rlsbsfmwb Posted August 17, 2013 ID:716498 Share Posted August 17, 2013 I've cleared 100's of PUP infections with Malwarebytes but they keep coming back. How can I remove the source?? I have the Attach.txt file but am unsure about posting it until it's requested. DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16502Run by Ron at 14:27:26 on 2013-08-17.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\AERTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Windows\sminst\sftservice.EXEC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Windows\system32\taskeng.exeC:\windows\SMINST\Components\scheduler\STService.exeC:\Windows\RAVCpl64.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\real\realplayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\mobsync.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNuProxyServer = actsvr.comcastonline.com:8100uProxyOverride = cdn;*.localuURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dllmWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dllBHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dllBHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllBHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllBHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthiddenmRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupmRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRunOnce: [Launcher] C:\Windows\SMINST\Components\scheduler\Launcher.exedRun: [searchProtect] C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: LastPass - C:\Users\Ron\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - C:\Users\Ron\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{A7585895-01AB-4E75-A9C7-B0B015A1983D} : DHCPNameServer = 192.168.1.1Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dllx64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllx64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dllx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dllx64-Run: [RtHDVCpl] RAVCpl64.exex64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logonx64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - LocalServer32 - <no file>x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\qrx4dk3u.default-1373119724562\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLLFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-06-30 11:33; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF - ExtSQL: 2013-07-03 16:17; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF - ExtSQL: 2013-07-06 10:12; support@lastpass.com; C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\qrx4dk3u.default-1373119724562\extensions\support@lastpass.com.============= SERVICES / DRIVERS ===============.R? AntiLog32;AntiLog32R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64R? CompFilter64;UVCCompositeFilterR? dfg;dfgR? keycrypt;keycryptR? LVRS64;Logitech RightSound Filter DriverR? LVUVC64;Logitech HD Webcam C615(UVC)R? NWUSBCDFIL64;Novatel Wireless Installation CDR? NWUSBPort2;Novatel Wireless USB Status2 Port DriverR? PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper DriverR? PerfHost;Performance Counter DLL HostR? SkypeUpdate;Skype UpdaterR? USBAAPL64;Apple Mobile USB DriverR? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0S? AERTFilters;Andrea RT Filters ServiceS? AVP;Kaspersky Anti-Virus ServiceS? DockLoginService;Dock Login ServiceS? FontCache;Windows Font Cache ServiceS? IntcHdmiAddService;Intel® High Definition Audio HDMIS? KLIM6;Kaspersky Anti-Virus NDIS 6 FilterS? klkbdflt;Kaspersky Lab KLKBDFLTS? klmouflt;Kaspersky Lab KLMOUFLTS? kltdi;kltdiS? kneps;knepsS? MBAMProtector;MBAMProtectorS? MBAMScheduler;MBAMSchedulerS? MBAMService;MBAMServiceS? PMBDeviceInfoProvider;PMBDeviceInfoProviderS? PxHlpa64;PxHlpa64S? QBVSS;QBIDPServiceS? RapportCerberus_53984;RapportCerberus_53984S? RapportEI64;RapportEI64S? RapportKE64;RapportKE64S? RapportMgmtService;Rapport Management ServiceS? RapportPG64;RapportPG64S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver ServiceS? RtNdPt60;Realtek NDIS Protocol DriverS? SftService;SoftThinks Agent ServiceS? Skype C2C Service;Skype C2C ServiceS? UMVPFSrv;UMVPFSrv.=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-08-16 13:57:29 78161360 ----a-w- C:\Windows\System32\mrt.exe2013-08-06 02:52:32 236688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-13 13:13:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-13 13:13:21 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe2013-07-05 03:58:11 1417664 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-05 02:15:19 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys2013-07-01 20:05:22 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs2013-07-01 20:05:22 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat2013-06-30 15:30:03 201872 ----a-w- C:\Windows\SysWow64\rmoc3260.dll2013-06-30 15:28:57 6656 ----a-w- C:\Windows\SysWow64\pndx5016.dll2013-06-30 15:28:57 5632 ----a-w- C:\Windows\SysWow64\pndx5032.dll2013-06-30 15:28:48 272896 ----a-w- C:\Windows\SysWow64\pncrt.dll2013-06-30 15:28:31 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-06-30 15:28:31 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-06-19 13:00:12 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys2013-06-19 12:35:14 23552 ----a-w- C:\Windows\SysWow64\drivers\dfg.sys2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-06-04 02:03:07 2775040 ----a-w- C:\Windows\System32\win32k.sys2013-06-01 04:19:22 619008 ----a-w- C:\Windows\System32\qedit.dll2013-06-01 04:06:08 505344 ----a-w- C:\Windows\SysWow64\qedit.dll2012-06-20 19:47:26 14640712 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe.============= FINISH: 14:29:04.27 =============== Link to post Share on other sites More sharing options...
Maniac Posted August 17, 2013 ID:716563 Share Posted August 17, 2013 Hello rlsbsfmwb and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please post the content of Attach.txt . Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 22, 2013 Root Admin ID:718635 Share Posted August 22, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts