Jump to content

Recommended Posts

Hello there!

I believe I have got myself a virus that I have a hard time killing.

I have used Malwarebytes' Anti-Malware and removed the one thing it came up with. Restarting and scanning again = no malware. However, my PC is not clean.

Lately my PC has experienced the following:

My external USB soundcard bursting into immediate LOUD white noise (soundcard driver interference i'd think). Disconnecting and reconnecting makes it back to normal.

My MIDI-board not working with my music editor program.

Strange files like "ubxkrsz.exe" and other nonsense filenames showing up in my task-manager which could be located to a Windows folder. After killing the processes of the files, I have been able to delete the actual files.

After deleting about 10-15 of these during the last week, they stopped showing up in task-manager and my soundcard and MIDI-board went back to normal. However, every once in a while I still get the loud white noise. It seems to happen if PING.exe is running.

PING.exe is almost constantly active, using up lots of processor ressources. No matter how many times I kill the process, it comes back.

It is located in C:\Windows\SysWOW64\. I have scanned it with the tool VirusTotal and the file comes up clean.

I tried investigating PING.exe with Process Explorer (screenshot)

pingff.png

It often tries connecting to strange IP-adresses that I have located to Russia, Ukraine, USA and Canada.

conhost.exe seems to act strange from what I can tell with Process Explorer (screenshot)

conhost.png

I have used DDS and attached the "Attach.txt" in a .zip and the DDS as text.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Christian at 20:40:06 on 2011-11-23

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.4086.2239 [GMT 1:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

dRun: [AMService] C:\Windows\system32\setup.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 89.150.129.4 89.150.129.10

TCP: Interfaces\{2D2F62BA-4D6A-4835-B9ED-C5B71F968318} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{2D2F62BA-4D6A-4835-B9ED-C5B71F968318} : DhcpNameServer = 89.150.129.4 89.150.129.10

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\ruvwyi9f.default\

FF - prefs.js: browser.startup.homepage - google.dk

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-26 161080]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-16 366152]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-2 2214504]

R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-4-13 1636872]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys --> C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S4 AMService;AMService;C:\Windows\TEMP\cwiodu\setup.exe run --> C:\Windows\TEMP\cwiodu\setup.exe run [?]

.

=============== Created Last 30 ================

.

2011-11-23 19:18:05 -------- d-----w- C:\Users\Christian\AppData\Local\Logitech

2011-11-23 19:17:20 374792 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll

2011-11-23 19:17:20 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys

2011-11-23 19:17:20 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys

2011-11-23 19:17:20 157704 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSBW.dll

2011-11-23 19:17:17 -------- d-----w- C:\Program Files\Logitech Gaming Software

2011-11-23 18:38:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D512F18C-69A9-46F0-A302-B1B8793C9070}\offreg.dll

2011-11-22 14:34:21 -------- d-----w- C:\Users\Christian\AppData\Roaming\SUPERAntiSpyware.com

2011-11-22 14:34:10 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-11-22 14:34:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-11-22 14:27:20 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-11-22 14:11:13 -------- d-----w- C:\ProgramData\Comodo

2011-11-22 14:11:11 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-11-22 14:11:11 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2011-11-22 14:11:11 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2011-11-22 14:11:11 -------- d-----w- C:\Program Files\COMODO

2011-11-22 14:10:50 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-11-18 16:52:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-11-16 13:54:22 -------- d-----w- C:\Users\Christian\AppData\Roaming\Malwarebytes

2011-11-16 13:53:56 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-16 13:53:53 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-16 13:53:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-16 10:19:42 -------- d-----w- C:\Users\Christian\AppData\Roaming\Alubu

2011-11-14 18:09:54 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9I.DLL

2011-11-14 18:09:54 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9I.DLL

2011-11-14 18:09:40 279040 ----a-w- C:\Windows\System32\CNMLM9I.DLL

2011-11-14 18:09:37 92672 ----a-w- C:\Windows\System32\CNC190I.DLL

2011-11-14 18:09:37 236032 ----a-w- C:\Windows\System32\CNC190L.DLL

2011-11-14 18:09:37 229888 ----a-w- C:\Windows\System32\CNC190O.DLL

2011-11-14 18:09:37 1335296 ----a-w- C:\Windows\System32\CNC190C.DLL

2011-11-13 21:10:00 -------- d-----we C:\Windows\system64

2011-11-13 21:09:56 -------- d-----w- C:\Program Files (x86)\Your Product

2011-11-13 12:34:39 -------- d-----w- C:\Program Files (x86)\Steam

2011-11-13 12:15:52 -------- d-----w- C:\Users\Christian\AppData\Local\Skyrim

2011-11-13 12:13:19 -------- d-----w- C:\Spil

2011-11-13 11:22:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-11-12 18:19:44 -------- d-----w- C:\Ting

2011-11-12 14:59:41 -------- d-----w- C:\Users\Christian\AppData\Roaming\Canneverbe Limited

2011-11-12 14:59:41 -------- d-----w- C:\ProgramData\Canneverbe Limited

2011-11-10 19:32:14 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2011-11-10 17:16:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D512F18C-69A9-46F0-A302-B1B8793C9070}\mpengine.dll

2011-11-10 17:03:49 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-11-10 16:57:14 -------- dc-h--w- C:\ProgramData\{E51ADF6A-7916-46B4-96C1-40D98D096077}

2011-11-10 16:57:13 -------- d-----w- C:\Program Files\Lexicon

2011-11-10 16:30:39 -------- d-----w- C:\Program Files\M-Audio

2011-11-10 16:30:39 -------- d-----w- C:\Program Files (x86)\M-Audio

2011-11-04 14:41:07 -------- d-----w- C:\Program Files (x86)\Winamp Detect

2011-11-04 14:41:04 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2011-11-04 14:35:44 -------- d-----w- C:\# Audio Mixdown

2011-11-04 14:22:52 -------- d-----w- C:\Program Files (x86)\rgcaudio software

2011-11-02 21:49:36 -------- d-----w- C:\Windows\Panther

2011-11-02 21:39:55 259152 ----a-w- C:\Windows\System32\drivers\ahcix64s.sys

2011-11-02 21:38:52 120920 ----a-w- C:\Windows\System32\drivers\jraid.sys

2011-11-02 19:13:04 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2011-11-02 19:13:03 -------- d-----w- C:\Program Files (x86)\DivX

2011-11-02 18:00:07 -------- d-----w- C:\Users\Christian\AppData\Local\Rockstar Games

2011-11-02 17:59:59 -------- d-sh--w- C:\ProgramData\SecuROM

2011-11-02 17:56:46 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll

2011-11-02 17:56:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2011-11-02 17:56:46 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll

2011-11-02 17:56:46 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll

2011-11-02 17:52:00 -------- d-----w- C:\X933912logfiles

2011-11-02 17:21:55 -------- d-----w- C:\Windows\SysWow64\xlive

2011-11-02 17:21:55 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2011-11-02 17:17:52 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-11-02 17:08:09 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2011-11-02 15:58:44 -------- dc-h--w- C:\ProgramData\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9}

2011-11-02 15:57:48 -------- dc-h--w- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-11-02 15:57:39 -------- dc-h--w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-11-02 15:47:48 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-02 15:37:01 -------- d-----w- C:\Users\Christian\.oces2

2011-11-02 15:35:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-02 15:31:10 691551 ----a-w- C:\Program Files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe

2011-11-02 15:30:38 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_5.dll

2011-11-02 15:30:38 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_2.dll

2011-11-02 15:30:38 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2011-11-02 15:30:38 2045952 ----a-w- C:\Windows\SysWow64\bconvert.dll

2011-11-02 15:30:08 995383 ----a-w- C:\Windows\SysWow64\temp.002

2011-11-02 15:30:08 278581 ----a-w- C:\Windows\SysWow64\temp.003

2011-11-02 15:30:07 77878 ----a-w- C:\Windows\SysWow64\temp.001

2011-11-02 15:30:07 401462 ----a-w- C:\Windows\SysWow64\temp.000

2011-11-02 15:25:01 -------- d-----w- C:\Users\Christian\AppData\Roaming\SumatraPDF

2011-11-02 15:24:58 -------- d-----w- C:\Program Files (x86)\SumatraPDF

2011-11-02 15:18:26 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments

2011-11-02 15:12:02 -------- d-----w- C:\Program Files (x86)\Native Instruments

2011-11-02 15:04:29 2240 ----a-w- C:\Windows\LENDIG.sys

2011-11-02 14:45:00 -------- d-----w- C:\Users\Christian\AppData\Roaming\Arturia

2011-11-02 14:39:22 6640274 ----a-w- C:\Windows\SysWow64\Modalys_for_Arturia.dll

2011-11-02 14:34:20 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2011-11-02 14:34:20 -------- d-----w- C:\ProgramData\Syncrosoft

2011-11-02 14:34:19 1695232 ----a-w- C:\Windows\System32\synsoacc.dll

2011-11-02 14:34:19 -------- d-----w- C:\ProgramData\eLicenser

2011-11-02 14:34:19 -------- d-----w- C:\Program Files (x86)\Syncrosoft

2011-11-02 14:34:19 -------- d-----w- C:\Program Files (x86)\eLicenser

2011-11-02 14:34:12 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe

2011-11-02 14:34:12 1261568 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

2011-11-02 14:33:50 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2011-11-02 14:33:48 163840 ----a-w- C:\Windows\SysWow64\ArtFfct.dll

2011-11-02 14:33:44 -------- d-----w- C:\ProgramData\Arturia

2011-11-02 14:33:44 -------- d-----w- C:\Program Files (x86)\Arturia

2011-11-02 14:28:58 86016 ----a-w- C:\Windows\unvise32.exe

2011-11-02 14:21:07 -------- d-----w- C:\Users\Christian\AppData\Local\Native Instruments

2011-11-02 14:12:11 129024 ----a-w- C:\Windows\UNWISE.EXE

2011-11-02 14:12:11 -------- d-----w- C:\audio

2011-11-02 14:10:53 -------- d-----w- C:\Users\Christian\AppData\Local\PackageAware

2011-11-02 14:04:54 -------- d-----w- C:\Program Files\Common Files\Native Instruments

2011-11-02 14:04:46 -------- d-----w- C:\ProgramData\Native Instruments

2011-11-02 14:04:46 -------- d-----w- C:\Program Files\Native Instruments

2011-11-02 13:59:53 1693968 ----a-w- C:\Windows\SysWow64\VBA6.DLL

2011-11-02 13:59:53 140488 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX

2011-11-02 13:59:53 115920 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2011-11-02 13:59:53 -------- d-----w- C:\Program Files (x86)\PianoFX

2011-11-02 13:55:37 -------- d-----w- C:\# Project Cubase

2011-11-02 13:54:29 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-11-02 13:54:29 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-11-02 13:54:29 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-11-02 13:54:29 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-11-02 13:54:28 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-11-02 13:53:58 -------- d-----w- C:\Program Files (x86)\YAMAHA

2011-11-02 13:50:39 -------- d-----w- C:\Downloads

2011-11-02 13:43:54 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL

2011-11-02 13:43:48 -------- d-----w- C:\Program Files (x86)\Common Files\VST3

2011-11-02 13:41:52 -------- d-----w- C:\ProgramData\VST3 Presets

2011-11-02 13:35:47 -------- d-----w- C:\ProgramData\Steinberg

2011-11-02 13:35:47 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg

2011-11-02 13:35:03 -------- d-----w- C:\Users\Christian\AppData\Roaming\Steinberg

2011-11-02 13:35:03 -------- d-----w- C:\Program Files (x86)\Steinberg

2011-11-02 13:31:40 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-11-02 13:31:37 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll

2011-11-02 13:31:37 6300776 ----a-w- C:\Windows\System32\nvcpl.dll

2011-11-02 13:31:37 61544 ----a-w- C:\Windows\System32\nvshext.dll

2011-11-02 13:31:37 3040872 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-11-02 13:31:37 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-11-02 13:31:37 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-11-02 13:31:37 1016936 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-11-02 13:31:21 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2011-11-02 13:31:17 -------- d-----w- C:\Program Files\NVIDIA Corporation

2011-11-02 13:17:02 530488 ----a-w- C:\Windows\System32\drivers\sptd.sys

2011-11-02 13:16:37 -------- d-----w- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite

2011-11-02 13:16:35 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-11-02 13:16:09 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2011-11-02 13:16:09 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-11-02 13:16:09 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2011-11-02 13:14:29 8199504 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-11-02 13:14:07 -------- d-----w- C:\Program Files\CCleaner

2011-11-02 13:12:54 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-11-02 13:11:27 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-11-02 13:08:44 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-11-02 13:08:44 535656 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-11-02 13:08:44 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-11-02 13:08:39 -------- d-----w- C:\Program Files (x86)\Realtek

2011-11-02 13:07:38 -------- d-----w- C:\Program Files (x86)\Renesas Electronics

2011-11-02 13:07:08 -------- d-sh--w- C:\Windows\Installer

2011-10-26 18:49:56 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

.

==================== Find3M ====================

.

2011-11-02 17:22:35 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-10-07 17:47:58 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-10-07 17:47:58 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-10-07 17:47:56 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-10-07 17:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2011-10-07 17:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-10-07 17:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 20:40:28,40 ===============

Attach.zip

Link to post
Share on other sites

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

I have attached the "Attach.txt" and "DDS.txt" to a ZIP file.

Here is my combofix log:

ComboFix 11-11-23.03 - Savanna 24-11-2011 17:18:36.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.4086.2966 [GMT 1:00]

Kører fra: c:\users\Savanna.Christian-PC\Desktop\ComboFix.exe

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Dannede nyt systemgendannelsespunkt

.

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Your Product\lua5.1.dll

c:\program files (x86)\Your Product\Uninstall

c:\program files (x86)\Your Product\Uninstall\IRIMG1.JPG

c:\program files (x86)\Your Product\Uninstall\IRIMG2.JPG

c:\program files (x86)\Your Product\Uninstall\uninstall.dat

c:\program files (x86)\Your Product\Uninstall\uninstall.xml

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2011-10-24 til 2011-11-24 )))))))))))))))))))))))))))))))))))

.

.

2011-11-24 16:23 . 2011-11-24 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-23 19:17 . 2011-11-23 19:17 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll

2011-11-23 19:17 . 2011-11-23 19:17 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys

2011-11-23 19:17 . 2011-11-23 19:17 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys

2011-11-23 19:17 . 2011-11-23 19:17 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll

2011-11-23 19:17 . 2011-11-23 19:17 -------- d-----w- c:\program files\Logitech Gaming Software

2011-11-22 14:34 . 2011-11-22 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-22 14:34 . 2011-11-22 14:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-22 14:27 . 2011-11-22 14:27 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-11-22 14:11 . 2011-11-22 14:12 -------- d-----w- c:\programdata\Comodo

2011-11-22 14:11 . 2011-11-22 14:11 -------- d-----w- c:\program files\COMODO

2011-11-22 14:11 . 2011-11-22 14:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-11-22 14:11 . 2011-11-22 14:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2011-11-22 14:11 . 2011-11-22 14:11 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-11-22 14:10 . 2011-11-22 14:11 -------- d-----w- c:\programdata\Comodo Downloader

2011-11-18 16:52 . 2011-11-22 14:27 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2011-11-18 16:44 . 2011-11-18 16:44 -------- d-----w- c:\windows\system32\Macromed

2011-11-16 13:53 . 2011-11-16 13:53 -------- d-----w- c:\programdata\Malwarebytes

2011-11-16 13:53 . 2011-11-16 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-16 13:53 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-15 17:02 . 2011-11-15 17:02 228864 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xobu.exe

2011-11-14 18:09 . 2008-02-26 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9I.DLL

2011-11-14 18:09 . 2008-02-26 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9I.DLL

2011-11-14 18:09 . 2011-11-14 18:09 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-11-14 18:09 . 2008-02-26 04:00 279040 ----a-w- c:\windows\system32\CNMLM9I.DLL

2011-11-14 18:09 . 2008-02-08 14:38 236032 ----a-w- c:\windows\system32\CNC190L.DLL

2011-11-14 18:09 . 2007-11-09 10:59 1335296 ----a-w- c:\windows\system32\CNC190C.DLL

2011-11-14 18:09 . 2007-11-09 10:59 92672 ----a-w- c:\windows\system32\CNC190I.DLL

2011-11-14 18:09 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC190O.DLL

2011-11-14 18:09 . 2011-11-14 18:09 -------- d--h--w- c:\program files\CanonBJ

2011-11-13 21:09 . 2011-11-24 16:22 -------- d-----w- c:\program files (x86)\Your Product

2011-11-13 12:34 . 2011-11-16 20:41 -------- d-----w- c:\program files (x86)\Steam

2011-11-13 12:13 . 2011-11-13 21:34 -------- d-----w- C:\Spil

2011-11-13 11:22 . 2011-11-13 11:22 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-11-12 18:19 . 2011-11-12 18:20 -------- d-----w- C:\Ting

2011-11-12 14:59 . 2011-11-12 14:59 -------- d-----w- c:\programdata\Canneverbe Limited

2011-11-10 19:32 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-11-10 17:16 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D512F18C-69A9-46F0-A302-B1B8793C9070}\mpengine.dll

2011-11-10 16:57 . 2011-11-10 16:57 -------- dc-h--w- c:\programdata\{E51ADF6A-7916-46B4-96C1-40D98D096077}

2011-11-10 16:57 . 2011-11-10 16:57 -------- d-----w- c:\program files\Lexicon

2011-11-10 16:30 . 2011-11-10 16:30 -------- d-----w- c:\program files\M-Audio

2011-11-10 16:30 . 2011-11-10 16:30 -------- d-----w- c:\program files (x86)\M-Audio

2011-11-09 15:57 . 2011-11-09 15:57 -------- d-----w- c:\programdata\CanonBJ

2011-11-09 15:28 . 2011-11-10 16:43 -------- d-----w- c:\users\Savanna

2011-11-04 14:41 . 2011-11-10 19:31 -------- d-----w- c:\program files (x86)\Winamp Detect

2011-11-04 14:41 . 2011-11-04 14:41 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-11-04 14:41 . 2011-11-10 19:32 -------- d-----w- c:\program files (x86)\Winamp

2011-11-04 14:35 . 2011-11-04 14:56 -------- d-----w- C:\# Audio Mixdown

2011-11-04 14:22 . 2011-11-04 14:22 -------- d-----w- c:\program files (x86)\rgcaudio software

2011-11-02 21:49 . 2011-11-14 22:20 -------- d-----w- c:\windows\Panther

2011-11-02 21:39 . 2010-06-23 11:44 259152 ----a-w- c:\windows\system32\drivers\ahcix64s.sys

2011-11-02 21:38 . 2011-05-19 16:55 120920 ----a-w- c:\windows\system32\drivers\jraid.sys

2011-11-02 19:13 . 2011-11-02 19:13 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

2011-11-02 19:13 . 2011-11-02 19:13 -------- d-----w- c:\program files (x86)\DivX

2011-11-02 17:59 . 2011-11-02 17:59 -------- d-sh--w- c:\programdata\SecuROM

2011-11-02 17:56 . 2009-03-16 13:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll

2011-11-02 17:56 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll

2011-11-02 17:56 . 2009-03-16 13:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll

2011-11-02 17:56 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-11-02 17:52 . 2011-11-02 17:52 -------- d-----w- C:\X933912logfiles

2011-11-02 17:21 . 2011-11-02 17:21 -------- d-----w- c:\windows\SysWow64\xlive

2011-11-02 17:21 . 2011-11-02 17:21 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-11-02 17:17 . 2011-11-02 17:17 -------- d-----w- c:\program files (x86)\VideoLAN

2011-11-02 17:08 . 2011-11-02 17:56 -------- d-----w- c:\program files (x86)\Rockstar Games

2011-11-02 15:58 . 2011-11-02 15:58 -------- dc-h--w- c:\programdata\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9}

2011-11-02 15:57 . 2011-11-02 15:57 -------- dc-h--w- c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-11-02 15:57 . 2011-11-02 15:57 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-11-02 15:47 . 2011-11-02 15:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-02 15:47 . 2011-11-02 15:47 -------- d-----w- c:\windows\SysWow64\Macromed

2011-11-02 15:36 . 2011-11-02 15:36 -------- d-----w- c:\windows\Sun

2011-11-02 15:35 . 2011-11-02 15:35 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-11-02 15:35 . 2011-11-02 15:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-11-02 15:35 . 2011-11-02 15:35 -------- d-----w- c:\program files (x86)\Java

2011-11-02 15:31 . 2011-11-02 15:31 691551 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe

2011-11-02 15:30 . 2007-06-19 08:27 2045952 ----a-w- c:\windows\SysWow64\bconvert.dll

2011-11-02 15:30 . 2006-10-04 12:13 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_5.dll

2011-11-02 15:30 . 2006-10-04 12:13 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_2.dll

2011-11-02 15:30 . 2006-10-04 12:13 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2011-11-02 15:30 . 2001-04-26 17:49 995383 ----a-w- c:\windows\SysWow64\temp.002

2011-11-02 15:30 . 2001-04-26 17:49 278581 ----a-w- c:\windows\SysWow64\temp.003

2011-11-02 15:30 . 2001-04-26 17:49 77878 ----a-w- c:\windows\SysWow64\temp.001

2011-11-02 15:30 . 2001-04-26 17:49 401462 ----a-w- c:\windows\SysWow64\temp.000

2011-11-02 15:24 . 2011-11-02 15:24 -------- d-----w- c:\program files (x86)\SumatraPDF

2011-11-02 15:18 . 2011-11-02 15:18 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments

2011-11-02 15:12 . 2011-11-02 15:30 -------- d-----w- c:\program files (x86)\Native Instruments

2011-11-02 15:04 . 2006-09-14 00:21 2240 ----a-w- c:\windows\LENDIG.sys

2011-11-02 14:28 . 1999-12-17 09:13 86016 ----a-w- c:\windows\unvise32.exe

2011-11-02 14:12 . 2011-11-02 14:12 -------- d-----w- C:\audio

2011-11-02 14:12 . 1998-04-30 13:56 129024 ----a-w- c:\windows\UNWISE.EXE

2011-11-02 14:04 . 2011-11-02 15:58 -------- d-----w- c:\program files\Common Files\Native Instruments

2011-11-02 14:04 . 2011-11-02 15:58 -------- d-----w- c:\program files\Native Instruments

2011-11-02 14:04 . 2011-11-02 14:04 -------- d-----w- c:\programdata\Native Instruments

2011-11-02 13:59 . 2011-11-02 13:59 -------- d-----w- c:\program files (x86)\PianoFX

2011-11-02 13:59 . 2000-08-20 23:00 1693968 ----a-w- c:\windows\SysWow64\VBA6.DLL

2011-11-02 13:59 . 2000-05-21 23:00 140488 ----a-w- c:\windows\SysWow64\COMDLG32.OCX

2011-11-02 13:59 . 2000-05-21 23:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX

2011-11-02 13:55 . 2011-11-17 20:31 -------- d-----w- C:\# Project Cubase

2011-11-02 13:54 . 2011-11-10 16:47 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2011-11-02 13:53 . 2011-11-02 13:53 -------- d-----w- c:\program files (x86)\YAMAHA

2011-11-02 13:50 . 2011-11-16 14:55 -------- d-----w- C:\Downloads

2011-11-02 13:43 . 2009-10-11 20:58 1177600 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL

2011-11-02 13:43 . 2011-11-02 13:43 -------- d-----w- c:\program files (x86)\Common Files\VST3

2011-11-02 13:41 . 2011-11-02 13:41 -------- d-----w- c:\programdata\VST3 Presets

2011-11-02 13:35 . 2011-11-02 13:35 -------- d-----w- c:\programdata\Steinberg

2011-11-02 13:35 . 2011-11-02 13:35 -------- d-----w- c:\program files (x86)\Common Files\Steinberg

2011-11-02 13:35 . 2011-11-02 14:26 -------- d-----w- c:\program files (x86)\Steinberg

2011-11-02 13:31 . 2011-11-18 17:30 -------- d-----w- c:\users\UpdatusUser

2011-11-02 13:31 . 2011-11-02 13:32 -------- d-----w- c:\programdata\NVIDIA

2011-11-02 13:31 . 2011-11-02 13:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2011-11-02 13:31 . 2011-05-21 05:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-11-02 13:31 . 2011-05-21 05:01 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-11-02 13:31 . 2011-05-21 05:01 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-11-02 13:31 . 2011-05-21 05:01 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-11-02 13:31 . 2011-05-21 05:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-11-02 13:31 . 2011-05-21 05:01 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-11-02 13:31 . 2011-05-21 05:01 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-11-02 13:31 . 2011-11-02 13:31 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-11-02 13:31 . 2011-11-02 13:31 -------- d-----w- c:\program files\NVIDIA Corporation

2011-11-02 13:17 . 2011-11-18 16:52 530488 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-11-02 13:16 . 2011-11-02 13:16 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-11-02 13:16 . 2011-11-16 13:43 -------- d-----w- c:\program files (x86)\SpywareBlaster

2011-11-02 13:16 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2011-11-02 13:16 . 2010-01-10 18:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2011-11-02 13:14 . 2011-11-12 23:29 -------- d-----w- c:\program files (x86)\CDBurnerXP

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 17:48 . 2011-10-07 17:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-10-07 17:47 . 2011-10-07 17:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 17:47 . 2011-10-07 17:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 17:47 . 2011-10-07 17:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 17:47 . 2011-10-07 17:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-07 17:47 . 2011-10-07 17:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll

2011-10-07 17:47 . 2011-10-07 17:47 388280 ----a-w- c:\windows\system32\guard64.dll

.

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 AMService;AMService;c:\windows\TEMP\cwiodu\setup.exe run [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]

"combofix"="c:\combofix\CF13082.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Yderligere scanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.dk/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 89.150.129.4 89.150.129.10

TCP: Interfaces\{2D2F62BA-4D6A-4835-B9ED-C5B71F968318}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Savanna.Christian-PC\AppData\Roaming\Mozilla\Firefox\Profiles\olmpzqkx.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - TOMME GENVEJE FJERNET - - - -

.

Wow6432Node-HKU-Default-Run-AMService - c:\windows\system32\setup.exe

.

.

.

--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Gennemført tid: 2011-11-24 17:28:19 - maskinen blev genstartet

ComboFix-quarantined-files.txt 2011-11-24 16:28

.

Pre-Kørsel: 304.721.989.632 bytes free

Post-Kørsel: 304.137.666.560 bytes free

.

- - End Of File - - 91529EE87D4BEB2239843B0DCB4CDBEF

DDS-Attach.zip

Link to post
Share on other sites

As requested, here is my scan log. I did a Full Scan on my harddrive:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-24 18:32:05

-----------------------------

18:32:05.201 OS Version: Windows x64 6.1.7601 Service Pack 1

18:32:05.201 Number of processors: 4 586 0x503

18:32:05.201 ComputerName: CHRISTIAN-PC UserName: Christian

18:32:06.293 Initialize success

18:36:27.835 AVAST engine defs: 11112400

18:37:10.938 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f

18:37:10.954 Disk 0 Vendor: AMD_____ 1.10 Size: 379562MB BusType: 8

18:37:12.966 Disk 0 MBR read successfully

18:37:12.966 Disk 0 MBR scan

18:37:12.982 Disk 0 Windows 7 default MBR code

18:37:12.982 Service scanning

18:37:14.417 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

18:37:14.979 Modules scanning

18:37:14.979 Disk 0 trace - called modules:

18:37:14.994 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll ahcix64s.sys

18:37:14.994 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005616060]

18:37:15.010 3 CLASSPNP.SYS[fffff88001b5f43f] -> nt!IofCallDriver -> [0xfffffa80048caba0]

18:37:15.010 5 ACPI.sys[fffff880011957a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80048c89c0]

18:37:16.242 AVAST engine scan C:\

18:44:14.807 File: C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir **INFECTED** Win32:Malware-gen

18:46:23.273 File: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xobu.exe **INFECTED** Win32:Rootkit-gen [Rtk]

18:47:15.783 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Malware-gen

18:48:28.941 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]

19:22:24.901 Scan finished successfully

19:24:05.700 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"

19:24:05.704 The log file has been saved successfully to "C:\Users\Christian\Desktop\scanlog.txt"

Link to post
Share on other sites

Ok. I updated ComboFix and here is the log:

ComboFix 11-11-25.01 - Christian 25-11-2011 10:48:51.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.4086.2828 [GMT 1:00]

Kører fra: c:\users\Savanna.Christian-PC\Desktop\ComboFix.exe

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2011-10-25 til 2011-11-25 )))))))))))))))))))))))))))))))))))

.

.

2011-11-25 09:53 . 2011-11-25 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-25 09:37 . 2011-11-25 09:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D512F18C-69A9-46F0-A302-B1B8793C9070}\offreg.dll

2011-11-23 19:17 . 2011-11-23 19:17 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll

2011-11-23 19:17 . 2011-11-23 19:17 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys

2011-11-23 19:17 . 2011-11-23 19:17 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys

2011-11-23 19:17 . 2011-11-23 19:17 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll

2011-11-23 19:17 . 2011-11-23 19:17 -------- d-----w- c:\program files\Logitech Gaming Software

2011-11-22 14:34 . 2011-11-22 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-22 14:34 . 2011-11-22 14:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-22 14:27 . 2011-11-22 14:27 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-11-22 14:11 . 2011-11-22 14:12 -------- d-----w- c:\programdata\Comodo

2011-11-22 14:11 . 2011-11-22 14:11 -------- d-----w- c:\program files\COMODO

2011-11-22 14:11 . 2011-11-22 14:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-11-22 14:11 . 2011-11-22 14:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2011-11-22 14:11 . 2011-11-22 14:11 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-11-22 14:10 . 2011-11-22 14:11 -------- d-----w- c:\programdata\Comodo Downloader

2011-11-18 16:52 . 2011-11-22 14:27 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2011-11-18 16:44 . 2011-11-18 16:44 -------- d-----w- c:\windows\system32\Macromed

2011-11-16 13:53 . 2011-11-16 13:53 -------- d-----w- c:\programdata\Malwarebytes

2011-11-16 13:53 . 2011-11-16 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-16 13:53 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-14 18:09 . 2008-02-26 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9I.DLL

2011-11-14 18:09 . 2008-02-26 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9I.DLL

2011-11-14 18:09 . 2011-11-14 18:09 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-11-14 18:09 . 2008-02-26 04:00 279040 ----a-w- c:\windows\system32\CNMLM9I.DLL

2011-11-14 18:09 . 2008-02-08 14:38 236032 ----a-w- c:\windows\system32\CNC190L.DLL

2011-11-14 18:09 . 2007-11-09 10:59 1335296 ----a-w- c:\windows\system32\CNC190C.DLL

2011-11-14 18:09 . 2007-11-09 10:59 92672 ----a-w- c:\windows\system32\CNC190I.DLL

2011-11-14 18:09 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC190O.DLL

2011-11-14 18:09 . 2011-11-14 18:09 -------- d--h--w- c:\program files\CanonBJ

2011-11-13 21:09 . 2011-11-24 16:22 -------- d-----w- c:\program files (x86)\Your Product

2011-11-13 12:34 . 2011-11-16 20:41 -------- d-----w- c:\program files (x86)\Steam

2011-11-13 12:13 . 2011-11-13 21:34 -------- d-----w- C:\Spil

2011-11-13 11:22 . 2011-11-13 11:22 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-11-12 18:19 . 2011-11-12 18:20 -------- d-----w- C:\Ting

2011-11-12 14:59 . 2011-11-12 14:59 -------- d-----w- c:\programdata\Canneverbe Limited

2011-11-10 19:32 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2011-11-10 17:16 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D512F18C-69A9-46F0-A302-B1B8793C9070}\mpengine.dll

2011-11-10 16:57 . 2011-11-10 16:57 -------- dc-h--w- c:\programdata\{E51ADF6A-7916-46B4-96C1-40D98D096077}

2011-11-10 16:57 . 2011-11-10 16:57 -------- d-----w- c:\program files\Lexicon

2011-11-10 16:30 . 2011-11-10 16:30 -------- d-----w- c:\program files\M-Audio

2011-11-10 16:30 . 2011-11-10 16:30 -------- d-----w- c:\program files (x86)\M-Audio

2011-11-09 15:57 . 2011-11-09 15:57 -------- d-----w- c:\programdata\CanonBJ

2011-11-09 15:28 . 2011-11-10 16:43 -------- d-----w- c:\users\Savanna

2011-11-04 14:41 . 2011-11-10 19:31 -------- d-----w- c:\program files (x86)\Winamp Detect

2011-11-04 14:41 . 2011-11-04 14:41 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-11-04 14:41 . 2011-11-10 19:32 -------- d-----w- c:\program files (x86)\Winamp

2011-11-04 14:35 . 2011-11-04 14:56 -------- d-----w- C:\# Audio Mixdown

2011-11-04 14:22 . 2011-11-04 14:22 -------- d-----w- c:\program files (x86)\rgcaudio software

2011-11-02 21:49 . 2011-11-14 22:20 -------- d-----w- c:\windows\Panther

2011-11-02 21:39 . 2010-06-23 11:44 259152 ----a-w- c:\windows\system32\drivers\ahcix64s.sys

2011-11-02 21:38 . 2011-05-19 16:55 120920 ----a-w- c:\windows\system32\drivers\jraid.sys

2011-11-02 19:13 . 2011-11-02 19:13 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

2011-11-02 19:13 . 2011-11-02 19:13 -------- d-----w- c:\program files (x86)\DivX

2011-11-02 17:59 . 2011-11-02 17:59 -------- d-sh--w- c:\programdata\SecuROM

2011-11-02 17:56 . 2009-03-16 13:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll

2011-11-02 17:56 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll

2011-11-02 17:56 . 2009-03-16 13:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll

2011-11-02 17:56 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-11-02 17:52 . 2011-11-02 17:52 -------- d-----w- C:\X933912logfiles

2011-11-02 17:21 . 2011-11-02 17:21 -------- d-----w- c:\windows\SysWow64\xlive

2011-11-02 17:21 . 2011-11-02 17:21 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-11-02 17:17 . 2011-11-02 17:17 -------- d-----w- c:\program files (x86)\VideoLAN

2011-11-02 17:08 . 2011-11-02 17:56 -------- d-----w- c:\program files (x86)\Rockstar Games

2011-11-02 15:58 . 2011-11-02 15:58 -------- dc-h--w- c:\programdata\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9}

2011-11-02 15:57 . 2011-11-02 15:57 -------- dc-h--w- c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-11-02 15:57 . 2011-11-02 15:57 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-11-02 15:47 . 2011-11-25 09:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-02 15:47 . 2011-11-02 15:47 -------- d-----w- c:\windows\SysWow64\Macromed

2011-11-02 15:36 . 2011-11-02 15:36 -------- d-----w- c:\windows\Sun

2011-11-02 15:35 . 2011-11-02 15:35 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-11-02 15:35 . 2011-11-02 15:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-11-02 15:35 . 2011-11-02 15:35 -------- d-----w- c:\program files (x86)\Java

2011-11-02 15:31 . 2011-11-02 15:31 691551 ----a-w- c:\program files (x86)\Uninstall Information\{ABAF1232-6213-4062-9D52-04E04A730CEA}\unins000.exe

2011-11-02 15:30 . 2007-06-19 08:27 2045952 ----a-w- c:\windows\SysWow64\bconvert.dll

2011-11-02 15:30 . 2006-10-04 12:13 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_5.dll

2011-11-02 15:30 . 2006-10-04 12:13 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_2.dll

2011-11-02 15:30 . 2006-10-04 12:13 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2011-11-02 15:30 . 2001-04-26 17:49 995383 ----a-w- c:\windows\SysWow64\temp.002

2011-11-02 15:30 . 2001-04-26 17:49 278581 ----a-w- c:\windows\SysWow64\temp.003

2011-11-02 15:30 . 2001-04-26 17:49 77878 ----a-w- c:\windows\SysWow64\temp.001

2011-11-02 15:30 . 2001-04-26 17:49 401462 ----a-w- c:\windows\SysWow64\temp.000

2011-11-02 15:24 . 2011-11-02 15:24 -------- d-----w- c:\program files (x86)\SumatraPDF

2011-11-02 15:18 . 2011-11-02 15:18 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments

2011-11-02 15:12 . 2011-11-02 15:30 -------- d-----w- c:\program files (x86)\Native Instruments

2011-11-02 15:04 . 2006-09-14 00:21 2240 ----a-w- c:\windows\LENDIG.sys

2011-11-02 14:28 . 1999-12-17 09:13 86016 ----a-w- c:\windows\unvise32.exe

2011-11-02 14:12 . 2011-11-02 14:12 -------- d-----w- C:\audio

2011-11-02 14:12 . 1998-04-30 13:56 129024 ----a-w- c:\windows\UNWISE.EXE

2011-11-02 14:04 . 2011-11-02 15:58 -------- d-----w- c:\program files\Common Files\Native Instruments

2011-11-02 14:04 . 2011-11-02 15:58 -------- d-----w- c:\program files\Native Instruments

2011-11-02 14:04 . 2011-11-02 14:04 -------- d-----w- c:\programdata\Native Instruments

2011-11-02 13:59 . 2011-11-02 13:59 -------- d-----w- c:\program files (x86)\PianoFX

2011-11-02 13:59 . 2000-08-20 23:00 1693968 ----a-w- c:\windows\SysWow64\VBA6.DLL

2011-11-02 13:59 . 2000-05-21 23:00 140488 ----a-w- c:\windows\SysWow64\COMDLG32.OCX

2011-11-02 13:59 . 2000-05-21 23:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX

2011-11-02 13:55 . 2011-11-17 20:31 -------- d-----w- C:\# Project Cubase

2011-11-02 13:54 . 2011-11-10 16:47 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2011-11-02 13:53 . 2011-11-02 13:53 -------- d-----w- c:\program files (x86)\YAMAHA

2011-11-02 13:50 . 2011-11-16 14:55 -------- d-----w- C:\Downloads

2011-11-02 13:43 . 2009-10-11 20:58 1177600 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL

2011-11-02 13:43 . 2011-11-02 13:43 -------- d-----w- c:\program files (x86)\Common Files\VST3

2011-11-02 13:41 . 2011-11-02 13:41 -------- d-----w- c:\programdata\VST3 Presets

2011-11-02 13:35 . 2011-11-02 13:35 -------- d-----w- c:\programdata\Steinberg

2011-11-02 13:35 . 2011-11-02 13:35 -------- d-----w- c:\program files (x86)\Common Files\Steinberg

2011-11-02 13:35 . 2011-11-02 14:26 -------- d-----w- c:\program files (x86)\Steinberg

2011-11-02 13:31 . 2011-11-18 17:30 -------- d-----w- c:\users\UpdatusUser

2011-11-02 13:31 . 2011-11-02 13:32 -------- d-----w- c:\programdata\NVIDIA

2011-11-02 13:31 . 2011-11-02 13:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2011-11-02 13:31 . 2011-05-21 05:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-11-02 13:31 . 2011-05-21 05:01 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-11-02 13:31 . 2011-05-21 05:01 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-11-02 13:31 . 2011-05-21 05:01 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-11-02 13:31 . 2011-05-21 05:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-11-02 13:31 . 2011-05-21 05:01 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-11-02 13:31 . 2011-05-21 05:01 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-11-02 13:31 . 2011-11-02 13:31 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-11-02 13:31 . 2011-11-02 13:31 -------- d-----w- c:\program files\NVIDIA Corporation

2011-11-02 13:17 . 2011-11-18 16:52 530488 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-11-02 13:16 . 2011-11-02 13:16 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-11-02 13:16 . 2011-11-16 13:43 -------- d-----w- c:\program files (x86)\SpywareBlaster

2011-11-02 13:16 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2011-11-02 13:16 . 2010-01-10 18:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2011-11-02 13:14 . 2011-11-12 23:29 -------- d-----w- c:\program files (x86)\CDBurnerXP

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 17:48 . 2011-10-07 17:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-10-07 17:47 . 2011-10-07 17:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 17:47 . 2011-10-07 17:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 17:47 . 2011-10-07 17:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 17:47 . 2011-10-07 17:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-07 17:47 . 2011-10-07 17:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll

2011-10-07 17:47 . 2011-10-07 17:47 388280 ----a-w- c:\windows\system32\guard64.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-24_16.25.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2011-11-25 09:37 23666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-11-25 09:37 36054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-02 12:55 . 2011-11-25 09:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-11-02 12:55 . 2011-11-24 16:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-11-02 12:55 . 2011-11-24 16:15 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-11-02 12:55 . 2011-11-25 09:35 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-25 09:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-24 16:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-11-24 16:31 89040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-11-02 13:09 . 2011-11-24 15:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-11-02 13:09 . 2011-11-25 09:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-11-02 13:09 . 2011-11-24 15:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-02 13:09 . 2011-11-25 09:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-11-04 17:24 . 2011-11-23 21:47 3236 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-11-04 17:24 . 2011-11-24 22:15 3236 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-11-09 15:29 . 2011-11-24 16:26 2844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-493960788-4236077586-981421237-1001_UserData.bin

+ 2011-11-02 13:00 . 2011-11-25 09:37 7004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-493960788-4236077586-981421237-1000_UserData.bin

+ 2011-11-25 09:35 . 2011-11-25 09:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-25 09:35 . 2011-11-25 09:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-24 16:24 . 2011-11-24 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-25 09:36 . 2011-11-25 09:36 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe

+ 2011-11-04 10:32 . 2011-11-24 17:26 243742 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2011-11-24 15:46 606992 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-11-25 09:40 606992 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-11-24 15:46 103370 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-11-25 09:40 103370 c:\windows\system32\perfc009.dat

+ 2011-11-25 09:36 . 2011-11-25 09:36 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe

+ 2009-07-14 05:01 . 2011-11-24 22:15 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-11-24 16:23 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-02 15:47 . 2011-11-25 09:36 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2011-11-25 09:36 . 2011-11-25 09:36 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

+ 2011-11-02 14:12 . 2011-11-24 22:15 10001842 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-493960788-4236077586-981421237-1000-12288.dat

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 AMService;AMService;c:\windows\TEMP\cwiodu\setup.exe run [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Yderligere scanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 89.150.129.4 89.150.129.10

TCP: Interfaces\{2D2F62BA-4D6A-4835-B9ED-C5B71F968318}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\ruvwyi9f.default\

FF - prefs.js: browser.startup.homepage - google.dk

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

.

[HKEY_USERS\S-1-5-21-493960788-4236077586-981421237-1000\Software\SecuROM\License information*]

"datasecu"=hex:39,42,6d,e6,19,7d,f1,61,ec,86,ac,7e,ac,04,01,62,95,ca,69,0e,7a,

42,20,72,b7,06,fd,3f,2f,52,5d,cc,72,63,28,e8,5a,d6,20,c7,35,c0,6d,19,27,2f,\

"rkeysecu"=hex:80,fc,aa,2c,36,d8,5e,78,5a,94,f9,7e,fc,cb,35,65

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Gennemført tid: 2011-11-25 10:54:32

ComboFix-quarantined-files.txt 2011-11-25 09:54

ComboFix2.txt 2011-11-24 16:28

.

Pre-Kørsel: 301.676.888.064 bytes free

Post-Kørsel: 301.733.326.848 bytes free

.

- - End Of File - - 75A421852CA82D85CDB3A33329055B0C

Link to post
Share on other sites

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xobu.exe
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\U\80000032.@
Driver::
AMService

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).

Then post the resultant log.

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Link to post
Share on other sites

Alright my bad, I attached the fresh ones.

Actually most the issues seems to be gone :)

PING.exe and conhost.exe are not showing up in my taskmanager anymore.

I am not getting all these random outgoing connections to Russia, etc, anymore.

Furthermore, my PC would get really slow at times - doesn't seem to be happening now:)

I haven't had anymore strange random filenames randomly pop up in my taskmanager.

My MIDI-board is working again!

However, my sound card is still giving me really loud bursts of white noise every once in a while.

So now I am unsure of wether it is because of the virus or simply because of the sound card being old and very used, so tonight I will give it a try on another PC.

So it seems that my PC is clean now :D

Thanks a ton for your help!

Newest DDS-Attach.zip

Link to post
Share on other sites

Good. Let's see the final steps then :)

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.

2. Hover over the Computer option, right click on it and then click Properties.

3. On the left hand side, click Advanced Settings.

4. If asked to permit the action, click on Allow.

5. Click on the System Protection tab.

6. Select c: drive and click Configure...

7. Select Turn off protection

8. Press OK.

Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.

Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
  • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
    Antivir
    Avast!
    Good commercial ones are from:
    Kaspersky and
    ESET

Just a final reminder for you. I am trying to stress these two points.

UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.

Make sure all of your security programs are up to date.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,

Blade :)

Link to post
Share on other sites

I followed every step you showed there.

Secunia seems like a great program, I am certainly using that from now on.

I am using COMODO Firewall + AntiVirus at the moment (just installed it after all this virus trouble), so I can't really install any of the ones you mentioned but thanks for the advice. I will keep them in mind.

And thanks so much for your time! My system seems to be running really smooth now. Without you I would have had to format my system which would be a drag as I just did this a couple weeks back. Again thank you! I bow for you. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.