Jump to content

Virus infection that won't go away

nip

By nip
in Resolved Malware Removal Logs

 Share

Recommended Posts

nip

nip

Posted
Posted

I've been attempting to get rid of a virus/malware for the past few days that I got from a downloaded .exe program that I foolishly opened. When I opened the file, I had Sophos Anti-Virus running. Since then, I've installed Malwarebytes, and other programs to no avail. I've also run scans with Eset, Trend Micro, etc. I've uninstalled Sophos and put on Avast running a variety of scans, including boottime scans, again with no luck.

The virus does a few things

One it attempts to open my browser window to a variety of sites which Malwarebytes is often but not always successful in blocking. The IP addresses of these sites were at first 78.140.141.4 (dutch) and late 95.168.173.225 (german). The process that is being used for this is apparently rundll.exe. The more annoying this is that the virus disabled Windows Defender and Windows Security Center immediately and won't allow me to turn them back on, even from Services.

I am running Windows 7.

Below is the DDS file requested.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Nir at 13:35:20 on 2011-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1776 [GMT 3:00]

.

AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\SysWOW64\brsvc01a.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\SysWOW64\brss01a.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Users\Nir\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Users\Nir\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://asus.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Nir\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-9IA92.exe" /REG /REGSVRMODE

StartupFolder: C:\Users\Nir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nir\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Nir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 193.140.192.20 193.140.192.50

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620} : DhcpNameServer = 193.140.192.20 193.140.192.50

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\1697C696E637 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\3416666656E45627F67416C61647163716271697 : NameServer = 208.67.222.222

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\3416666656E45627F67416C61647163716271697 : DhcpNameServer = 212.58.4.2 212.58.3.2

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\4545E454450275966496 : DhcpNameServer = 192.168.24.10

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\944555D2E4544502D4963716669627 : NameServer = 208.67.222.222

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\944555D2E4544502D4963716669627 : DhcpNameServer = 160.75.2.20 160.75.100.20

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\D65686D65647 : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-9IA92.exe" /REG /REGSVRMODE

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\

FF - prefs.js: browser.startup.homepage - www.radikal.com.tr

FF - prefs.js: network.proxy.type - 2

FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll

FF - component: C:\Users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\extensions\ilaff@rvk.net.ru\components\InputLanguageAssistant.dll

FF - component: C:\Users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Nir\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\Nir\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll

FF - plugin: C:\Users\Nir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Nir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200]

R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-1-9 14904]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-30 42184]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200]

R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-5-23 1543192]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R4 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-29 366640]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-9 533344]

S3 ICDUSB3;ICDUSB3;C:\Windows\system32\Drivers\ICDUSB3.sys --> C:\Windows\system32\Drivers\ICDUSB3.sys [?]

S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]

S3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys --> C:\Windows\system32\DRIVERS\sdcfilter.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]

.

=============== Created Last 30 ================

.

2011-08-01 10:00:32 709968 ----a-w- C:\Windows\is-9IA92.exe

2011-08-01 09:11:41 -------- d-----w- C:\Program Files (x86)\ESET

2011-07-30 13:04:16 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems

2011-07-30 13:04:08 37400 ----a-w- C:\Windows\System32\SophosBootTasks.exe

2011-07-30 06:04:51 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-07-30 06:04:51 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-07-30 06:04:22 40112 ----a-w- C:\Windows\avastSS.scr

2011-07-30 06:04:10 -------- d-----w- C:\ProgramData\AVAST Software

2011-07-30 06:04:10 -------- d-----w- C:\Program Files\AVAST Software

2011-07-29 10:24:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-07-29 10:21:52 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E9A358B4-0E13-4F67-8955-EAC31BA85839}\mpengine.dll

2011-07-29 09:49:49 -------- d-----w- C:\sh4ldr

2011-07-29 09:49:49 -------- d-----w- C:\Program Files\Enigma Software Group

2011-07-29 09:49:02 -------- d-----w- C:\Windows\8AE3EC14EAF84064958AC340C66EDD44.TMP

2011-07-29 09:48:58 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-07-29 09:26:09 8578896 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2011-07-29 09:19:29 -------- d-----w- C:\VundoFix Backups

2011-07-29 07:49:49 388096 ----a-r- C:\Users\Nir\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-29 07:49:49 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-07-29 07:23:20 -------- d-----w- C:\Users\Nir\AppData\Roaming\Malwarebytes

2011-07-29 07:22:55 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-29 07:22:54 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-29 07:22:51 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-29 07:22:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-28 18:14:02 -------- d-----w- C:\ProgramData\A-PDF

2011-07-28 18:13:39 63488 --sha-r- C:\Windows\SysWow64\C_100025.dll

2011-07-27 13:47:48 -------- d-----w- C:\Program Files\iPod

2011-07-27 13:47:47 -------- d-----w- C:\Program Files\iTunes

2011-07-27 13:44:02 -------- d-----w- C:\Program Files\Bonjour

2011-07-27 13:44:02 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-07-14 13:16:59 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-14 13:16:59 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-07-14 13:16:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-14 13:16:59 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-14 13:16:59 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-14 13:16:58 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-14 13:16:58 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-14 13:16:58 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-14 13:16:58 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-14 13:16:58 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-14 13:16:56 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-11 11:59:29 -------- d-----w- C:\Users\Nir\AppData\Local\WinZip

.

==================== Find3M ====================

.

2011-06-24 09:13:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-22 15:01:32 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-27 06:32:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2011-05-24 16:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-23 15:06:14 144160 ----a-w- C:\Windows\System32\drivers\savonaccess.sys

2011-05-23 15:05:13 26104 ----a-w- C:\Windows\System32\drivers\sdcfilter.sys

2011-05-23 14:58:00 183024 ----a-w- C:\Windows\System32\sdccoinstaller.dll

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

.

============= FINISH: 13:40:12.48 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
nip

nip

Posted
  • Author
Posted

Many thanks for the help. Below are the logs. When I tried to run Combofix it said that Sophos Anti-Virus was still running although I had uninstalled it a few days ago. I ran combofix anyways and it removed some files, which seems to have stopped the IP address redirects, and allowed me to successfully remove Sophos by deleting all of its files. The MBAM log is the most recent (post-Combofix)

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7373

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/4/2011 11:18:04 AM

mbam-log-2011-08-04 (11-18-04).txt

Scan type: Quick scan

Objects scanned: 170357

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Combofix

ComboFix 11-08-03.03 - Nir 08/04/2011 8:23.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2727 [GMT 3:00]

Running from: c:\users\Nir\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Nir\Documents\~WRL0005.tmp

c:\users\Nir\Documents\~WRL0006.tmp

c:\users\Nir\Documents\~WRL0147.tmp

c:\users\Nir\Documents\~WRL3015.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))

.

.

2011-08-04 05:33 . 2011-08-04 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-30 13:04 . 2011-07-30 13:04 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems

2011-07-30 13:04 . 2011-05-23 14:59 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe

2011-07-30 06:04 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-30 06:04 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-30 06:04 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-30 06:04 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-30 06:04 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-30 06:04 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-30 06:04 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-07-30 06:04 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-07-30 06:04 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-07-30 06:04 . 2011-07-30 06:04 -------- d-----w- c:\programdata\AVAST Software

2011-07-30 06:04 . 2011-07-30 06:04 -------- d-----w- c:\program files\AVAST Software

2011-07-29 10:24 . 2011-07-30 13:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-29 10:21 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A358B4-0E13-4F67-8955-EAC31BA85839}\mpengine.dll

2011-07-29 09:49 . 2011-07-30 21:56 -------- d-----w- C:\sh4ldr

2011-07-29 09:49 . 2011-07-29 09:49 -------- d-----w- c:\program files\Enigma Software Group

2011-07-29 09:49 . 2011-07-30 21:56 -------- d-----w- c:\windows\8AE3EC14EAF84064958AC340C66EDD44.TMP

2011-07-29 09:48 . 2011-07-29 09:48 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-29 09:19 . 2011-07-29 09:19 -------- d-----w- C:\VundoFix Backups

2011-07-29 07:49 . 2011-07-29 07:49 388096 ----a-r- c:\users\Nir\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-29 07:49 . 2011-07-29 07:49 -------- d-----w- c:\program files (x86)\Trend Micro

2011-07-29 07:23 . 2011-07-29 07:23 -------- d-----w- c:\users\Nir\AppData\Roaming\Malwarebytes

2011-07-29 07:22 . 2011-07-06 16:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-29 07:22 . 2011-07-29 07:22 -------- d-----w- c:\programdata\Malwarebytes

2011-07-29 07:22 . 2011-08-01 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-29 07:22 . 2011-07-06 16:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 18:14 . 2011-07-28 18:14 -------- d-----w- c:\programdata\A-PDF

2011-07-28 18:13 . 2011-07-28 18:13 63488 --sha-r- c:\windows\SysWow64\C_100025.dll

2011-07-27 13:47 . 2011-07-27 13:47 -------- d-----w- c:\program files\iPod

2011-07-27 13:47 . 2011-07-27 13:48 -------- d-----w- c:\program files\iTunes

2011-07-27 13:44 . 2011-07-27 13:44 -------- d-----w- c:\program files\Bonjour

2011-07-27 13:44 . 2011-07-27 13:44 -------- d-----w- c:\program files (x86)\Bonjour

2011-07-27 13:23 . 2011-07-27 13:23 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-07-14 13:16 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-14 13:16 . 2011-06-03 06:57 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-14 13:16 . 2011-06-03 06:57 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-07-14 13:16 . 2011-06-03 06:53 338944 ----a-w- c:\windows\system32\conhost.exe

2011-07-14 13:16 . 2011-06-03 05:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-14 13:16 . 2011-06-03 06:57 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-14 13:16 . 2011-06-03 06:57 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-14 13:16 . 2011-06-03 06:00 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-14 13:16 . 2011-06-03 05:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-14 13:16 . 2011-06-03 03:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-14 13:16 . 2011-06-03 03:53 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-12 08:34 . 2011-07-12 08:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 08:34 . 2011-07-12 08:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 08:20 . 2011-07-12 08:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 08:20 . 2011-07-12 08:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-11 11:59 . 2011-07-11 11:59 -------- d-----w- c:\users\Nir\AppData\Local\WinZip

2011-07-08 20:47 . 2011-07-08 20:47 -------- d-----w- c:\users\Nir\AppData\Roaming\dvdcss

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-24 09:13 . 2011-06-24 09:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-22 15:01 . 2011-04-27 15:33 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2011-06-03 05:57 . 2011-07-14 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-27 06:33 . 2011-05-27 06:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-05-27 06:33 . 2011-05-27 06:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-27 06:33 . 2011-05-27 06:33 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-27 06:33 . 2011-05-27 06:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-27 06:33 . 2011-05-27 06:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-27 06:33 . 2011-05-27 06:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-27 06:33 . 2011-05-27 06:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-27 06:33 . 2011-05-27 06:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-27 06:33 . 2011-05-27 06:33 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-27 06:33 . 2011-05-27 06:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-27 06:33 . 2011-05-27 06:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-27 06:33 . 2011-05-27 06:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-27 06:33 . 2011-05-27 06:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-27 06:33 . 2011-05-27 06:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-27 06:33 . 2011-05-27 06:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-27 06:33 . 2011-05-27 06:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-27 06:33 . 2011-05-27 06:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-27 06:33 . 2011-05-27 06:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-27 06:33 . 2011-05-27 06:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-27 06:33 . 2011-05-27 06:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-27 06:33 . 2011-05-27 06:33 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-27 06:33 . 2011-05-27 06:33 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-27 06:32 . 2011-05-27 06:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-27 06:32 . 2011-05-27 06:32 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-27 06:32 . 2011-05-27 06:32 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-27 06:32 . 2011-05-27 06:32 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-27 06:32 . 2011-05-27 06:32 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-27 06:32 . 2011-05-27 06:32 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-27 06:32 . 2011-05-27 06:32 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-27 06:32 . 2011-05-27 06:32 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-27 06:32 . 2011-05-27 06:32 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-27 06:32 . 2011-05-27 06:32 448512 ----a-w- c:\windows\system32\html.iec

2011-05-27 06:32 . 2011-05-27 06:32 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-27 06:32 . 2011-05-27 06:32 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-27 06:32 . 2011-05-27 06:32 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-27 06:32 . 2011-05-27 06:32 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-27 06:32 . 2011-05-27 06:32 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-27 06:32 . 2011-05-27 06:32 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-24 16:14 . 2010-06-13 13:48 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 11:42 . 2011-06-29 22:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 22:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 22:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 22:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 22:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-23 15:06 . 2011-05-23 15:06 144160 ----a-w- c:\windows\system32\drivers\savonaccess.sys

2011-05-23 15:05 . 2011-05-23 15:05 26104 ----a-w- c:\windows\system32\drivers\sdcfilter.sys

2011-05-23 14:58 . 2011-05-23 14:57 183024 ----a-w- c:\windows\system32\sdccoinstaller.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-01-30 1219488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\users\Nir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Nir\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]

FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-9 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-9 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [x]

R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-06-22 52496]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-415731565-1628306373-2865189918-1000Core.job

- c:\users\Nir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-21 04:40]

.

2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-415731565-1628306373-2865189918-1000UA.job

- c:\users\Nir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-21 04:40]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Nir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-08 616832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\3416666656E45627F67416C61647163716271697: NameServer = 208.67.222.222

TCP: Interfaces\{0A4581BD-B2EB-427C-99C4-0F3432798620}\944555D2E4544502D4963716669627: NameServer = 208.67.222.222

FF - ProfilePath - c:\users\Nir\AppData\Roaming\Mozilla\Firefox\Profiles\vc4zzdc8.default\

FF - prefs.js: browser.startup.homepage - www.radikal.com.tr

FF - prefs.js: network.proxy.type - 2

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

SafeBoot-SAVService

Toolbar-Locked - (no file)

AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-04 08:38:57

ComboFix-quarantined-files.txt 2011-08-04 05:38

.

Pre-Run: 57,168,404,480 bytes free

Post-Run: 56,402,784,256 bytes free

.

- - End Of File - - 5AAE8507A068074F0D696F8B3C82E91D

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.