rlsbsfmwb

PUP Malware

3 posts in this topic

I've cleared 100's of PUP infections with Malwarebytes but they keep coming back.  How can I remove the source??  I have the Attach.txt file but am unsure about posting it until it's requested.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502
Run by Ron at 14:27:26 on 2013-08-17
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\sminst\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\windows\SMINST\Components\scheduler\STService.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyServer = actsvr.comcastonline.com:8100
uProxyOverride = cdn;*.local
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce: [Launcher] C:\Windows\SMINST\Components\scheduler\Launcher.exe
dRun: [searchProtect] C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect\bin\cltmng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: LastPass - C:\Users\Ron\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Ron\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A7585895-01AB-4E75-A9C7-B0B015A1983D} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - LocalServer32 - <no file>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\qrx4dk3u.default-1373119724562\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-30 11:33; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-03 16:17; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-06 10:12; support@lastpass.com; C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\qrx4dk3u.default-1373119724562\extensions\support@lastpass.com
.
============= SERVICES / DRIVERS ===============
.
R? AntiLog32;AntiLog32
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? CompFilter64;UVCCompositeFilter
R? dfg;dfg
R? keycrypt;keycrypt
R? LVRS64;Logitech RightSound Filter Driver
R? LVUVC64;Logitech HD Webcam C615(UVC)
R? NWUSBCDFIL64;Novatel Wireless Installation CD
R? NWUSBPort2;Novatel Wireless USB Status2 Port Driver
R? PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver
R? PerfHost;Performance Counter DLL Host
R? SkypeUpdate;Skype Updater
R? USBAAPL64;Apple Mobile USB Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AERTFilters;Andrea RT Filters Service
S? AVP;Kaspersky Anti-Virus Service
S? DockLoginService;Dock Login Service
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klkbdflt;Kaspersky Lab KLKBDFLT
S? klmouflt;Kaspersky Lab KLMOUFLT
S? kltdi;kltdi
S? kneps;kneps
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? PMBDeviceInfoProvider;PMBDeviceInfoProvider
S? PxHlpa64;PxHlpa64
S? QBVSS;QBIDPService
S? RapportCerberus_53984;RapportCerberus_53984
S? RapportEI64;RapportEI64
S? RapportKE64;RapportKE64
S? RapportMgmtService;Rapport Management Service
S? RapportPG64;RapportPG64
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? RtNdPt60;Realtek NDIS Protocol Driver
S? SftService;SoftThinks Agent Service
S? Skype C2C Service;Skype C2C Service
S? UMVPFSrv;UMVPFSrv
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-08-16 13:57:29    78161360    ----a-w-    C:\Windows\System32\mrt.exe
2013-08-06 02:52:32    236688    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-07-25 03:54:29    17830400    ----a-w-    C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-25 03:29:41    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21    237056    ----a-w-    C:\Windows\System32\url.dll
2013-07-25 03:29:06    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-07-25 03:28:24    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-07-25 02:40:07    12334080    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-17 19:41:34    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-13 13:13:21    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 13:13:21    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-10 09:47:49    677888    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55    1303552    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30    1585256    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30    1168088    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57    4691904    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55    98304    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55    133120    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54    992768    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33    43008    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39    234496    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-08 04:15:25    218624    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34    174592    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34    132096    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34    1276416    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04    26112    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02    2560    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-05 03:58:11    1417664    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-05 02:15:19    40448    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2013-07-01 20:05:22    260    ----a-w-    C:\Windows\SysWow64\cmdVBS.vbs
2013-07-01 20:05:22    256    ----a-w-    C:\Windows\SysWow64\MSIevent.bat
2013-06-30 15:30:03    201872    ----a-w-    C:\Windows\SysWow64\rmoc3260.dll
2013-06-30 15:28:57    6656    ----a-w-    C:\Windows\SysWow64\pndx5016.dll
2013-06-30 15:28:57    5632    ----a-w-    C:\Windows\SysWow64\pndx5032.dll
2013-06-30 15:28:48    272896    ----a-w-    C:\Windows\SysWow64\pncrt.dll
2013-06-30 15:28:31    499712    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-06-30 15:28:31    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-06-19 13:00:12    54368    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2013-06-19 12:35:14    23552    ----a-w-    C:\Windows\SysWow64\drivers\dfg.sys
2013-06-15 13:27:51    20480    ----a-w-    C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39    29184    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-04 02:03:07    2775040    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-01 04:19:22    619008    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 04:06:08    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2012-06-20 19:47:26    14640712    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 14:29:04.27 ===============
 

Share this post


Link to post
Share on other sites

Hello rlsbsfmwb and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please post the content of Attach.txt .

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.