JackPack Posted December 7, 2011 ID:502371 Share Posted December 7, 2011 Hiding my programs, can not update malwarebytes, can't keep a screen saver, won't let me chose a desktop wall paper, blah blah blah. Nasty one called Windows Recovery Virus I believe.Will some one please help, been taking over my computer? Thanks....DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Jack at 16:13:11 on 2011-12-07Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4395 [GMT -5:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeF:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeF:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEF:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEF:\Program Files (x86)\EVGA Precision\EVGAPrecision.exeF:\Users\Jack\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.exeC:\Program Files\Logitech\GamePanel Software\LGDevAgt.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exeC:\Windows\system32\SearchIndexer.exeF:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exeC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeF:\Program Files\Logitech\SetPointG\SetPointII.exeF:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeF:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k secsvcsF:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\explorer.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [cdloader] "C:\Users\Jack\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACKmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exemRun: [GrooveMonitor] "F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: EnableLUA = 0 (0x0)IE: E&xport to Microsoft Excel - F:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - F:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{159414C6-63CC-4B8E-9A95-821CC025866D} : DhcpNameServer = 192.168.0.1TCP: Interfaces\{2684832D-BEFE-436A-8EC2-7EA6E468AA9C} : DhcpNameServer = 192.168.0.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exemRun-x64: [GrooveMonitor] "F:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun-x64: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minSEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\i0k6nc0j.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - plugin: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllFF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false============= SERVICES / DRIVERS ===============.R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-8 136360]R2 AntiVirService;Avira AntiVir Guard;F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-8 269480]R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-2 2253120]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]R3 RTCore64;RTCore64;F:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-31 14440]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2011-12-07 21:08:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\offreg.dll2011-12-06 23:32:11 351880 ---ha-w- C:\ProgramData\zyuFqFdu13aDif.exe2011-12-06 23:29:47 444552 ---ha-w- C:\ProgramData\uRshEirOfhWeeq.exe2011-12-06 11:02:54 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\mpengine.dll2011-12-05 23:36:04 -------- d--h--w- C:\Users\Jack\AppData\Roaming\Unity2011-12-05 23:02:06 -------- d--h--w- C:\Users\Jack\AppData\Local\Unity2011-12-03 05:40:10 -------- d--h--w- C:\Users\Jack\AppData\Local\DDMSettings2011-11-09 02:56:24 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll2011-11-09 02:56:24 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll2011-11-09 02:56:23 3144704 ----a-w- C:\Windows\System32\win32k.sys2011-11-09 02:56:23 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2011-12-06 00:40:50 271200 ---ha-w- C:\Windows\SysWow64\PnkBstrB.xtr2011-12-06 00:40:50 271200 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe2011-12-05 01:50:20 271200 ---ha-w- C:\Windows\SysWow64\PnkBstrB.ex02011-10-20 23:26:22 94208 ---ha-w- C:\Windows\SysWow64\dpl100.dll2011-10-02 22:13:45 75136 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe2011-09-22 16:29:58 321856 ---ha-w- C:\Windows\SysWow64\nvStreaming.exe2011-09-10 03:01:42 59392 ---ha-w- C:\Windows\SysWow64\speexw.acm.============= FINISH: 16:13:24.74 ===============Attach.txtDDS.txt Link to post Share on other sites More sharing options...
LDTate Posted December 9, 2011 ID:503035 Share Posted December 9, 2011 Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.I suggest you do this:Download unhide.exe & save it to your windows folder: Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7) RebootThis will unhide folders/files that were set to be hidden by the infection you had.Let me know if that solved your problem. Link to post Share on other sites More sharing options...
JackPack Posted December 9, 2011 Author ID:503104 Share Posted December 9, 2011 Seems as though I have gotten it again. I used rkill after several full scans by malwarebytes also in safe mode. It said it was gone, well I used the unhide.exe and all seemed fine. I was surfing the internet and bam, it came back last night. Here is the rkill log from today.This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/08/2011 at 20:37:31. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: Rkill completed on 12/08/2011 at 20:37:35. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/09/2011 at 4:52:37. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: C:\ProgramData\FNFPDoJienHIJQ.exeC:\ProgramData\olkTjIawHsCT7B.exeRkill completed on 12/09/2011 at 4:52:41. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/09/2011 at 5:26:00. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: C:\ProgramData\FNFPDoJienHIJQ.exeC:\ProgramData\olkTjIawHsCT7B.exeC:\Windows\SysWOW64\grpconv.exeRkill completed on 12/09/2011 at 5:26:04. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/09/2011 at 15:18:02. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\ProgramData\FNFPDoJienHIJQ.exeC:\ProgramData\olkTjIawHsCT7B.exeRkill completed on 12/09/2011 at 15:18:06. malwarebytes log from last night.Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8336Windows 6.1.7601 Service Pack 1 (Safe Mode)Internet Explorer 9.0.8112.1642112/9/2011 4:38:55 AMmbam-log-2011-12-09 (04-38-55).txtScan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)Objects scanned: 746435Time elapsed: 1 hour(s), 55 minute(s), 24 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 3Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:c:\Users\Jack\AppData\Local\Temp\3A72.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.c:\Users\Jack\AppData\Local\Temp\googleupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.Now I run a lot of programs from the f drive since my c drive is 2 ssd's in raid 0 for gaming. Not sure if that is why it is not getting it? It is still there today, and thanks for any help... Link to post Share on other sites More sharing options...
LDTate Posted December 9, 2011 ID:503115 Share Posted December 9, 2011 Please do not attach the scan results from Combofx. Use copy/paste.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
JackPack Posted December 9, 2011 Author ID:503127 Share Posted December 9, 2011 Right now, I am in the middle of running a full scan with malwarebytes in safe mode with networking (as administrator). I already ran rkill, unhide (as administrator), and tdsskiller(as administrator) no results from tdsskiller. I am going to wait on results before trying combofix. I will get back to you in about 2 hours when malwarebytes is done, Thanks... It found 2 before I stopped it because I forgot to run as administrator.Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8344Windows 6.1.7601 Service Pack 1 (Safe Mode)Internet Explorer 9.0.8112.1642112/9/2011 5:38:09 PMmbam-log-2011-12-09 (17-37-49).txtScan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|L:\|)Objects scanned: 225827Time elapsed: 24 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FNFPDoJienHIJQ.exe (Rogue.FakeHDD) -> Value: FNFPDoJienHIJQ.exe -> No action taken.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\programdata\fnfpdojienhijq.exe (Rogue.FakeHDD) -> No action taken. Link to post Share on other sites More sharing options...
LDTate Posted December 9, 2011 ID:503128 Share Posted December 9, 2011 OK Link to post Share on other sites More sharing options...
JackPack Posted December 10, 2011 Author ID:503160 Share Posted December 10, 2011 Seems to have cleared it up for now, here is the attached and dds txt.dds.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Jack at 20:21:43 on 2011-12-09Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4411 [GMT -5:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeF:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeF:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEF:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEF:\Program Files (x86)\EVGA Precision\EVGAPrecision.exeF:\Users\Jack\Downloads\OpenHardwareMonitor\OpenHardwareMonitor.exeC:\Program Files\Logitech\GamePanel Software\LGDevAgt.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exeF:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeF:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEF:\Program Files\Logitech\SetPointG\SetPointII.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\DllHost.exeF:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wuauclt.exeC:\Windows\explorer.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: EnableLUA = 0 (0x0)IE: E&xport to Microsoft Excel - F:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - F:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - F:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{159414C6-63CC-4B8E-9A95-821CC025866D} : DhcpNameServer = 192.168.0.1TCP: Interfaces\{2684832D-BEFE-436A-8EC2-7EA6E468AA9C} : DhcpNameServer = 192.168.0.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun-x64: [avgnt] "F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minSEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\i0k6nc0j.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - plugin: F:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: F:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllFF - plugin: F:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dllFF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false============= SERVICES / DRIVERS ===============.R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-4-8 136360]R2 AntiVirService;Avira AntiVir Guard;F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-4-8 269480]R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-2 2253120]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]R3 RTCore64;RTCore64;F:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-31 14440]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2011-12-10 01:21:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2D4FEC5-E5C8-4CC3-8678-AF62E5AB1394}\offreg.dll2011-12-10 01:21:45 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2D4FEC5-E5C8-4CC3-8678-AF62E5AB1394}\mpengine.dll2011-12-10 01:20:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\offreg.dll2011-12-09 02:33:56 349832 ----a-w- C:\ProgramData\olkTjIawHsCT7B.exe2011-12-08 09:33:26 -------- d-sh--w- C:\found.0002011-12-06 11:02:54 8822856 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{507F7F9C-F71A-4941-B4A6-E70C0EB90607}\mpengine.dll2011-12-05 23:36:04 -------- d-----w- C:\Users\Jack\AppData\Roaming\Unity2011-12-05 23:02:06 -------- d-----w- C:\Users\Jack\AppData\Local\Unity2011-12-03 05:40:10 -------- d-----w- C:\Users\Jack\AppData\Local\DDMSettings.==================== Find3M ====================.2011-12-06 00:40:50 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2011-12-06 00:40:50 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2011-12-05 01:50:20 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll2011-10-02 22:13:45 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys2011-09-22 16:29:58 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe.============= FINISH: 20:21:57.18 ===============attached.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 1/6/2011 12:58:12 AMSystem Uptime: 12/9/2011 8:17:43 PM (0 hours ago).Motherboard: EVGA | | 132-BL-E758Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 423 | 2653/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 81.381 GiB free.D: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.E: is CDROM ()F: is FIXED (NTFS) - 699 GiB total, 322.243 GiB free.G: is CDROM ()I: is RemovableJ: is RemovableK: is RemovableL: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}Description: Standard PS/2 KeyboardDevice ID: ACPI\PNP0303\4&136CDFB0&0Manufacturer: (Standard keyboards)Name: Standard PS/2 KeyboardPNP Device ID: ACPI\PNP0303\4&136CDFB0&0Service: i8042prt.==== System Restore Points ===================.RP187: 11/12/2011 4:26:05 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)µTorrentAdobe AIRAdobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 10 PluginAdobe Help Center 1.0Adobe Photoshop CS2Adobe Reader X (10.1.1)Adobe Stock Photos 1.0Alien SwarmAlliance of Valiant ArmsApple Application SupportApple Software UpdateAvira AntiVir Personal - Free AntivirusAviSynth 2.5Battlefield: Bad Company™ 2BioShockBioShock 2BorderlandsBrinkBully: Scholarship EditionCall of Duty Black Ops - Mod Tools (BETA)Call of Duty® - World at WarCall of Duty® - World at War 1.2 PatchCall of Duty® - World at War 1.4 PatchCall of Duty® - World at War 1.5 PatchCall of Duty® - World at War 1.6 PatchCall of Duty® - World at War 1.7 PatchCall of Duty® 2Call of Duty® 2 Patch 1.3Call of Duty® 4 - Modern WarfareCall of Duty® 4 - Modern Warfare 1.6 PatchCall of Duty® 4 - Modern Warfare 1.7 PatchCall of Duty: Modern Warfare 2Call of Duty: Modern Warfare 2 - MultiplayerCall of Duty: Modern Warfare 3Call of Duty: Modern Warfare 3 - Dedicated ServerCall of Duty: Modern Warfare 3 - MultiplayerCoupon Printer for WindowsCryostasisCrysis®CueClubDiRTDivX SetupDJ_SF_06_D1600_SW_MinDual-Core OptimizerDVD-CLONER V4.20 Build 917eRegEVGA Precision 2.0.4F.E.A.R.F.E.A.R. 2: Project OriginF.E.A.R.: Extraction PointF.E.A.R.: Perseus MandateFileZilla Client 3.5.2GTA San AndreasHalf-Life 2Half-Life 2: Episode OneHalf-Life 2: Episode TwoHalf-Life 2: Lost CoastHLSW v1.4.0.2Java Auto UpdaterJava 6 Update 24K-Lite Codec Pack 7.1.0 (Full)Killing FloorKilling Floor Mod: Defence Alliance 2Learning Made Easy 2.2Left 4 DeadLeft 4 Dead 2LightScribe System SoftwaremagicJackMalwarebytes' Anti-Malware version 1.51.2.1300Max PayneMax Payne 2: The Fall of Max PayneMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 8.0 (x86 en-US)NVIDIA PhysXNVIDIA Stereoscopic 3D DriverPortalPost Apocalyptic MayhemPSP Video 9 6QuickTimeRAD Video ToolsRaptrSeaTools for WindowsSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2553074)Security Update for 2007 Microsoft Office System (KB2553089)Security Update for 2007 Microsoft Office System (KB2553090)Security Update for 2007 Microsoft Office System (KB2584063)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft Office Access 2007 (KB979440)Security Update for Microsoft Office Excel 2007 (KB2553073)Security Update for Microsoft Office Groove 2007 (KB2552997)Security Update for Microsoft Office InfoPath 2007 (KB2510061)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2535818)Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)Security Update for Microsoft Office Publisher 2007 (KB2284697)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Shattered HorizonSpeedFan (remove only)SteamTeam Fortress 2TeamSpeak 2 RC2ToolboxTurboIRC 7 UninstallUpdate for 2007 Microsoft Office System (KB2284654)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2583910)Update for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Outlook 2007 Junk Email Filter (KB2596560)VC80CRTRedist - 8.0.50727.6195Windows Media Player Firefox PluginWolfenstein - Enemy TerritoryXfire (remove only).==== Event Viewer Messages From Past Week ========.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:17:50 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.12/9/2011 8:16:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.12/9/2011 5:09:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.12/9/2011 5:09:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}12/9/2011 5:09:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}12/9/2011 5:09:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}12/9/2011 5:09:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}12/9/2011 5:09:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache spldr Wanarpv612/9/2011 4:25:05 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.12/9/2011 4:24:34 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.12/9/2011 4:24:23 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).12/9/2011 4:23:51 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.12/9/2011 4:23:40 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.12/9/2011 4:23:26 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.12/9/2011 4:22:43 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).12/9/2011 3:17:08 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.12/9/2011 3:17:08 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.12/9/2011 3:17:08 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.12/8/2011 9:42:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.12/8/2011 9:42:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}12/8/2011 9:42:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}12/8/2011 9:42:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.12/8/2011 9:42:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12/8/2011 8:35:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.12/8/2011 8:35:03 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.12/8/2011 8:35:03 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.12/6/2011 6:45:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}12/4/2011 1:43:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.12/4/2011 1:43:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.12/4/2011 1:40:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.12/4/2011 1:38:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3..==== End Of File =========================== Link to post Share on other sites More sharing options...
LDTate Posted December 10, 2011 ID:503161 Share Posted December 10, 2011 Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:C:\ProgramData\olkTjIawHsCT7B.exeThen click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.If virustotal is too busy you can try these.http://virusscan.jotti.orghttp://www.kaspersky.com/scanforvirus.html Link to post Share on other sites More sharing options...
JackPack Posted December 10, 2011 Author ID:503168 Share Posted December 10, 2011 AhnLab-V3 2011.12.09.00 2011.12.09 -AntiVir 7.11.19.52 2011.12.09 -Antiy-AVL 2.0.3.7 2011.12.09 -Avast 6.0.1289.0 2011.12.09 -AVG 10.0.0.1190 2011.12.09 -BitDefender 7.2 2011.12.09 -ByteHero 1.0.0.1 2011.12.07 -CAT-QuickHeal 12.00 2011.12.09 -ClamAV 0.97.3.0 2011.12.09 -Commtouch 5.3.2.6 2011.12.09 -Comodo 10899 2011.12.09 -DrWeb 5.0.2.03300 2011.12.09 Trojan.Fakealert.27220Emsisoft 5.1.0.11 2011.12.09 -eSafe 7.0.17.0 2011.12.08 -eTrust-Vet 37.0.9615 2011.12.09 -F-Prot 4.6.5.141 2011.11.29 -F-Secure 9.0.16440.0 2011.12.09 -Fortinet 4.3.388.0 2011.12.09 -GData 22 2011.12.09 -Ikarus T3.1.1.109.0 2011.12.09 Trojan.Win32.FakeSysdefJiangmin 13.0.900 2011.12.09 -K7AntiVirus 9.119.5640 2011.12.09 -Kaspersky 9.0.0.837 2011.12.09 -McAfee 5.400.0.1158 2011.12.09 Generic FakeAlert.bzMcAfee-GW-Edition 2010.1E 2011.12.09 Generic FakeAlert.bzMicrosoft 1.7903 2011.12.09 -NOD32 6691 2011.12.07 -Norman 6.07.13 2011.12.09 -nProtect 2011-12-09.01 2011.12.09 -Panda 10.0.3.5 2011.12.09 Trj/CI.APCTools 8.0.0.5 2011.12.09 -Prevx 3.0 2011.12.09 -Rising 23.87.03.02 2011.12.08 -Sophos 4.72.0 2011.12.09 Mal/Generic-LSUPERAntiSpyware 4.40.0.1006 2011.12.09 -Symantec 20111.2.0.82 2011.12.09 -TheHacker 6.7.0.1.353 2011.12.07 -TrendMicro 9.500.0.1008 2011.12.09 -TrendMicro-HouseCall 9.500.0.1008 2011.12.09 -VBA32 3.12.16.4 2011.12.09 -VIPRE 11224 2011.12.09 Trojan.Win32.Fakeav.paa (v)ViRobot 2011.12.9.4817 2011.12.09 -VirusBuster 14.1.107.0 2011.12.09 - Link to post Share on other sites More sharing options...
LDTate Posted December 10, 2011 ID:503245 Share Posted December 10, 2011 Please do not attach the scan results from Combofx. Use copy/paste.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
JackPack Posted December 10, 2011 Author ID:503300 Share Posted December 10, 2011 ComboFix 11-12-10.01 - Jack 12/10/2011 9:14.1.8 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4347 [GMT -5:00]Running from: c:\users\Jack\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\olkTjIawHsCT7B.exec:\users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnkc:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fixc:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnkc:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnkc:\windows\SysWow64\processes.txtF:\install.exe..((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))..2011-12-10 14:16 . 2011-12-10 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2011-12-10 01:21 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D4FEC5-E5C8-4CC3-8678-AF62E5AB1394}\mpengine.dll2011-12-08 09:33 . 2011-12-08 09:33 -------- d-----w- C:\found.0002011-12-05 23:36 . 2011-12-05 23:36 -------- d-----w- c:\users\Jack\AppData\Roaming\Unity2011-12-05 23:02 . 2011-12-05 23:55 -------- d-----w- c:\users\Jack\AppData\Local\Unity2011-12-03 05:40 . 2011-12-03 05:40 -------- d-----w- c:\users\Jack\AppData\Local\DDMSettings...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-06 00:40 . 2011-01-15 18:38 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2011-12-06 00:40 . 2011-01-15 18:38 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2011-12-05 14:11 . 2011-07-13 02:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2011-12-05 01:50 . 2011-01-15 18:38 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02011-11-09 02:57 . 2011-07-13 02:21 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2011-11-09 02:57 . 2011-07-13 02:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2011-11-09 02:57 . 2011-01-18 21:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll2011-10-02 22:13 . 2011-01-15 18:38 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2011-09-29 16:29 . 2011-11-09 02:56 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-09-29 04:03 . 2011-11-09 02:56 3144704 ----a-w- c:\windows\system32\win32k.sys2011-09-22 22:41 . 2011-10-03 00:09 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll2011-09-22 22:41 . 2011-10-03 00:09 5067584 ----a-w- c:\windows\system32\nvsvc64.dll2011-09-22 22:41 . 2011-10-03 00:09 222528 ----a-w- c:\windows\system32\nvmctray.dll2011-09-22 22:41 . 2011-10-03 00:09 1640768 ----a-w- c:\windows\system32\nvvsvc.exe2011-09-22 22:41 . 2011-10-03 00:09 137536 ----a-w- c:\windows\system32\nvshext.dll2011-09-22 22:41 . 2011-10-03 00:09 10406208 ----a-w- c:\windows\system32\nvcpl.dll2011-09-22 22:41 . 2011-10-03 00:07 8930624 ----a-w- c:\windows\system32\nvwgf2umx.dll2011-09-22 22:41 . 2011-10-03 00:07 7580992 ----a-w- c:\windows\system32\nvcuda.dll2011-09-22 22:41 . 2011-10-03 00:07 7183168 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2011-09-22 22:41 . 2011-10-03 00:07 68928 ----a-w- c:\windows\system32\OpenCL.dll2011-09-22 22:41 . 2011-10-03 00:07 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll2011-09-22 22:41 . 2011-10-03 00:07 5576000 ----a-w- c:\windows\SysWow64\nvcuda.dll2011-09-22 22:41 . 2011-10-03 00:07 2808640 ----a-w- c:\windows\system32\nvapi64.dll2011-09-22 22:41 . 2011-10-03 00:07 2542912 ----a-w- c:\windows\system32\nvcuvid.dll2011-09-22 22:41 . 2011-10-03 00:07 24796480 ----a-w- c:\windows\system32\nvcompiler.dll2011-09-22 22:41 . 2011-10-03 00:07 24743232 ----a-w- c:\windows\system32\nvoglv64.dll2011-09-22 22:41 . 2011-10-03 00:07 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll2011-09-22 22:41 . 2011-10-03 00:07 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll2011-09-22 22:41 . 2011-10-03 00:07 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll2011-09-22 22:41 . 2011-10-03 00:07 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2011-09-22 22:41 . 2011-10-03 00:07 18870592 ----a-w- c:\windows\SysWow64\nvoglv32.dll2011-09-22 22:41 . 2011-10-03 00:07 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll2011-09-22 22:41 . 2011-10-03 00:07 15688512 ----a-w- c:\windows\system32\nvd3dumx.dll2011-09-22 22:41 . 2011-10-03 00:07 1533248 ----a-w- c:\windows\system32\nvdispco64.dll2011-09-22 22:41 . 2011-10-03 00:07 1454400 ----a-w- c:\windows\system32\nvgenco64.dll2011-09-22 22:41 . 2011-10-03 00:07 13200704 ----a-w- c:\windows\SysWow64\nvd3dum.dll2011-09-22 22:41 . 2011-10-03 00:07 12961088 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2011-09-22 16:29 . 2011-09-22 16:29 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]"avgnt"="f:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLUA"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer5"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]R3 dump_wmimmc;dump_wmimmc;f:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]S3 RTCore64;RTCore64;f:\program files (x86)\EVGA Precision\RTCore64.sys [2011-08-31 14440]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jack\AppData\Local\Temp\tmpA642.tmp [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WINRING0_1_2_0.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-06-17 16:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]"EvtMgr6"="f:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - f:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\i0k6nc0j.default\FF - user.js: network.protocol-handler.warn-external.dnupdate - false..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]"ImagePath"="\??\c:\users\Jack\AppData\Local\Temp\tmpA642.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4152632202-4090834572-3126930149-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]@Allowed: (Read) (RestrictedCode)"??"=hex:a2,f2,f9,fc,e5,cf,da,6b,92,20,08,95,d7,aa,b5,e6,be,53,67,65,70,cb,7c, c9,35,7c,bb,8e,d1,c9,46,06,26,b5,2a,8b,7d,6d,b4,77,ad,0d,a4,98,31,c1,9d,72,\"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f.[HKEY_USERS\S-1-5-21-4152632202-4090834572-3126930149-1001\Software\SecuROM\License information*]"datasecu"=hex:c3,ba,ae,5c,b2,2f,5c,ac,e7,92,ef,71,2a,99,3e,2e,25,97,57,8c,65, 14,6a,31,b1,11,bb,da,05,b8,3d,f4,dc,3f,6a,2d,60,d1,bd,1f,6a,4d,8a,43,e4,ad,\"rkeysecu"=hex:18,10,ae,f4,b7,de,87,df,d3,2e,e3,25,2f,cf,27,29.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.f:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\windows\SysWOW64\PnkBstrA.exef:\program files (x86)\EVGA Precision\EVGAPrecision.exe.**************************************************************************.Completion time: 2011-12-10 09:19:04 - machine was rebootedComboFix-quarantined-files.txt 2011-12-10 14:19.Pre-Run: 86,980,153,344 bytes freePost-Run: 87,226,933,248 bytes free.- - End Of File - - B27403483773D1130FDC800036D08E9C Link to post Share on other sites More sharing options...
JackPack Posted December 10, 2011 Author ID:503314 Share Posted December 10, 2011 Now I am getting Win 7 Anti-Spyware 2012 crap all over the screen. I know I did not install it so it must be another virus or what ever it is, it is not good. Link to post Share on other sites More sharing options...
JackPack Posted December 11, 2011 Author ID:503443 Share Posted December 11, 2011 Bump, very frustrated, been surfing the internet for years and never had this kind of trouble. Thanks... Link to post Share on other sites More sharing options...
JackPack Posted December 11, 2011 Author ID:503491 Share Posted December 11, 2011 Now I am getting pop up videos from blinkx.com. Some one help please... Link to post Share on other sites More sharing options...
LDTate Posted December 12, 2011 ID:503806 Share Posted December 12, 2011 http://www.eset.eu/online-scannerGo here to run an online scannner from ESET.Click the green ESET Online Scanner button.Read the End User License Agreement and check the box: YES, I accept the Terms of Use.Click on the Start button next to it.You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.A new window will appear asking "Do you want to install this software?"".Answer Yes to download and install the ActiveX controls that allows the scan to run.Click Start.Check Remove found threats and Scan potentially unwanted applications.Click Scan to begin. If offered the option to get information or buy software. Just close the window. Wait for the scan to finishUse notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
JackPack Posted December 12, 2011 Author ID:503816 Share Posted December 12, 2011 I reinstalled windows and I think it fixed the problem. Thanks, I will get back to you if something goes haywire. Link to post Share on other sites More sharing options...
LDTate Posted December 12, 2011 ID:504038 Share Posted December 12, 2011 Good choice Link to post Share on other sites More sharing options...
LDTate Posted December 16, 2011 ID:505648 Share Posted December 16, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts