Jump to content

Virus/trojan


Recommended Posts

Hiding my programs, can not update malwarebytes, can't keep a screen saver, won't let me chose a desktop wall paper, blah blah blah. Nasty one called Windows Recovery Virus I believe.

Will some one please help, been taking over my computer? Thanks...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Jack at 16:13:11 on 2011-12-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4395 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

F:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

F:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe

F:\Users\Jack\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Windows\system32\SearchIndexer.exe

F:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

F:\Program Files\Logitech\SetPointG\SetPointII.exe

F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

F:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

F:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [cdloader] "C:\Users\Jack\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [GrooveMonitor] "F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - F:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - F:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{159414C6-63CC-4B8E-9A95-821CC025866D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2684832D-BEFE-436A-8EC2-7EA6E468AA9C} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [GrooveMonitor] "F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\i0k6nc0j.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-8 136360]

R2 AntiVirService;Avira AntiVir Guard;F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-8 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-2 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 RTCore64;RTCore64;F:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-31 14440]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-07 21:08:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\offreg.dll

2011-12-06 23:32:11 351880 ---ha-w- C:\ProgramData\zyuFqFdu13aDif.exe

2011-12-06 23:29:47 444552 ---ha-w- C:\ProgramData\uRshEirOfhWeeq.exe

2011-12-06 11:02:54 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\mpengine.dll

2011-12-05 23:36:04 -------- d--h--w- C:\Users\Jack\AppData\Roaming\Unity

2011-12-05 23:02:06 -------- d--h--w- C:\Users\Jack\AppData\Local\Unity

2011-12-03 05:40:10 -------- d--h--w- C:\Users\Jack\AppData\Local\DDMSettings

2011-11-09 02:56:24 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 02:56:24 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 02:56:23 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 02:56:23 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2011-12-06 00:40:50 271200 ---ha-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-12-06 00:40:50 271200 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-12-05 01:50:20 271200 ---ha-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-20 23:26:22 94208 ---ha-w- C:\Windows\SysWow64\dpl100.dll

2011-10-02 22:13:45 75136 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-22 16:29:58 321856 ---ha-w- C:\Windows\SysWow64\nvStreaming.exe

2011-09-10 03:01:42 59392 ---ha-w- C:\Windows\SysWow64\speexw.acm

.

============= FINISH: 16:13:24.74 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

Seems as though I have gotten it again. I used rkill after several full scans by malwarebytes also in safe mode. It said it was gone, well I used the unhide.exe and all seemed fine. I was surfing the internet and bam, it came back last night.

Here is the rkill log from today.

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/08/2011 at 20:37:31.

Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

Rkill completed on 12/08/2011 at 20:37:35.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/09/2011 at 4:52:37.

Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

C:\ProgramData\FNFPDoJienHIJQ.exe

C:\ProgramData\olkTjIawHsCT7B.exe

Rkill completed on 12/09/2011 at 4:52:41.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/09/2011 at 5:26:00.

Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

C:\ProgramData\FNFPDoJienHIJQ.exe

C:\ProgramData\olkTjIawHsCT7B.exe

C:\Windows\SysWOW64\grpconv.exe

Rkill completed on 12/09/2011 at 5:26:04.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/09/2011 at 15:18:02.

Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\ProgramData\FNFPDoJienHIJQ.exe

C:\ProgramData\olkTjIawHsCT7B.exe

Rkill completed on 12/09/2011 at 15:18:06.

malwarebytes log from last night.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8336

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

12/9/2011 4:38:55 AM

mbam-log-2011-12-09 (04-38-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)

Objects scanned: 746435

Time elapsed: 1 hour(s), 55 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Jack\AppData\Local\Temp\3A72.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Jack\AppData\Local\Temp\googleupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Now I run a lot of programs from the f drive since my c drive is 2 ssd's in raid 0 for gaming. Not sure if that is why it is not getting it? It is still there today, and thanks for any help...

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Right now, I am in the middle of running a full scan with malwarebytes in safe mode with networking (as administrator). I already ran rkill, unhide (as administrator), and tdsskiller(as administrator) no results from tdsskiller. I am going to wait on results before trying combofix. I will get back to you in about 2 hours when malwarebytes is done, Thanks...

It found 2 before I stopped it because I forgot to run as administrator.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8344

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

12/9/2011 5:38:09 PM

mbam-log-2011-12-09 (17-37-49).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)

Objects scanned: 225827

Time elapsed: 24 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FNFPDoJienHIJQ.exe (Rogue.FakeHDD) -> Value: FNFPDoJienHIJQ.exe -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\fnfpdojienhijq.exe (Rogue.FakeHDD) -> No action taken.

Link to post
Share on other sites

Seems to have cleared it up for now, here is the attached and dds txt.

dds

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Jack at 20:21:43 on 2011-12-09

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4411 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

F:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

F:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe

F:\Users\Jack\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

F:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

F:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

F:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - F:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - F:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{159414C6-63CC-4B8E-9A95-821CC025866D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2684832D-BEFE-436A-8EC2-7EA6E468AA9C} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\i0k6nc0j.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-8 136360]

R2 AntiVirService;Avira AntiVir Guard;F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-8 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-2 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 RTCore64;RTCore64;F:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-31 14440]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-10 01:21:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2D4FEC5-E5C8-4CC3-8678-AF62E5AB1394}\offreg.dll

2011-12-10 01:21:45 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2D4FEC5-E5C8-4CC3-8678-AF62E5AB1394}\mpengine.dll

2011-12-10 01:20:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\offreg.dll

2011-12-09 02:33:56 349832 ----a-w- C:\ProgramData\olkTjIawHsCT7B.exe

2011-12-08 09:33:26 -------- d-sh--w- C:\found.000

2011-12-06 11:02:54 8822856 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\mpengine.dll

2011-12-05 23:36:04 -------- d-----w- C:\Users\Jack\AppData\Roaming\Unity

2011-12-05 23:02:06 -------- d-----w- C:\Users\Jack\AppData\Local\Unity

2011-12-03 05:40:10 -------- d-----w- C:\Users\Jack\AppData\Local\DDMSettings

.

==================== Find3M ====================

.

2011-12-06 00:40:50 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-12-06 00:40:50 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-12-05 01:50:20 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll

2011-10-02 22:13:45 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-09-22 16:29:58 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 20:21:57.18 ===============

attached

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/6/2011 12:58:12 AM

System Uptime: 12/9/2011 8:17:43 PM (0 hours ago)

.

Motherboard: EVGA | | 132-BL-E758

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 423 | 2653/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 81.381 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 699 GiB total, 322.243 GiB free.

G: is CDROM ()

I: is Removable

J: is Removable

K: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&136CDFB0&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&136CDFB0&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP187: 11/12/2011 4:26:05 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 10 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader X (10.1.1)

Adobe Stock Photos 1.0

Alien Swarm

Alliance of Valiant Arms

Apple Application Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

AviSynth 2.5

Battlefield: Bad Company™ 2

BioShock

BioShock 2

Borderlands

Brink

Bully: Scholarship Edition

Call of Duty Black Ops - Mod Tools (BETA)

Call of Duty® - World at War

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® - World at War 1.5 Patch

Call of Duty® - World at War 1.6 Patch

Call of Duty® - World at War 1.7 Patch

Call of Duty® 2

Call of Duty® 2 Patch 1.3

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Dedicated Server

Call of Duty: Modern Warfare 3 - Multiplayer

Coupon Printer for Windows

Cryostasis

Crysis®

CueClub

DiRT

DivX Setup

DJ_SF_06_D1600_SW_Min

Dual-Core Optimizer

DVD-CLONER V4.20 Build 917

eReg

EVGA Precision 2.0.4

F.E.A.R.

F.E.A.R. 2: Project Origin

F.E.A.R.: Extraction Point

F.E.A.R.: Perseus Mandate

FileZilla Client 3.5.2

GTA San Andreas

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

HLSW v1.4.0.2

Java Auto Updater

Java 6 Update 24

K-Lite Codec Pack 7.1.0 (Full)

Killing Floor

Killing Floor Mod: Defence Alliance 2

Learning Made Easy 2.2

Left 4 Dead

Left 4 Dead 2

LightScribe System Software

magicJack

Malwarebytes' Anti-Malware version 1.51.2.1300

Max Payne

Max Payne 2: The Fall of Max Payne

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 8.0 (x86 en-US)

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Portal

Post Apocalyptic Mayhem

PSP Video 9 6

QuickTime

RAD Video Tools

Raptr

SeaTools for Windows

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shattered Horizon

SpeedFan (remove only)

Steam

Team Fortress 2

TeamSpeak 2 RC2

Toolbox

TurboIRC 7 Uninstall

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

VC80CRTRedist - 8.0.50727.6195

Windows Media Player Firefox Plugin

Wolfenstein - Enemy Territory

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

12/9/2011 8:16:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/9/2011 5:09:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/9/2011 5:09:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/9/2011 5:09:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/9/2011 5:09:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/9/2011 5:09:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/9/2011 5:09:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr Wanarpv6

12/9/2011 4:25:05 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

12/9/2011 4:24:34 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/9/2011 4:24:23 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).

12/9/2011 4:23:51 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/9/2011 4:23:40 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

12/9/2011 4:23:26 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

12/9/2011 4:22:43 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

12/9/2011 3:17:08 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.

12/9/2011 3:17:08 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.

12/9/2011 3:17:08 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

12/8/2011 9:42:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/8/2011 9:42:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/8/2011 9:42:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/8/2011 9:42:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/8/2011 8:35:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

12/8/2011 8:35:03 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/8/2011 8:35:03 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

12/6/2011 6:45:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/4/2011 1:43:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.

12/4/2011 1:43:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

12/4/2011 1:40:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

12/4/2011 1:38:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

.

==== End Of File ===========================

Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

C:\ProgramData\olkTjIawHsCT7B.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

AhnLab-V3 2011.12.09.00 2011.12.09 -

AntiVir 7.11.19.52 2011.12.09 -

Antiy-AVL 2.0.3.7 2011.12.09 -

Avast 6.0.1289.0 2011.12.09 -

AVG 10.0.0.1190 2011.12.09 -

BitDefender 7.2 2011.12.09 -

ByteHero 1.0.0.1 2011.12.07 -

CAT-QuickHeal 12.00 2011.12.09 -

ClamAV 0.97.3.0 2011.12.09 -

Commtouch 5.3.2.6 2011.12.09 -

Comodo 10899 2011.12.09 -

DrWeb 5.0.2.03300 2011.12.09 Trojan.Fakealert.27220

Emsisoft 5.1.0.11 2011.12.09 -

eSafe 7.0.17.0 2011.12.08 -

eTrust-Vet 37.0.9615 2011.12.09 -

F-Prot 4.6.5.141 2011.11.29 -

F-Secure 9.0.16440.0 2011.12.09 -

Fortinet 4.3.388.0 2011.12.09 -

GData 22 2011.12.09 -

Ikarus T3.1.1.109.0 2011.12.09 Trojan.Win32.FakeSysdef

Jiangmin 13.0.900 2011.12.09 -

K7AntiVirus 9.119.5640 2011.12.09 -

Kaspersky 9.0.0.837 2011.12.09 -

McAfee 5.400.0.1158 2011.12.09 Generic FakeAlert.bz

McAfee-GW-Edition 2010.1E 2011.12.09 Generic FakeAlert.bz

Microsoft 1.7903 2011.12.09 -

NOD32 6691 2011.12.07 -

Norman 6.07.13 2011.12.09 -

nProtect 2011-12-09.01 2011.12.09 -

Panda 10.0.3.5 2011.12.09 Trj/CI.A

PCTools 8.0.0.5 2011.12.09 -

Prevx 3.0 2011.12.09 -

Rising 23.87.03.02 2011.12.08 -

Sophos 4.72.0 2011.12.09 Mal/Generic-L

SUPERAntiSpyware 4.40.0.1006 2011.12.09 -

Symantec 20111.2.0.82 2011.12.09 -

TheHacker 6.7.0.1.353 2011.12.07 -

TrendMicro 9.500.0.1008 2011.12.09 -

TrendMicro-HouseCall 9.500.0.1008 2011.12.09 -

VBA32 3.12.16.4 2011.12.09 -

VIPRE 11224 2011.12.09 Trojan.Win32.Fakeav.paa (v)

ViRobot 2011.12.9.4817 2011.12.09 -

VirusBuster 14.1.107.0 2011.12.09 -

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-12-10.01 - Jack 12/10/2011 9:14.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4347 [GMT -5:00]

Running from: c:\users\Jack\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\olkTjIawHsCT7B.exe

c:\users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk

c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

c:\windows\SysWow64\processes.txt

F:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))

.

.

2011-12-10 14:16 . 2011-12-10 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-10 01:21 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D4FEC5-E5C8-4CC3-8678-AF62E5AB1394}\mpengine.dll

2011-12-08 09:33 . 2011-12-08 09:33 -------- d-----w- C:\found.000

2011-12-05 23:36 . 2011-12-05 23:36 -------- d-----w- c:\users\Jack\AppData\Roaming\Unity

2011-12-05 23:02 . 2011-12-05 23:55 -------- d-----w- c:\users\Jack\AppData\Local\Unity

2011-12-03 05:40 . 2011-12-03 05:40 -------- d-----w- c:\users\Jack\AppData\Local\DDMSettings

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-06 00:40 . 2011-01-15 18:38 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-12-06 00:40 . 2011-01-15 18:38 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-12-05 14:11 . 2011-07-13 02:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-12-05 01:50 . 2011-01-15 18:38 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-11-09 02:57 . 2011-07-13 02:21 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-11-09 02:57 . 2011-07-13 02:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-11-09 02:57 . 2011-01-18 21:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll

2011-10-02 22:13 . 2011-01-15 18:38 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-09-29 16:29 . 2011-11-09 02:56 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:03 . 2011-11-09 02:56 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-09-22 22:41 . 2011-10-03 00:09 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-09-22 22:41 . 2011-10-03 00:09 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-09-22 22:41 . 2011-10-03 00:09 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-09-22 22:41 . 2011-10-03 00:09 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-09-22 22:41 . 2011-10-03 00:09 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-09-22 22:41 . 2011-10-03 00:09 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-09-22 22:41 . 2011-10-03 00:07 8930624 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-09-22 22:41 . 2011-10-03 00:07 7580992 ----a-w- c:\windows\system32\nvcuda.dll

2011-09-22 22:41 . 2011-10-03 00:07 7183168 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-09-22 22:41 . 2011-10-03 00:07 68928 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-22 22:41 . 2011-10-03 00:07 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-09-22 22:41 . 2011-10-03 00:07 5576000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-09-22 22:41 . 2011-10-03 00:07 2808640 ----a-w- c:\windows\system32\nvapi64.dll

2011-09-22 22:41 . 2011-10-03 00:07 2542912 ----a-w- c:\windows\system32\nvcuvid.dll

2011-09-22 22:41 . 2011-10-03 00:07 24796480 ----a-w- c:\windows\system32\nvcompiler.dll

2011-09-22 22:41 . 2011-10-03 00:07 24743232 ----a-w- c:\windows\system32\nvoglv64.dll

2011-09-22 22:41 . 2011-10-03 00:07 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-09-22 22:41 . 2011-10-03 00:07 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-09-22 22:41 . 2011-10-03 00:07 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-09-22 22:41 . 2011-10-03 00:07 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-09-22 22:41 . 2011-10-03 00:07 18870592 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-09-22 22:41 . 2011-10-03 00:07 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-09-22 22:41 . 2011-10-03 00:07 15688512 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-09-22 22:41 . 2011-10-03 00:07 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-09-22 22:41 . 2011-10-03 00:07 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-09-22 22:41 . 2011-10-03 00:07 13200704 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-09-22 22:41 . 2011-10-03 00:07 12961088 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-09-22 16:29 . 2011-09-22 16:29 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"avgnt"="f:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]

R3 dump_wmimmc;dump_wmimmc;f:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 RTCore64;RTCore64;f:\program files (x86)\EVGA Precision\RTCore64.sys [2011-08-31 14440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jack\AppData\Local\Temp\tmpA642.tmp [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WINRING0_1_2_0

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"EvtMgr6"="f:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - f:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\i0k6nc0j.default\

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]

"ImagePath"="\??\c:\users\Jack\AppData\Local\Temp\tmpA642.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4152632202-4090834572-3126930149-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:a2,f2,f9,fc,e5,cf,da,6b,92,20,08,95,d7,aa,b5,e6,be,53,67,65,70,cb,7c,

c9,35,7c,bb,8e,d1,c9,46,06,26,b5,2a,8b,7d,6d,b4,77,ad,0d,a4,98,31,c1,9d,72,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-4152632202-4090834572-3126930149-1001\Software\SecuROM\License information*]

"datasecu"=hex:c3,ba,ae,5c,b2,2f,5c,ac,e7,92,ef,71,2a,99,3e,2e,25,97,57,8c,65,

14,6a,31,b1,11,bb,da,05,b8,3d,f4,dc,3f,6a,2d,60,d1,bd,1f,6a,4d,8a,43,e4,ad,\

"rkeysecu"=hex:18,10,ae,f4,b7,de,87,df,d3,2e,e3,25,2f,cf,27,29

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

f:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

f:\program files (x86)\EVGA Precision\EVGAPrecision.exe

.

**************************************************************************

.

Completion time: 2011-12-10 09:19:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-10 14:19

.

Pre-Run: 86,980,153,344 bytes free

Post-Run: 87,226,933,248 bytes free

.

- - End Of File - - B27403483773D1130FDC800036D08E9C

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.