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620} : DhcpNameServer = 193.140.192.20 193.140.192.50 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\1697C696E637 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\3416666656E45627F67416C61647163716271697 : NameServer = 208.67.222.222 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\3416666656E45627F67416C61647163716271697 : DhcpNameServer = 212.58.4.2 212.58.3.2 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\4545E454450275966496 : DhcpNameServer = 192.168.24.10 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\944555D2E4544502D4963716669627 : NameServer = 208.67.222.222 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\944555D2E4544502D4963716669627 : DhcpNameServer = 160.75.2.20 160.75.100.20 TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\D65686D65647 : DhcpNameServer = 192.168.2.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun-x64: [setwallpaper] c:\programdata\SetWallpaper.cmd mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-9IA92.exe" /REG /REGSVRMODE IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\ FF - prefs.js: browser.startup.homepage - www.radikal.com.tr FF - prefs.js: network.proxy.type - 2 FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll FF - component: C:\Users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\extensions\ilaff@rvk.net.ru\components\InputLanguageAssistant.dll FF - component: C:\Users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Nir\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Users\Nir\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll FF - plugin: C:\Users\Nir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Nir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200] R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-1-9 14904] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-30 42184] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200] R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-5-23 1543192] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R4 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-29 366640] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-9 533344] S3 ICDUSB3;ICDUSB3;C:\Windows\system32\Drivers\ICDUSB3.sys --> C:\Windows\system32\Drivers\ICDUSB3.sys [?] S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?] S3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys --> C:\Windows\system32\DRIVERS\sdcfilter.sys [?] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?] . =============== Created Last 30 ================ . 2011-08-01 10:00:32 709968 ----a-w- C:\Windows\is-9IA92.exe 2011-08-01 09:11:41 -------- d-----w- C:\Program Files (x86)\ESET 2011-07-30 13:04:16 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems 2011-07-30 13:04:08 37400 ----a-w- C:\Windows\System32\SophosBootTasks.exe 2011-07-30 06:04:51 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2011-07-30 06:04:51 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-07-30 06:04:22 40112 ----a-w- C:\Windows\avastSS.scr 2011-07-30 06:04:10 -------- d-----w- C:\ProgramData\AVAST Software 2011-07-30 06:04:10 -------- d-----w- C:\Program Files\AVAST Software 2011-07-29 10:24:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-07-29 10:21:52 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9A358B4-0E13-4F67-8955-EAC31BA85839}\mpengine.dll 2011-07-29 09:49:49 -------- d-----w- C:\sh4ldr 2011-07-29 09:49:49 -------- d-----w- C:\Program Files\Enigma Software Group 2011-07-29 09:49:02 -------- d-----w- C:\Windows\8AE3EC14EAF84064958AC340C66EDD44.TMP 2011-07-29 09:48:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2011-07-29 09:26:09 8578896 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2011-07-29 09:19:29 -------- d-----w- C:\VundoFix Backups 2011-07-29 07:49:49 388096 ----a-r- C:\Users\Nir\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-29 07:49:49 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-07-29 07:23:20 -------- d-----w- C:\Users\Nir\AppData\Roaming\Malwarebytes 2011-07-29 07:22:55 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-29 07:22:54 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-29 07:22:51 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-29 07:22:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-07-28 18:14:02 -------- d-----w- C:\ProgramData\A-PDF 2011-07-28 18:13:39 63488 --sha-r- C:\Windows\SysWow64\C_100025.dll 2011-07-27 13:47:48 -------- d-----w- C:\Program Files\iPod 2011-07-27 13:47:47 -------- d-----w- C:\Program Files\iTunes 2011-07-27 13:44:02 -------- d-----w- C:\Program Files\Bonjour 2011-07-27 13:44:02 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-07-14 13:16:59 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-14 13:16:59 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-07-14 13:16:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-14 13:16:59 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-14 13:16:59 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-14 13:16:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-14 13:16:58 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-14 13:16:58 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-14 13:16:58 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-14 13:16:58 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-14 13:16:56 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-11 11:59:29 -------- d-----w- C:\Users\Nir\AppData\Local\WinZip . ==================== Find3M ==================== . 2011-06-24 09:13:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-22 15:01:32 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-27 06:32:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2011-05-24 16:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-23 15:06:14 144160 ----a-w- C:\Windows\System32\drivers\savonaccess.sys 2011-05-23 15:05:13 26104 ----a-w- C:\Windows\System32\drivers\sdcfilter.sys 2011-05-23 14:58:00 183024 ----a-w- C:\Windows\System32\sdccoinstaller.dll 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe . ============= FINISH: 13:40:12.48 ===============
- August 1, 2011
- 6 replies

Sign In

nip

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by nip

Virus infection that won't go away

Virus infection that won't go away

Virus infection that won't go away

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information