Author Topic: Virus that blocks internet access to some websites (Read 204685 times)

gvlfm78 · « **on:** April 15, 2013, 08:07:49 AM »

I have a virus (or malware?) infection on my computer. I know the file that started all of this, it was a file I downloaded from the internet. Basically what this virus does is it blocks access to some internet websites (stuff like google, gmail, youtube, yahoo, bing and other known websites). When I try to go on these websites it says "You have been discovered using pirated software. Your IP: (My IP Here) Click the unlock button to unlock your computer." If you click the unlock button it asks you to do a survey.

This happens on all browsers, I even tried on the Steam browser (which I already had installed). I realised it was a virus because on Mozilla Firefox it asks me to disable AdBlockPlus)

By the way, I never downloaded pirated software before, the thing I was trying to download was meant to be a crack to a game for my friend but it turned out to be a virus. I can probably give you the link to the site where I downloaded it from, it should still be in the internet history.

Specs:
Windows 7 Ultimate 64bit
Avast! Free Antivirus 8

gvlfm78 · « **Reply #1 on:** April 15, 2013, 09:58:52 AM »

Here's the link where I downloaded the program from: hxxp://minecraftgen.us.mn/?v=10
Also I've discovered Gmail isn't blocked, nor this site is

gvlfm78 · « **Reply #2 on:** April 15, 2013, 11:24:43 AM »

It redirects me to: hxxp://www.youtube.com/redirect?session_token=sMSTn7Rk1uMI0Uz9Fm4dZCDwMWcJtLgMnZtyW9ILtjjj1GiwTaxGA00b

gvlfm78 · « **Reply #3 on:** April 15, 2013, 12:02:28 PM »

Here are the logs:

AdwCleaner:

# AdwCleaner v2.200 - Logfile creato il 15/04/2013 alle 19:56:17
# Aggiornamento 02/04/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Utente : CIRO - CIRO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\CIRO\Desktop\adwcleaner.exe
# Opzioni [Elimina]

***** [Servizi] *****

***** [File / Cartelle] *****

Cartella Eliminato : C:\ProgramData\InstallMate
Cartella Eliminato : C:\ProgramData\SoftSafe

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\SProtector
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Chiave Eliminata : HKLM\Software\SProtector
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Valore Eliminata : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Browser Internet] *****

-\\ Internet Explorer v10.0.9200.16537

Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=625&src=ie1&r=2013/03/09&hid=1876464388&lg=EN&cc=IT --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (it)

File : C:\Users\CIRO\AppData\Roaming\Mozilla\Firefox\Profiles\v32npkuf.default\prefs.js

Eliminata : user_pref("aol_toolbar.default.homepage.check", false);
Eliminata : user_pref("aol_toolbar.default.search.check", false);
Eliminata : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=625&src=ff2&r=2013/03/09&[...]
Eliminata : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Eliminata : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Eliminata : user_pref("sweetim.toolbar.previous.browser.search .defaultenginename", "");
Eliminata : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "");
Eliminata : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
Eliminata : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.google.com/search?&q=");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_DS", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_HP", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\CIRO\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [2560 octets] - [15/04/2013 19:56:17]

########## EOF - C:\AdwCleaner[S1].txt - [2620 octets] ##########

Malwarebyte's Anti Malware

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
CIRO :: CIRO-PC [administrator]

Protection: Enabled

15/04/2013 18:36:54
mbam-log-2013-04-15 (18-36-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 452980
Time elapsed: 1 hour(s), 7 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa_dll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2
Run by CIRO at 20:08:11 on 2013-04-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.8191.6107 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Guida per l'accesso all'account Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Aggiungi a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{097E228D-B98D-4F92-8A6F-DD808C836028} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{097E228D-B98D-4F92-8A6F-DD808C836028}\64143545755424D213D2030313448324532353636403 : DHCPNameServer = 62.101.93.101 83.103.25.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 91.216.163.105 linkz.it
Hosts: 91.216.163.105 www.linkz.it
Hosts: 91.216.163.105 facebook.com
Hosts: 91.216.163.105 www.facebook.com
Hosts: 91.216.163.105 wikipedia.org
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CIRO\AppData\Roaming\Mozilla\Firefox\Profiles\v32npkuf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\CIRO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-21 21:15; {c36177c0-224a-11da-8cd6-0800200c9a91}; C:\Users\CIRO\AppData\Roaming\Mozilla\Firefox\Profiles\v32npkuf.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF - ExtSQL: 2013-03-21 22:20; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; C:\Users\CIRO\AppData\Roaming\Mozilla\Firefox\Profiles\v32npkuf.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
FF - ExtSQL: 2013-03-24 12:26; [email protected]; C:\Users\CIRO\AppData\Roaming\Mozilla\Firefox\Profiles\v32npkuf.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-6 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-6 178624]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-24 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-24 377920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-11 239616]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-24 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-15 45248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-15 701512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-10 95760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-15 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-1-24 787968]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-3-3 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-26 57856]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-24 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-15 17:14:00   --------   d-----w-   C:\Users\CIRO\AppData\Roaming\Unity
2013-04-15 16:33:41   --------   d-----w-   C:\Users\CIRO\AppData\Roaming\Malwarebytes
2013-04-15 16:33:33   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-04-15 16:33:32   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-04-15 16:33:32   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-14 12:29:03   --------   d-----w-   C:\Users\CIRO\AppData\Local\ElevatedDiagnostics
2013-04-12 18:46:10   --------   d-----w-   C:\Program Files (x86)\In Verbis Virtus
2013-04-12 09:44:08   9311288   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43A71912-6B80-400F-80A0-187D77C0409D}\mpengine.dll
2013-04-11 19:19:57   --------   d-----w-   C:\Users\CIRO\AppData\Local\webkit
2013-04-11 14:37:50   --------   d-----w-   C:\Users\CIRO\AppData\Roaming\Need for Speed World
2013-04-11 14:05:02   --------   d-----w-   C:\Users\CIRO\AppData\Local\Electronic_Arts_Inc
2013-04-10 19:14:41   --------   d-----w-   C:\ProgramData\OUTLAWS
2013-04-10 19:14:28   --------   d-----w-   C:\Program Files (x86)\Microsoft XNA
2013-04-10 19:12:52   --------   d-----w-   C:\Program Files (x86)\Terraria
2013-04-10 17:29:38   3153408   ----a-w-   C:\Windows\System32\win32k.sys
2013-04-10 17:29:35   1655656   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2013-04-10 17:26:12   223752   ----a-w-   C:\Windows\System32\drivers\fvevol.sys
2013-04-10 17:26:06   5550424   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-04-10 17:26:04   3913560   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 17:26:03   3968856   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 17:26:02   112640   ----a-w-   C:\Windows\System32\smss.exe
2013-04-10 17:26:01   6656   ----a-w-   C:\Windows\SysWow64\apisetschema.dll
2013-04-10 17:26:01   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2013-04-10 10:04:42   --------   d-----w-   C:\Users\CIRO\AppData\Local\ATI
2013-04-10 09:27:42   0   ----a-w-   C:\Windows\ativpsrm.bin
2013-04-10 09:26:10   --------   d-----w-   C:\Program Files (x86)\AMD APP
2013-04-10 09:25:11   95760   ----a-w-   C:\Windows\System32\drivers\AtihdW76.sys
2013-04-10 09:24:59   70144   ----a-w-   C:\Windows\System32\coinst_8.98.dll
2013-04-10 09:24:58   442368   ----a-w-   C:\Windows\System32\ATIDEMGX.dll
2013-04-10 09:24:00   --------   d-----w-   C:\Program Files\ATI
2013-04-10 09:23:52   --------   d-----w-   C:\Program Files (x86)\ATI Technologies
2013-04-10 09:22:54   --------   d-----w-   C:\Program Files\ATI Technologies
2013-04-09 21:07:08   3166720   ----a-w-   C:\Windows\SysWow64\DxtoryCodec.dll
2013-04-09 20:32:58   672256   ----a-w-   C:\Windows\SysWow64\PackBitCodec.dll
2013-04-09 20:32:58   1174979   ----a-w-   C:\Windows\unins000.exe
2013-04-09 20:26:30   --------   d-----w-   C:\Users\CIRO\AppData\Local\Dxtory Software
2013-04-09 20:26:26   3673600   ----a-w-   C:\Windows\System32\DxtoryCodec64.dll
2013-04-09 20:26:23   --------   d-----w-   C:\Program Files (x86)\Dxtory Software
2013-04-07 18:58:28   --------   d-----w-   C:\Users\CIRO\.minecraft
2013-04-07 17:25:59   --------   d-----w-   C:\Users\CIRO\AppData\Local\Turbine
2013-04-07 17:25:56   --------   d-----w-   C:\Users\CIRO\AppData\Local\ApplicationHistory
2013-04-07 13:42:54   --------   d-----w-   C:\Users\CIRO\AppData\Roaming\.technic
2013-04-07 12:48:00   --------   d-----w-   C:\Users\CIRO\AppData\Roaming\.techniclauncher
2013-03-27 19:14:57   --------   d-----w-   C:\Users\CIRO\AppData\Local\fontconfig
2013-03-27 19:14:56   --------   d-----w-   C:\Users\CIRO\AppData\Local\gegl-0.2
2013-03-27 19:14:56   --------   d-----w-   C:\Users\CIRO\.gimp-2.8
2013-03-27 19:13:19   --------   d-----w-   C:\Program Files\GIMP 2
2013-03-24 19:20:31   --------   d-----w-   C:\Windows\SysWow64\URTTEMP
2013-03-23 20:55:16   --------   d--h--w-   C:\Windows\msdownld.tmp
2013-03-23 20:55:15   --------   d-----w-   C:\Windows\SysWow64\directx
2013-03-23 20:54:51   466456   ----a-w-   C:\Windows\System32\wrap_oal.dll
2013-03-23 20:54:51   122904   ----a-w-   C:\Windows\System32\OpenAL32.dll
2013-03-23 20:54:51   --------   d-----w-   C:\Program Files (x86)\OpenAL
2013-03-23 20:54:50   444952   ----a-w-   C:\Windows\SysWow64\wrap_oal.dll
2013-03-23 20:54:50   109080   ----a-w-   C:\Windows\SysWow64\OpenAL32.dll
2013-03-22 19:11:37   --------   d-----w-   C:\Windows\en
2013-03-22 19:11:05   --------   d-----w-   C:\Windows\it
2013-03-22 19:09:58   --------   d-----w-   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-03-22 19:03:09   89944   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\e23f34581ce272f04\DSETUP.dll
2013-03-22 19:03:09   537432   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\e23f34581ce272f04\DXSETUP.exe
2013-03-22 19:03:09   1801048   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\e23f34581ce272f04\dsetup32.dll
2013-03-22 19:02:59   89944   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\de18fabb1ce272f02\DSETUP.dll
2013-03-22 19:02:59   537432   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\de18fabb1ce272f02\DXSETUP.exe
2013-03-22 19:02:59   1801048   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\de18fabb1ce272f02\dsetup32.dll
2013-03-22 19:02:57   94040   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\db8b68791ce272f01\DSETUP.dll
2013-03-22 19:02:57   525656   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\db8b68791ce272f01\DXSETUP.exe
2013-03-22 19:02:57   1691480   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\db8b68791ce272f01\dsetup32.dll
2013-03-21 20:34:53   --------   d-----w-   C:\Program Files (x86)\Microsoft Visual Studio 8
2013-03-20 17:32:50   --------   d-----w-   C:\Program Files\Avidemux 2.6
2013-03-19 19:49:37   --------   d-----w-   C:\Users\CIRO\AppData\Local\IsolatedStorage
2013-03-19 18:59:22   --------   d-----w-   C:\Users\CIRO\AppData\Roaming\BANDISOFT
2013-03-19 17:25:21   19968   ----a-w-   C:\Windows\System32\drivers\usb8023.sys
2013-03-17 13:55:24   --------   d-----w-   C:\Program Files (x86)\Aura
2013-03-16 22:02:52   --------   d-----w-   C:\Program Files (x86)\Skin Pack
2013-03-16 22:02:50   --------   d-----w-   C:\Windows\System32\MetroClock
2013-03-16 22:02:34   2755072   ----a-w-   C:\Windows\SysWow64\themeui.dll.tmp
2013-03-16 22:02:33   2755072   ----a-w-   C:\Windows\SysWow64\themeui.dll.backup
2013-03-16 22:02:33   245760   ----a-w-   C:\Windows\SysWow64\uxtheme.dll.tmp
2013-03-16 22:02:33   245760   ----a-w-   C:\Windows\SysWow64\uxtheme.dll.backup
2013-03-16 22:02:30   44544   ----a-w-   C:\Windows\System32\themeservice.dll.backup
2013-03-16 22:02:30   2851840   ----a-w-   C:\Windows\System32\themeui.dll.backup
2013-03-16 22:02:29   332288   ----a-w-   C:\Windows\System32\uxtheme.dll.backup
2013-03-16 19:22:41   --------   d-----w-   C:\Program Files (x86)\PoRTaL
.
==================== Find3M ====================
.
2013-04-14 07:55:51   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 07:55:51   691592   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-17 10:06:29   283032   ----a-w-   C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-17 10:06:29   283032   ----a-w-   C:\Windows\SysWow64\PnkBstrB.exe
2013-03-16 22:02:31   2851840   ----a-w-   C:\Windows\System32\themeui.dll
2013-03-16 22:02:30   44544   ----a-w-   C:\Windows\System32\themeservice.dll
2013-03-16 22:02:29   332288   ----a-w-   C:\Windows\System32\uxtheme.dll
2013-03-16 20:19:36   283032   ----a-w-   C:\Windows\SysWow64\PnkBstrB.ex0
2013-03-15 17:29:18   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 17:29:17   861088   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-03-15 17:29:17   782240   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-03-11 23:10:56   282744   ------w-   C:\Windows\System32\MpSigStub.exe
2013-03-07 17:11:30   108448   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-07 17:11:28   963488   ----a-w-   C:\Windows\System32\deployJava1.dll
2013-03-07 17:11:28   1085344   ----a-w-   C:\Windows\System32\npDeployJava1.dll
2013-03-06 23:33:21   70992   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21   65336   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 23:33:21   178624   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 23:33:21   1025808   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20   80816   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51   41664   ----a-w-   C:\Windows\avastSS.scr
2013-03-03 09:43:10   21712   ----a-w-   C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2013-02-21 10:30:16   1766912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07   2240512   ----a-w-   C:\Windows\System32\wininet.dll
2013-02-21 10:14:09   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-02-19 18:54:49   76888   ----a-w-   C:\Windows\SysWow64\PnkBstrA.exe
2013-02-19 12:01:03   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24   135168   ----a-w-   C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22   350208   ----a-w-   C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22   308736   ----a-w-   C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22   111104   ----a-w-   C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31   474112   ----a-w-   C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26   2176512   ----a-w-   C:\Windows\apppatch\AcGenral.dll
2013-01-29 18:01:39   3130440   ----a-w-   C:\Windows\SysWow64\pbsvc_blr.exe
2013-01-26 11:27:12   14848   ----a-w-   C:\Windows\System32\slwga.dll
2013-01-26 11:27:12   13824   ----a-w-   C:\Windows\SysWow64\slwga.dll
2013-01-26 11:27:11   419840   ----a-w-   C:\Windows\System32\systemcpl.dll
2013-01-26 11:27:11   1008640   ----a-w-   C:\Windows\System32\user32.dll
2013-01-26 11:27:10   833024   ----a-w-   C:\Windows\SysWow64\user32.dll
2013-01-26 10:49:25   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2013-01-26 10:49:24   175616   ----a-w-   C:\Windows\System32\msclmd.dll
.
============= FINISH: 20:08:48,59 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22/01/2013 16:56:41
System Uptime: 15/04/2013 19:57:25 (1 hours ago)
.
Motherboard: FOXCONN | | 2A8C
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 288,632 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1,8 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP111: 12/04/2013 17:37:44 - Removed Burnout(TM) Paradise The Ultimate Box
RP112: 12/04/2013 17:46:27 - Removed Microsoft Expression Encoder 4 Screen Capture Codec
RP113: 12/04/2013 20:48:00 - DirectX installato
.
==== Hosts File Hijack ======================
.
Hosts: 91.216.163.105 linkz.it
Hosts: 91.216.163.105 www.linkz.it
Hosts: 91.216.163.105 facebook.com
Hosts: 91.216.163.105 www.facebook.com
Hosts: 91.216.163.105 wikipedia.org
Hosts: 91.216.163.105 www.wikipedia.org
Hosts: 91.216.163.105 bing.com
Hosts: 91.216.163.105 www.bing.com
Hosts: 91.216.163.105 pinterest.com
Hosts: 91.216.163.105 www.pinterest.com
Hosts: 91.216.163.105 imdb.com
Hosts: 91.216.163.105 www.imdb.com
Hosts: 91.216.163.105 twitter.com
Hosts: 91.216.163.105 www.twitter.com
Hosts: 91.216.163.105 youtube.com
Hosts: 91.216.163.105 www.youtube.com
Hosts: 91.216.163.105 baidu.com
Hosts: 91.216.163.105 www.baidu.com
Hosts: 91.216.163.105 live.com
Hosts: 91.216.163.105 www.live.com
Hosts: 91.216.163.105 amazon.com
Hosts: 91.216.163.105 www.amazon.com
Hosts: 91.216.163.105 linkedin.com
Hosts: 91.216.163.105 www.linkedin.com
Hosts: 91.216.163.105 paypal.com
Hosts: 91.216.163.105 www.paypal.com
Hosts: 91.216.163.105 yahoo.com
Hosts: 91.216.163.105 www.yahoo.com
Hosts: 91.216.163.105 minecraft.com
Hosts: 91.216.163.105 www.minecraft.com
Hosts: 91.216.163.105 amazon.com
Hosts: 91.216.163.105 www.amazon.com
Hosts: 91.216.163.105 blogspot.com
Hosts: 91.216.163.105 www.blogspot.com
Hosts: 91.216.163.105 linkedin.com
Hosts: 91.216.163.105 www.linkedin.com
Hosts: 91.216.163.105 msn.com
Hosts: 91.216.163.105 www.msn.com
Hosts: 91.216.163.105 search.msn.com
Hosts: 91.216.163.105 www.search.msn.com
Hosts: 91.216.163.105 lycos.com
Hosts: 91.216.163.105 www.lycos.com
Hosts: 91.216.163.105 minecraftforum.net
Hosts: 91.216.163.105 www.minecraftforum.net
Hosts: 91.216.163.105 mojang.com
Hosts: 91.216.163.105 www.mojang.com
Hosts: 91.216.163.105 mediafire.com
Hosts: 91.216.163.105 www.mediafire.com
Hosts: 91.216.163.105 paypal.com
Hosts: 91.216.163.105 www.paypal.com
Hosts: 91.216.163.105 xvideos.com
Hosts: 91.216.163.105 www.xvideos.com
Hosts: 91.216.163.105 redtube.com
Hosts: 91.216.163.105 www.redtube.com
Hosts: 91.216.163.105 youporn.com
Hosts: 91.216.163.105 www.youporn.com
Hosts: 91.216.163.105 pornhub.com
Hosts: 91.216.163.105 www.pornhub.com
Hosts: 91.216.163.105 ebay.com
Hosts: 91.216.163.105 www.ebay.com
Hosts: 91.216.163.105 wordpress.com
Hosts: 91.216.163.105 www.wordpress.com
Hosts: 91.216.163.105 tumblr.com
Hosts: 91.216.163.105 www.tumblr.com
Hosts: 91.216.163.105 reddit.com
Hosts: 91.216.163.105 www.reddit.com
Hosts: 91.216.163.105 google.com
Hosts: 91.216.163.105 www.google.com
Hosts: 91.216.163.105 google.ae
Hosts: 91.216.163.105 www.google.ae
Hosts: 91.216.163.105 google.com.af
Hosts: 91.216.163.105 www.google.com.af
Hosts: 91.216.163.105 google.com.ag
Hosts: 91.216.163.105 www.google.com.ag
Hosts: 91.216.163.105 google.off.ai
Hosts: 91.216.163.105 www.google.off.ai
Hosts: 91.216.163.105 google.am
Hosts: 91.216.163.105 www.google.am
Hosts: 91.216.163.105 google.com.ar
Hosts: 91.216.163.105 www.google.com.ar
Hosts: 91.216.163.105 google.as
Hosts: 91.216.163.105 www.google.as
Hosts: 91.216.163.105 google.at
Hosts: 91.216.163.105 www.google.at
Hosts: 91.216.163.105 google.com.au
Hosts: 91.216.163.105 www.google.com.au
Hosts: 91.216.163.105 google.az
Hosts: 91.216.163.105 www.google.az
Hosts: 91.216.163.105 google.ba
Hosts: 91.216.163.105 www.google.ba
Hosts: 91.216.163.105 google.com.bd
Hosts: 91.216.163.105 www.google.com.bd
Hosts: 91.216.163.105 google.be
Hosts: 91.216.163.105 www.google.be
Hosts: 91.216.163.105 google.bg
Hosts: 91.216.163.105 www.google.bg
Hosts: 91.216.163.105 google.bi
Hosts: 91.216.163.105 www.google.bi
Hosts: 91.216.163.105 google.com.bo
Hosts: 91.216.163.105 www.google.com.bo
Hosts: 91.216.163.105 google.com.br
Hosts: 91.216.163.105 www.google.com.br
Hosts: 91.216.163.105 google.bs
Hosts: 91.216.163.105 www.google.bs
Hosts: 91.216.163.105 google.co.bw
Hosts: 91.216.163.105 www.google.co.bw
Hosts: 91.216.163.105 google.com.bz
Hosts: 91.216.163.105 www.google.com.bz
Hosts: 91.216.163.105 google.ca
Hosts: 91.216.163.105 www.google.ca
Hosts: 91.216.163.105 google.cd
Hosts: 91.216.163.105 www.google.cd
Hosts: 91.216.163.105 google.cg
Hosts: 91.216.163.105 www.google.cg
Hosts: 91.216.163.105 google.ch
Hosts: 91.216.163.105 www.google.ch
Hosts: 91.216.163.105 google.ci
Hosts: 91.216.163.105 www.google.ci
Hosts: 91.216.163.105 google.co.ck
Hosts: 91.216.163.105 www.google.co.ck
Hosts: 91.216.163.105 google.cl
Hosts: 91.216.163.105 www.google.cl
Hosts: 91.216.163.105 google.com.co
Hosts: 91.216.163.105 www.google.com.co
Hosts: 91.216.163.105 google.co.cr
Hosts: 91.216.163.105 www.google.co.cr
Hosts: 91.216.163.105 google.com.cu
Hosts: 91.216.163.105 www.google.com.cu
Hosts: 91.216.163.105 google.de
Hosts: 91.216.163.105 www.google.de
Hosts: 91.216.163.105 google.dj
Hosts: 91.216.163.105 www.google.dj
Hosts: 91.216.163.105 google.dk
Hosts: 91.216.163.105 www.google.dk
Hosts: 91.216.163.105 google.dm
Hosts: 91.216.163.105 www.google.dm
Hosts: 91.216.163.105 google.com.do
Hosts: 91.216.163.105 www.google.com.do
Hosts: 91.216.163.105 google.com.ec
Hosts: 91.216.163.105 www.google.com.ec
Hosts: 91.216.163.105 google.es
Hosts: 91.216.163.105 www.google.es
Hosts: 91.216.163.105 google.com.et
Hosts: 91.216.163.105 www.google.com.et
Hosts: 91.216.163.105 google.fi
Hosts: 91.216.163.105 www.google.fi
Hosts: 91.216.163.105 google.com.fj
Hosts: 91.216.163.105 www.google.com.fj
Hosts: 91.216.163.105 google.fm
Hosts: 91.216.163.105 www.google.fm
Hosts: 91.216.163.105 google.fr
Hosts: 91.216.163.105 www.google.fr
Hosts: 91.216.163.105 google.gg
Hosts: 91.216.163.105 www.google.gg
Hosts: 91.216.163.105 google.comgi
Hosts: 91.216.163.105 www.google.comgi
Hosts: 91.216.163.105 google.gl
Hosts: 91.216.163.105 www.google.gl
Hosts: 91.216.163.105 google.gm
Hosts: 91.216.163.105 www.google.gm
Hosts: 91.216.163.105 google.gr
Hosts: 91.216.163.105 www.google.gr
Hosts: 91.216.163.105 google.com.gt
Hosts: 91.216.163.105 www.google.com.gt
Hosts: 91.216.163.105 google.com.hk
Hosts: 91.216.163.105 www.google.com.hk
Hosts: 91.216.163.105 google.hn
Hosts: 91.216.163.105 www.google.hn
Hosts: 91.216.163.105 google.hr
Hosts: 91.216.163.105 www.google.hr
Hosts: 91.216.163.105 google.co.hu
Hosts: 91.216.163.105 www.google.co.hu
Hosts: 91.216.163.105 google.co.id
Hosts: 91.216.163.105 www.google.co.id
Hosts: 91.216.163.105 google.ie
Hosts: 91.216.163.105 www.google.ie
Hosts: 91.216.163.105 google.co.il
Hosts: 91.216.163.105 www.google.co.il
Hosts: 91.216.163.105 google.co.im
Hosts: 91.216.163.105 www.google.co.im
Hosts: 91.216.163.105 google.co.in
Hosts: 91.216.163.105 www.google.co.in
Hosts: 91.216.163.105 google.is
Hosts: 91.216.163.105 www.google.is
Hosts: 91.216.163.105 google.it
Hosts: 91.216.163.105 www.google.it
Hosts: 91.216.163.105 google.co.je
Hosts: 91.216.163.105 www.google.co.je
Hosts: 91.216.163.105 google.com.jm
Hosts: 91.216.163.105 www.google.com.jm
Hosts: 91.216.163.105 google.jo
Hosts: 91.216.163.105 www.google.jo
Hosts: 91.216.163.105 google.co.jp
Hosts: 91.216.163.105 www.google.co.jp
Hosts: 91.216.163.105 google.co.ke
Hosts: 91.216.163.105 www.google.co.ke
Hosts: 91.216.163.105 google.kg
Hosts: 91.216.163.105 www.google.kg
Hosts: 91.216.163.105 google.co.kr
Hosts: 91.216.163.105 www.google.co.kr
Hosts: 91.216.163.105 google.kz
Hosts: 91.216.163.105 www.google.kz
Hosts: 91.216.163.105 google.li
Hosts: 91.216.163.105 www.google.li
Hosts: 91.216.163.105 google.lk
Hosts: 91.216.163.105 www.google.lk
Hosts: 91.216.163.105 google.co.ls
Hosts: 91.216.163.105 www.google.co.ls
Hosts: 91.216.163.105 google.lt
Hosts: 91.216.163.105 www.google.lt
Hosts: 91.216.163.105 google.lu
Hosts: 91.216.163.105 www.google.lu
Hosts: 91.216.163.105 google.lv
Hosts: 91.216.163.105 www.google.lv
Hosts: 91.216.163.105 google.com.ly
Hosts: 91.216.163.105 www.google.com.ly
Hosts: 91.216.163.105 google.mn
Hosts: 91.216.163.105 www.google.mn
Hosts: 91.216.163.105 google.ms
Hosts: 91.216.163.105 www.google.ms
Hosts: 91.216.163.105 google.com.mt
Hosts: 91.216.163.105 www.google.com.mt
Hosts: 91.216.163.105 google.mu
Hosts: 91.216.163.105 www.google.mu
Hosts: 91.216.163.105 google.mw
Hosts: 91.216.163.105 www.google.mw
Hosts: 91.216.163.105 google.com.mx
Hosts: 91.216.163.105 www.google.com.mx
Hosts: 91.216.163.105 google.com.my
Hosts: 91.216.163.105 www.google.com.my
Hosts: 91.216.163.105 google.com.na
Hosts: 91.216.163.105 www.google.com.na
Hosts: 91.216.163.105 google.com.nf
Hosts: 91.216.163.105 www.google.com.nf
Hosts: 91.216.163.105 google.com.ni
Hosts: 91.216.163.105 www.google.com.ni
Hosts: 91.216.163.105 google.nl
Hosts: 91.216.163.105 www.google.nl
Hosts: 91.216.163.105 google.no
Hosts: 91.216.163.105 www.google.no
Hosts: 91.216.163.105 google.com.np
Hosts: 91.216.163.105 www.google.com.np
Hosts: 91.216.163.105 google.nr
Hosts: 91.216.163.105 www.google.nr
Hosts: 91.216.163.105 google.nu
Hosts: 91.216.163.105 www.google.nu
Hosts: 91.216.163.105 google.co.nz
Hosts: 91.216.163.105 www.google.co.nz
Hosts: 91.216.163.105 google.com.om
Hosts: 91.216.163.105 www.google.com.om
Hosts: 91.216.163.105 google.com.pa
Hosts: 91.216.163.105 www.google.com.pa
Hosts: 91.216.163.105 google.com.pe
Hosts: 91.216.163.105 www.google.com.pe
Hosts: 91.216.163.105 google.com.ph
Hosts: 91.216.163.105 www.google.com.ph
Hosts: 91.216.163.105 google.com.pk
Hosts: 91.216.163.105 www.google.com.pk
Hosts: 91.216.163.105 google.pl
Hosts: 91.216.163.105 www.google.pl
Hosts: 91.216.163.105 google.pn
Hosts: 91.216.163.105 www.google.pn
Hosts: 91.216.163.105 google.com.pr
Hosts: 91.216.163.105 www.google.com.pr
Hosts: 91.216.163.105 google.pt
Hosts: 91.216.163.105 www.google.pt
Hosts: 91.216.163.105 google.com.py
Hosts: 91.216.163.105 www.google.com.py
Hosts: 91.216.163.105 google.ro
Hosts: 91.216.163.105 www.google.ro
Hosts: 91.216.163.105 *Blocked Russian URL*
Hosts: 91.216.163.105 *Blocked Russian URL*
Hosts: 91.216.163.105 google.rw
Hosts: 91.216.163.105 www.google.rw
Hosts: 91.216.163.105 google.com.sa
Hosts: 91.216.163.105 www.google.com.sa
Hosts: 91.216.163.105 google.com.sb
Hosts: 91.216.163.105 www.google.com.sb
Hosts: 91.216.163.105 google.sc
Hosts: 91.216.163.105 www.google.sc
Hosts: 91.216.163.105 google.se
Hosts: 91.216.163.105 www.google.se
Hosts: 91.216.163.105 google.com.sg
Hosts: 91.216.163.105 www.google.com.sg
Hosts: 91.216.163.105 google.sh
Hosts: 91.216.163.105 www.google.sh
Hosts: 91.216.163.105 google.sk
Hosts: 91.216.163.105 www.google.sk
Hosts: 91.216.163.105 google.sn
Hosts: 91.216.163.105 www.google.sn
Hosts: 91.216.163.105 google.sm
Hosts: 91.216.163.105 www.google.sm
Hosts: 91.216.163.105 google.com.sv
Hosts: 91.216.163.105 www.google.com.sv
Hosts: 91.216.163.105 google.co.th
Hosts: 91.216.163.105 www.google.co.th
Hosts: 91.216.163.105 google.com.tj
Hosts: 91.216.163.105 www.google.com.tj
Hosts: 91.216.163.105 google.tm
Hosts: 91.216.163.105 www.google.tm
Hosts: 91.216.163.105 google.to
Hosts: 91.216.163.105 www.google.to
Hosts: 91.216.163.105 google.tp
Hosts: 91.216.163.105 www.google.tp
Hosts: 91.216.163.105 google.com.tr
Hosts: 91.216.163.105 www.google.com.tr
Hosts: 91.216.163.105 google.tt
Hosts: 91.216.163.105 www.google.tt
Hosts: 91.216.163.105 google.com.tw
Hosts: 91.216.163.105 www.google.com.tw
Hosts: 91.216.163.105 google.com.ua
Hosts: 91.216.163.105 www.google.com.ua
Hosts: 91.216.163.105 google.co.ug
Hosts: 91.216.163.105 www.google.co.ug
Hosts: 91.216.163.105 google.co.uk
Hosts: 91.216.163.105 www.google.co.uk
Hosts: 91.216.163.105 google.com.uy
Hosts: 91.216.163.105 www.google.com.uy
Hosts: 91.216.163.105 google.uz
Hosts: 91.216.163.105 www.google.uz
Hosts: 91.216.163.105 google.com.vc
Hosts: 91.216.163.105 www.google.com.vc
Hosts: 91.216.163.105 google.co.ve
Hosts: 91.216.163.105 www.google.co.ve
Hosts: 91.216.163.105 google.vg
Hosts: 91.216.163.105 www.google.vg
Hosts: 91.216.163.105 google.co.vi
Hosts: 91.216.163.105 www.google.co.vi
Hosts: 91.216.163.105 google.com.vn
Hosts: 91.216.163.105 www.google.com.vn
Hosts: 91.216.163.105 google.vu
Hosts: 91.216.163.105 www.google.vu
Hosts: 91.216.163.105 google.ws
Hosts: 91.216.163.105 www.google.ws
Hosts: 91.216.163.105 google.co.za
Hosts: 91.216.163.105 www.google.co.za
Hosts: 91.216.163.105 google.co.zm
Hosts: 91.216.163.105 www.google.co.zm
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - Italiano, Español, Nederlands, Português
Adobe After Effects CS6
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) - Italiano
AirMech
AMD APP SDK Runtime
AMD Catalyst Install Manager
Arctic Combat
µTorrent
Audacity 2.0.3
avast! Free Antivirus
Avidemux 2.6
Blacklight: Retribution
Camtasia Studio 8
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Italian
CCleaner
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
Dxtory version 2.0.120
Euro Truck Simulator 2
Fraps (remove only)
Free Studio version 2013
GIMP 2.8.4
Google Chrome
Google Update Helper
GTA: San Andreas RIP PT-BR by TemDono - #GTABrasil - BrasNET
HydraVision
In Verbis Virtus
Intel(R) Graphics Media Accelerator Driver
IZArc 4.1.7
Java 7 Update 17
Java 7 Update 17 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Italian) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Italian) 2010
Microsoft Office Groove MUI (Italian) 2010
Microsoft Office InfoPath MUI (Italian) 2010
Microsoft Office Language Pack 2010 - Italian/Italiano
Microsoft Office O MUI (Italian) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Italian) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Italian) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Italian) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Italian) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Italian) 2010
Microsoft Office ScreenTip Language 2010 - Italiano
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared 32-bit MUI (Italian) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Italian) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Italian) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Italian) 2010
Microsoft Office X MUI (Italian) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Movie Maker
Mozilla Firefox 20.0.1 (x86 it)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
Notepad++
NVIDIA PhysX
OpenAL
PackBit Codec version 1.0.0.1Beta
Photo Common
Photo Gallery
PunkBuster Services
Raccolta foto
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 6.3
Spiral Knights
Star Conflict
Steam
Team Fortress 2
Tenda Wireless LAN Card
Terraria v1.1.2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Designer 2010 (KB2553459) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 12.0 (64-bit)
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinDS PRO 2013.4.5
.
==== End Of File ===========================

SuperDave · « **Reply #4 on:** April 15, 2013, 04:14:00 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download HostsXpert

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program
**********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

gvlfm78 · « **Reply #5 on:** April 18, 2013, 11:56:59 PM »

The download for HostXpert doesn't work.

I already did a MBAM scan and posted the log.
I proceeded with Combofix. I restarted and everything. It seems to be working all fine now.
I will attach the Combofix log as soon as I get back home.
Thanks for your help.

SuperDave · « **Reply #6 on:** April 20, 2013, 11:38:43 AM »

Reset Hosts File:

* Go to Start > Run and type Notepad.exe then click OK
* Copy and Paste everything from the Code Box below into Notepad:

Code: [Select]

@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1  localhost>HOSTS
attrib +r +h +s hosts
popd
del %0

* Go to File > Save As
* Save File name as "Reset.bat" <-- Make sure to include the quotes.
* Change Save as Type to All Files and save the file to your Desktop.

On the desktop double click the Reset.bat to run the batch file. It will self-delete when completed.

soobin · « **Reply #7 on:** May 24, 2016, 12:05:29 AM »

Computer viruses are mostly spread by attachments in email messages or instant messages. Therefore, you should never open an email attachment unless you know who sent the message you are waiting for a letter or email. Viruses can disguise the picture as an attachment containing jokes, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in pirated software or in other files or programs that you can download.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by さち at 13:35:50 on 2014-03-23
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1041.18.3979.1947 [GMT 9:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\DptfPolicyConfigTDPService.exe
C:\Windows\system32\DptfPolicyCriticalService.exe
C:\Windows\system32\DptfPolicyLpmService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://9ch.sakura.ne.jp/web
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot Kizi
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Microsoft] C:\Users\さち\AppData\Local\Temp\Microsoft Total.exe
uRun: [Google Update] "C:\Users\さち\AppData\Local\Google\Update\GoogleUpdate.exe" /c
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
DPF: {255A2E53-D2E3-42DA-9C1D-36B289B8E18B} - hxxp://dl.app-netgame.dmm.com/launcher/DMMLauncherAx_32.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{80616EB0-588F-4C77-856A-5C9982C96D82} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{80616EB0-588F-4C77-856A-5C9982C96D82}\059697163716E6 : DHCPNameServer = 216.146.35.35 4.2.2.5
TCP: Interfaces\{80616EB0-588F-4C77-856A-5C9982C96D82}\07969716371627E613 : DHCPNameServer = 216.146.35.35 4.2.2.5
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-12-21 57904]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-3-1 32544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-2 283064]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-12-21 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-12-21 59440]
R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2014-3-1 83032]
R2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2014-3-1 100032]
R2 DptfPolicyCriticalService;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application;C:\Windows\System32\DptfPolicyCriticalService.exe [2014-3-1 84568]
R2 DptfPolicyLpmService;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2014-3-1 92864]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-12-21 1333424]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-21 175480]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\drivers\DptfDevDram.sys [2014-3-1 68072]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\drivers\DptfDevProc.sys [2014-3-1 120256]
R3 DptfManager;DptfManager;C:\Windows\System32\drivers\DptfManager.sys [2014-3-1 200808]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0071.sys [2014-3-23 28768]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-3-1 327240]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-14 707688]
R3 SEE;SoftEther Ethernet Layer Driver;C:\Windows\System32\drivers\see.sys [2014-3-23 38240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 IntcDAud;インテル(R) ディスプレイ用オーディオ;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-28 449496]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-2 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-13 31800]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-3-1 292968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-2 56832]
.
=============== Created Last 30 ================
.
2014-03-22 19:49:15   35352   ----a-w-   C:\Windows\System32\drivers\cnnctfy3.sys
2014-03-22 18:37:32   28768   ----a-w-   C:\Windows\System32\drivers\Neo_0071.sys
2014-03-22 18:37:20   38240   ----a-w-   C:\Windows\System32\drivers\see.sys
2014-03-22 18:36:45   135736   ----a-w-   C:\Windows\System32\vpncmd.exe
2014-03-22 18:36:29   --------   d-----w-   C:\Program Files\SoftEther VPN Client
2014-03-22 16:14:44   --------   d-----w-   C:\Users\さち\AppData\Roaming\Mozilla
2014-03-22 15:48:17   --------   d-----w-   C:\Users\さち\AppData\Roaming\Mirillis
2014-03-22 15:48:17   --------   d-----w-   C:\ProgramData\Mirillis
2014-03-22 15:48:10   652288   ----a-w-   C:\Windows\System32\ficvdec_x64.dll
2014-03-22 15:48:10   641024   ----a-w-   C:\Windows\SysWow64\ficvdec_x86.dll
2014-03-22 15:48:08   --------   d-----w-   C:\Users\さち\AppData\Local\Mirillis
2014-03-22 15:35:00   --------   d-----w-   C:\Users\さち\AppData\Roaming\dclogs
2014-03-21 16:42:13   10521840   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6646B44F-339F-4AC4-8545-2BCA0A15B96B}\mpengine.dll
2014-03-16 19:15:19   --------   d-----w-   C:\SandboxiePortable
2014-03-16 13:12:07   --------   d-----w-   C:\Users\さち\AppData\Roaming\Auslogics
2014-03-16 13:11:58   --------   d-----w-   C:\ProgramData\Auslogics
2014-03-16 13:11:53   --------   d-----w-   C:\Program Files (x86)\Auslogics
2014-03-16 07:19:35   --------   d-----w-   C:\Program Files\Sandboxie
2014-03-13 09:39:07   --------   d-----w-   C:\Users\さち\AppData\Local\VS Revo Group
2014-03-13 09:39:01   --------   d-----w-   C:\ProgramData\VS Revo Group
2014-03-13 09:39:00   31800   ----a-w-   C:\Windows\System32\drivers\revoflt.sys
2014-03-13 09:38:58   --------   d-----w-   C:\Program Files\VS Revo Group
2014-03-12 20:07:31   --------   d-----w-   C:\ProgramData\Electronic Arts
2014-03-12 19:10:33   624128   ----a-w-   C:\Windows\System32\qedit.dll
2014-03-12 19:10:32   509440   ----a-w-   C:\Windows\SysWow64\qedit.dll
2014-03-12 19:10:32   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-03-12 19:10:32   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 13:01:40   5132656   ----a-w-   C:\Windows\SysWow64\GameMon.des
2014-03-12 13:00:58   4682   ----a-w-   C:\Windows\SysWow64\npptNT2.sys
2014-03-12 13:00:56   5174   ----a-w-   C:\Windows\SysWow64\nppt9x.vxd
2014-03-12 13:00:28   --------   d-----w-   C:\Program Files\Common Files\INCA Shared
2014-03-12 10:09:52   --------   d-----w-   C:\Program Files (x86)\MagicISO
2014-03-11 22:18:39   --------   d-----w-   C:\Users\さち\AppData\Local\Unity
2014-03-11 11:55:38   53248   ----a-r-   C:\Users\さち\AppData\Roaming\Microsoft\Installer\{185D7718-51F8-4AAD-B65B-90D27058A1E0}\NewShortcut1_E6CA10ABEF704CE8BA49DA6AA9C8B235.exe
2014-03-11 11:55:38   53248   ----a-r-   C:\Users\さち\AppData\Roaming\Microsoft\Installer\{185D7718-51F8-4AAD-B65B-90D27058A1E0}\ARPPRODUCTICON.exe
2014-03-10 02:11:29   --------   d-----w-   C:\Windows\System32\appmgmt
2014-03-10 00:53:02   --------   d-----w-   C:\Users\さち\AppData\Local\Skype
2014-03-10 00:52:51   --------   d-----w-   C:\Users\さち\AppData\Roaming\Skype
2014-03-09 22:53:40   --------   d-sh--w-   C:\Users\さち\IntelGraphicsProfiles
2014-03-09 22:50:16   --------   d-----w-   C:\Program Files\Realtek
2014-03-05 22:41:09   --------   d-----w-   C:\Users\さち\AppData\Roaming\SEGA
2014-03-05 19:12:37   --------   d-----w-   C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-04 19:13:50   257624   ----a-w-   C:\Windows\System32\unrar64.dll
2014-03-04 19:13:50   218200   ----a-w-   C:\Windows\SysWow64\unrar.dll
2014-03-04 19:13:47   --------   d-----w-   C:\Program Files (x86)\K-Lite Codec Pack
2014-03-04 06:28:25   --------   d-----w-   C:\Users\さち\AppData\Roaming\uTorrent
2014-03-04 06:18:01   10521840   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-03 10:34:55   --------   d-----w-   C:\ProgramData\Package Cache
2014-03-03 10:34:27   --------   d-----w-   C:\Program Files (x86)\PCSX2 1.2.1
2014-03-03 05:01:53   --------   d-----w-   C:\Users\さち\AppData\Roaming\IDM
2014-03-03 05:01:53   --------   d-----w-   C:\Users\さち\AppData\Roaming\DMCache
2014-03-03 05:01:53   --------   d-----w-   C:\ProgramData\IDM
2014-03-03 05:01:49   --------   d-----w-   C:\Program Files (x86)\Internet Download Manager
2014-03-02 16:30:33   --------   d-----w-   C:\Users\さち\AppData\Local\Intel_Corporation
2014-03-02 12:36:53   --------   d-----w-   C:\Users\さち\AppData\Local\SKIDROW
2014-03-02 03:07:07   --------   d-----w-   C:\Users\さち\AppData\Local\Eushully
2014-03-01 19:46:39   --------   d-----w-   C:\Windows\pss
2014-03-01 19:45:25   --------   d-----w-   C:\Users\さち\AppData\Local\Programs
2014-03-01 19:43:47   --------   d-----w-   C:\Users\さち\AppData\Roaming\ESET
2014-03-01 19:43:47   --------   d-----w-   C:\Users\さち\AppData\Local\ESET
2014-03-01 19:39:42   --------   d-----w-   C:\Program Files\ESET
2014-03-01 19:05:01   283064   ----a-w-   C:\Windows\System32\drivers\dtsoftbus01.sys
2014-03-01 19:04:59   --------   d-----w-   C:\Users\さち\AppData\Roaming\DAEMON Tools Lite
2014-03-01 19:04:57   --------   d-----w-   C:\Program Files (x86)\DAEMON Tools Lite
2014-03-01 19:04:20   --------   d-----w-   C:\ProgramData\DAEMON Tools Lite
2014-03-01 17:01:14   --------   d-----w-   C:\Users\さち\AppData\Roaming\Nitroplus
2014-03-01 16:57:20   --------   d--h--w-   C:\Windows\msdownld.tmp
2014-03-01 16:57:15   --------   d-----w-   C:\Windows\SysWow64\directx
2014-03-01 16:45:27   --------   d-----w-   C:\Windows\ucharge
2014-03-01 16:45:27   --------   d-----w-   C:\ProgramData\paltiosoft
2014-03-01 16:45:27   --------   d-----w-   C:\Program Files (x86)\SoftDenchi
2014-03-01 16:36:37   749568   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-03-01 16:36:37   69715   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-03-01 16:36:37   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-03-01 16:36:37   32768   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-03-01 16:36:37   274432   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-03-01 16:36:37   180224   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-03-01 16:36:31   323716   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-03-01 16:36:31   192644   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-03-01 16:24:46   6574592   ----a-w-   C:\Windows\System32\mstscax.dll
2014-03-01 16:24:46   5694464   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2014-03-01 16:19:01   --------   d-----w-   C:\Users\さち\AppData\Local\Google
2014-03-01 16:18:41   --------   d-----w-   C:\Users\さち\AppData\Local\Deployment
2014-03-01 16:18:41   --------   d-----w-   C:\Users\さち\AppData\Local\Apps
2014-03-01 16:06:32   15360   ----a-w-   C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-03-01 16:06:31   19456   ----a-w-   C:\Windows\System32\drivers\rdpvideominiport.sys
2014-03-01 16:06:26   3174912   ----a-w-   C:\Windows\System32\rdpcorets.dll
2014-03-01 16:06:26   243200   ----a-w-   C:\Windows\System32\rdpudd.dll
2014-03-01 16:06:26   228864   ----a-w-   C:\Windows\System32\rdpendp_winip.dll
2014-03-01 16:06:26   192000   ----a-w-   C:\Windows\SysWow64\rdpendp_winip.dll
2014-03-01 16:04:37   792576   ----a-w-   C:\Windows\SysWow64\TSWorkspace.dll
2014-03-01 16:04:37   1030144   ----a-w-   C:\Windows\System32\TSWorkspace.dll
2014-03-01 16:04:35   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2014-03-01 16:04:35   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2014-03-01 16:03:30   --------   d-----w-   C:\Users\さち\AppData\Roaming\Macromedia
2014-03-01 16:02:22   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 16:02:22   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 16:01:35   --------   d-----w-   C:\Users\さち\AppData\Local\Adobe
2014-03-01 15:56:29   --------   d-----w-   C:\Users\さち\AppData\Roaming\WinRAR
2014-03-01 15:13:04   548864   ----a-w-   C:\Windows\System32\vbscript.dll
2014-03-01 15:13:04   454656   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-03-01 14:54:32   --------   d-----w-   C:\Windows\Migration
2014-03-01 14:05:07   3928064   ----a-w-   C:\Windows\System32\d2d1.dll
2014-03-01 14:05:07   3419136   ----a-w-   C:\Windows\SysWow64\d2d1.dll
2014-03-01 14:05:07   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2014-03-01 14:05:07   1987584   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2014-03-01 14:04:34   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2014-03-01 14:04:34   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2014-03-01 14:04:33   2871808   ----a-w-   C:\Windows\explorer.exe
2014-03-01 14:04:33   2616320   ----a-w-   C:\Windows\SysWow64\explorer.exe
2014-03-01 14:04:32   67072   ----a-w-   C:\Windows\splwow64.exe
2014-03-01 14:04:32   559104   ----a-w-   C:\Windows\System32\spoolsv.exe
2014-03-01 13:39:56   --------   d-----w-   C:\Users\さち\AppData\Roaming\Adobe
2014-03-01 13:29:50   167424   ----a-w-   C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-01 13:29:50   164864   ----a-w-   C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-01 13:29:50   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2014-03-01 13:29:49   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2014-03-01 12:52:25   497152   ----a-w-   C:\Windows\System32\drivers\afd.sys
2014-03-01 12:51:58   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2014-03-01 12:50:59   9216   ----a-w-   C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2014-03-01 12:43:08   859648   ----a-w-   C:\Windows\System32\IKEEXT.DLL
2014-03-01 12:43:08   830464   ----a-w-   C:\Windows\System32\nshwfp.dll
2014-03-01 12:43:08   656896   ----a-w-   C:\Windows\SysWow64\nshwfp.dll
2014-03-01 12:43:08   324096   ----a-w-   C:\Windows\System32\FWPUCLNT.DLL
2014-03-01 12:43:08   216576   ----a-w-   C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-01 12:41:54   461312   ----a-w-   C:\Windows\System32\scavengeui.dll
2014-03-01 12:01:16   --------   d-----w-   C:\Windows\System32\SPReview
2014-03-01 12:01:07   --------   d-----w-   C:\Windows\System32\EventProviders
2014-03-01 11:48:59   90112   ----a-w-   C:\Windows\System32\nci.dll
2014-03-01 11:47:06   529408   ----a-w-   C:\Windows\System32\wbemcomn.dll
2014-03-01 11:47:06   244736   ----a-w-   C:\Program Files\Windows Portable Devices\sqmapi.dll
2014-03-01 11:47:03   244736   ----a-w-   C:\Windows\System32\sqmapi.dll
2014-03-01 11:26:59   410496   ----a-w-   C:\Windows\System32\drivers\iaStorV.sys
2014-03-01 11:26:59   27008   ----a-w-   C:\Windows\System32\drivers\amdxata.sys
2014-03-01 11:26:59   2565632   ----a-w-   C:\Windows\System32\esent.dll
2014-03-01 11:26:59   189824   ----a-w-   C:\Windows\System32\drivers\storport.sys
2014-03-01 11:26:59   1699328   ----a-w-   C:\Windows\SysWow64\esent.dll
2014-03-01 11:26:59   166272   ----a-w-   C:\Windows\System32\drivers\nvstor.sys
2014-03-01 11:26:59   148352   ----a-w-   C:\Windows\System32\drivers\nvraid.sys
2014-03-01 11:26:59   107904   ----a-w-   C:\Windows\System32\drivers\amdsata.sys
2014-03-01 11:26:58   96768   ----a-w-   C:\Windows\System32\fsutil.exe
2014-03-01 11:26:58   74240   ----a-w-   C:\Windows\SysWow64\fsutil.exe
2014-03-01 11:19:31   80384   ----a-w-   C:\Windows\System32\drivers\BTHUSB.SYS
2014-03-01 11:19:31   552960   ----a-w-   C:\Windows\System32\drivers\bthport.sys
2014-03-01 11:19:31   229376   ----a-w-   C:\Windows\System32\fsquirt.exe
2014-03-01 08:50:24   --------   d-----w-   C:\Windows\System32\MRT
2014-03-01 08:46:48   --------   d-----w-   C:\Windows\SysWow64\Wat
2014-03-01 08:46:48   --------   d-----w-   C:\Windows\System32\Wat
2014-03-01 07:21:56   87040   ----a-w-   C:\Windows\System32\drivers\WUDFPf.sys
2014-03-01 07:21:56   84992   ----a-w-   C:\Windows\System32\WUDFSvc.dll
2014-03-01 07:21:56   744448   ----a-w-   C:\Windows\System32\WUDFx.dll
2014-03-01 07:21:56   45056   ----a-w-   C:\Windows\System32\WUDFCoinstaller.dll
2014-03-01 07:21:56   229888   ----a-w-   C:\Windows\System32\WUDFHost.exe
2014-03-01 07:21:56   198656   ----a-w-   C:\Windows\System32\drivers\WUDFRd.sys
2014-03-01 07:21:56   194048   ----a-w-   C:\Windows\System32\WUDFPlatform.dll
2014-03-01 07:17:55   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2014-03-01 07:17:55   5120   ----a-w-   C:\Windows\System32\wmi.dll
2014-03-01 07:17:55   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2014-03-01 07:09:59   55296   ----a-w-   C:\Windows\SysWow64\cero.rs
2014-03-01 07:09:59   55296   ----a-w-   C:\Windows\System32\cero.rs
2014-03-01 07:09:28   1395712   ----a-w-   C:\Windows\System32\mfc42.dll
2014-03-01 07:09:28   1359872   ----a-w-   C:\Windows\System32\mfc42u.dll
2014-03-01 07:09:27   1164288   ----a-w-   C:\Windows\SysWow64\mfc42u.dll
2014-03-01 07:09:27   1137664   ----a-w-   C:\Windows\SysWow64\mfc42.dll
2014-03-01 07:09:23   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2014-03-01 07:09:22   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2014-03-01 07:09:22   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2014-03-01 07:07:58   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2014-03-01 07:06:59   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2014-03-01 07:05:39   95744   ----a-w-   C:\Windows\System32\synceng.dll
2014-03-01 07:05:39   78336   ----a-w-   C:\Windows\SysWow64\synceng.dll
2014-03-01 06:57:45   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2014-03-01 06:57:45   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2014-03-01 06:57:45   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2014-03-01 06:57:43   956928   ----a-w-   C:\Windows\System32\localspl.dll
2014-03-01 06:57:43   39424   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2014-03-01 06:57:22   90624   ----a-w-   C:\Windows\System32\drivers\bowser.sys
2014-03-01 06:57:22   77312   ----a-w-   C:\Windows\System32\packager.dll
2014-03-01 06:57:22   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2014-03-01 06:45:23   --------   d-----w-   C:\Users\さち\AppData\Local\WindowsUpdate
2014-03-01 06:39:53   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2014-03-01 06:39:46   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2014-03-01 06:39:39   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2014-03-01 06:39:39   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2014-03-01 05:20:07   --------   d-----w-   C:\Program Files (x86)\Driver-Soft
2014-03-01 04:46:01   327240   ----a-w-   C:\Windows\System32\drivers\RtsUVStor.sys
2014-03-01 04:42:31   --------   d-----w-   C:\Program Files (x86)\Realtek
2014-03-01 04:41:05   --------   d-----w-   C:\Windows\SysWow64\sda
2014-03-01 04:41:04   292968   ----a-w-   C:\Windows\System32\drivers\RtsBaStor.sys
2014-03-01 04:38:55   2811904   ----a-w-   C:\Windows\System32\drivers\athrx.sys
2014-03-01 04:38:55   2811904   ------w-   C:\Windows\System32\athrx.sys
2014-03-01 04:38:55   --------   d-----w-   C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
2014-03-01 04:36:50   --------   d-----w-   C:\ProgramData\Qualcomm Atheros
2014-03-01 04:35:26   --------   d-----w-   C:\Windows\SysWow64\NV
2014-03-01 04:35:26   --------   d-----w-   C:\Windows\System32\NV
2014-03-01 04:34:29   --------   d-sh--w-   C:\Windows\Installer
2014-03-01 04:34:22   923936   ----a-w-   C:\Windows\System32\nvvsvc.exe
2014-03-01 04:34:22   6712608   ----a-w-   C:\Windows\System32\nvcpl.dll
2014-03-01 04:34:22   67072   ----a-w-   C:\Windows\System32\nv3dappshextr.dll
2014-03-01 04:34:22   63776   ----a-w-   C:\Windows\System32\nvshext.dll
2014-03-01 04:34:22   386336   ----a-w-   C:\Windows\System32\nvmctray.dll
2014-03-01 04:34:22   3573739   ----a-w-   C:\Windows\System32\nvcoproc.bin
2014-03-01 04:34:22   3498272   ----a-w-   C:\Windows\System32\nvsvc64.dll
2014-03-01 04:34:22   2559776   ----a-w-   C:\Windows\System32\nvsvcr.dll
2014-03-01 04:34:22   1075488   ----a-w-   C:\Windows\System32\nv3dappshext.dll
2014-03-01 04:32:41   --------   d-----w-   C:\Program Files\NVIDIA Corporation
2014-03-01 04:32:12   --------   d-----w-   C:\NVIDIA
2014-03-01 04:29:47   64000   ----a-w-   C:\Windows\System32\OpenCL.DLL
2014-03-01 04:29:47   60416   ----a-w-   C:\Windows\SysWow64\OpenCL.DLL
2014-03-01 04:29:36   --------   d-----w-   C:\Program Files (x86)\Common Files\Intel
2014-03-01 04:28:40   --------   d-----w-   C:\Intel
2014-02-28 16:38:28   --------   d-----r-   C:\Users\さち\Searches
2014-02-28 16:38:17   --------   d-----w-   C:\Users\さち\AppData\Roaming\Identities
2014-02-28 16:38:14   --------   d-----r-   C:\Users\さち\Contacts
2014-02-28 16:38:10   --------   d-----w-   C:\Users\さち\AppData\Local\VirtualStore
2014-02-28 16:31:45   --------   d-----w-   C:\Windows\Panther
2014-02-21 13:20:34   175480   ----a-w-   C:\Windows\System32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2014-03-01 13:10:33   9728   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 12:25:22   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2014-03-01 12:25:22   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2014-03-01 05:17:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33   5768704   ----a-w-   C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11   2041856   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15   4244480   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2014-03-01 03:00:08   1964032   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2014-01-29 02:32:18   484864   ----a-w-   C:\Windows\System32\wer.dll
2014-01-29 02:06:47   381440   ----a-w-   C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46   228864   ----a-w-   C:\Windows\System32\wwansvc.dll
2014-01-24 17:23:02   733184   ----a-w-   C:\Windows\System32\MetroIntelGenericUIFramework.dll
.
============= FINISH: 13:37:36.18 ===============

gvlfm78 · « **Reply #8 on:** May 24, 2016, 12:16:53 AM »

Why did you reply here

This thread is three years old and the issue was fixed ages ago

Computer Hope Forum

News:

Author Topic: Virus that blocks internet access to some websites (Read 204685 times)

gvlfm78

Virus that blocks internet access to some websites

gvlfm78

Re: Virus that blocks internet access to some websites

gvlfm78

Re: Virus that blocks internet access to some websites

gvlfm78

Re: Virus that blocks internet access to some websites

SuperDave

Re: Virus that blocks internet access to some websites

gvlfm78

Re: Virus that blocks internet access to some websites

SuperDave

Re: Virus that blocks internet access to some websites

soobin

Re: Virus that blocks internet access to some websites

gvlfm78

Re: Virus that blocks internet access to some websites