Jump to content
Sign in to follow this  
Biteyleper

Fake alert and fake hdd infection

Recommended Posts

Hi there, my computer got infected with the fake alert and hdd malware- i got warning messages saying there was no hardrive/ too many 32 bit programs runing, and then a risk to the harddrive if the security scan which had handily appeared to solve theses problems wasnt completed. I had to restart in safe mode and do a system restore in order to be able to get my computer functioning.

I then found that lots of files were hidden and many programs seemed to only partially exist- most notably malwarebytes and avast antivirus. I was wary of letting my infected system have access to the internet in case it would make things worse so I downloaded malwarebytes and dds from another machine and transferred them across with a memory stick. That said the quick scan found nothing so I did go online with my infected computer in order to update malwarebytes definitions and a full scan then found 2 infections- fake alert and fake hdd. these were successfully removed and i then ran the unhide program to retore hidden folders. However some programs- priority case in point is avast, still aren't functioning properly and I can't manage to restore/update my antivirus- avast.

here are the dds files:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Bitey at 13:30:40 on 2012-03-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8099.6114 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.pcspecialist.co.uk/

uDefault_Page_URL = hxxp://www.pcspecialist.co.uk/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

uRun: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{A23E193E-F80C-4417-91CA-00A72835A680} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{A23E193E-F80C-4417-91CA-00A72835A680}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{A23E193E-F80C-4417-91CA-00A72835A680}\4656661657C647 : DhcpNameServer = 194.168.4.100 192.168.123.254

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: AutorunsDisabled - No File

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bitey\AppData\Roaming\Mozilla\Firefox\Profiles\9qdgkg8b.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-25 494424]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-1-27 33792]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-8 2656280]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-7 44768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-20 2348864]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-19 135584]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-03-20 17:58:07 -------- d-----w- C:\Users\Bitey\AppData\Local\{1C8696CF-0522-46AD-AF05-F6C78C1D9311}

2012-03-20 17:57:55 -------- d-----w- C:\Users\Bitey\AppData\Local\{C909672D-B7C3-458D-96E0-61CB1017592F}

2012-03-19 17:30:37 -------- d-----w- C:\Users\Bitey\AppData\Local\{0241CFA1-4985-4B2B-B748-F347128E4B32}

2012-03-19 17:30:26 -------- d-----w- C:\Users\Bitey\AppData\Local\{47ED792E-853D-4A6F-82D5-9D010E48D73E}

2012-03-18 10:37:18 -------- d-----w- C:\Users\Bitey\AppData\Local\{B03B284D-6AB0-4C9C-B756-9E20116C94A5}

2012-03-18 10:37:07 -------- d-----w- C:\Users\Bitey\AppData\Local\{336D9D1B-160E-4ED5-BCA7-825F9D4A8BC2}

2012-03-17 18:36:02 -------- d-----w- C:\Users\Bitey\AppData\Local\{11E9678B-90D8-4822-BB2A-D6A808151FC1}

2012-03-17 18:35:39 -------- d-----w- C:\Users\Bitey\AppData\Local\{12E20D4B-FF7D-4820-ADE5-EC211DF59DA2}

2012-03-16 16:47:16 -------- d-----w- C:\ProgramData\Windows

2012-03-16 10:48:45 -------- d-----w- C:\Users\Bitey\AppData\Local\{811BE65E-F657-4499-845E-FA9E9FF9CA35}

2012-03-16 10:48:33 -------- d-----w- C:\Users\Bitey\AppData\Local\{05CBEFD6-11E0-4833-A16F-E1A86F260E6D}

2012-03-15 21:35:42 -------- d-----w- C:\Users\Bitey\AppData\Local\{8D3BDEDB-20C8-4CD0-8FF4-E45168BA92CA}

2012-03-15 21:35:31 -------- d-----w- C:\Users\Bitey\AppData\Local\{E4CE335A-203A-431E-80D1-685D7FA89A1E}

2012-03-14 21:03:32 -------- d-----w- C:\Users\Bitey\AppData\Local\{C06556A6-4565-422D-B48D-D795E13ECC7F}

2012-03-14 21:03:19 -------- d-----w- C:\Users\Bitey\AppData\Local\{A9CB733A-8F31-4C28-8A8D-D97B621DBB3F}

2012-03-09 09:55:49 -------- d-----w- C:\Users\Bitey\AppData\Local\{7780CCA8-AAA5-44ED-9BED-D212B53EDC6A}

2012-03-09 09:55:37 -------- d-----w- C:\Users\Bitey\AppData\Local\{C81E71D6-50E4-4A44-9AEB-AD3999C37D60}

2012-03-05 11:34:35 -------- d-----w- C:\Users\Bitey\AppData\Local\{8FD96133-2EC5-418E-BD9A-92A3751E3620}

2012-03-05 11:34:23 -------- d-----w- C:\Users\Bitey\AppData\Local\{E227AB1C-B47D-45D5-BF41-60FD7F83888A}

2012-03-04 19:53:17 -------- d-----w- C:\Users\Bitey\AppData\Local\Google

2012-03-04 10:43:27 -------- d-----w- C:\Users\Bitey\AppData\Local\{AC4B17F2-71B0-4758-B104-C3E621095020}

2012-03-04 10:43:11 -------- d-----w- C:\Users\Bitey\AppData\Local\{33B88EC3-5896-47EE-B273-416A80CF73CB}

2012-03-02 11:26:01 -------- d-----w- C:\Users\Bitey\AppData\Local\{8F5BA7BF-5091-418D-BD4A-497E6DB90DA8}

2012-03-02 11:25:49 -------- d-----w- C:\Users\Bitey\AppData\Local\{26460AC8-26BA-4035-94A2-4C14AD89AFEF}

2012-03-01 12:56:22 -------- d-----w- C:\Users\Bitey\AppData\Local\{4F05D8B3-74AD-4865-8326-4E8E7B0BA94F}

2012-03-01 12:56:10 -------- d-----w- C:\Users\Bitey\AppData\Local\{52E6D4C2-D8CE-456B-9AAA-40825FAF0A63}

2012-02-29 13:35:32 -------- d-----w- C:\Program Files (x86)\DVD43 Plug-in

2012-02-29 13:04:21 -------- d-----w- C:\Users\Bitey\AppData\Local\{2D6F79FD-1E33-488A-9B0A-DF623CCEE018}

2012-02-28 16:59:56 14 ----a-w- C:\Windows\SysWow64\systeminfo3.dll

2012-02-28 16:58:52 93696 ----a-w- C:\Users\Bitey\AppData\Roaming\ezpinst.exe

2012-02-28 16:58:52 82048 ----a-w- C:\Windows\System32\drivers\pcouffin.sys

2012-02-28 16:58:52 82048 ----a-w- C:\Users\Bitey\AppData\Roaming\pcouffin.sys

2012-02-28 16:58:42 -------- d-----w- C:\ProgramData\DVDXStudio

2012-02-28 16:58:42 -------- d-----w- C:\Program Files (x86)\CloneDVD

2012-02-28 16:31:15 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt

2012-02-28 16:07:02 -------- d-----w- C:\Users\Bitey\AppData\Roaming\RipIt4Me

2012-02-28 10:46:22 -------- d-----w- C:\Users\Bitey\AppData\Local\{62D56CEB-5BA7-493B-8B67-B4CF72D36424}

2012-02-28 10:45:48 -------- d-----w- C:\Users\Bitey\AppData\Local\{3533C3BC-BF76-4388-8F0D-924F8ABF1114}

2012-02-27 18:58:37 -------- d-----w- C:\Users\Bitey\AppData\Roaming\HandBrake

2012-02-27 18:58:37 -------- d-----w- C:\Users\Bitey\AppData\Local\HandBrake

2012-02-27 18:58:27 -------- d-----w- C:\Program Files (x86)\Handbrake

2012-02-27 17:58:20 -------- d-----w- C:\ProgramData\1click dvd copy

2012-02-27 17:55:39 -------- d-----w- C:\Program Files (x86)\LG Software Innovations

2012-02-27 17:31:34 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2012-02-27 17:31:34 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2012-02-27 17:31:34 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

2012-02-27 17:31:32 -------- d-----w- C:\Program Files (x86)\Aimersoft

2012-02-27 13:51:37 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-02-27 13:49:16 -------- d-----w- C:\Program Files (x86)\SlySoft

2012-02-27 13:47:51 -------- d-----w- C:\Program Files (x86)\DVD Decrypter

2012-02-26 21:33:42 -------- d-----w- C:\Users\Bitey\AppData\Roaming\RenPy

2012-02-24 14:57:25 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-24 14:57:25 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-24 14:56:15 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-24 14:56:15 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-23 12:40:01 -------- d-----w- C:\Users\Bitey\AppData\Local\{3C22EC41-0A6C-4F81-9E3E-4ACF901E467A}

2012-02-23 12:39:48 -------- d-----w- C:\Users\Bitey\AppData\Local\{55FD7E29-9996-498F-B8AB-42605A76D736}

2012-02-22 10:31:59 -------- d-----w- C:\Users\Bitey\AppData\Local\{FE0D8A6C-B8B5-4F6F-84CD-2EB1BE0079BE}

2012-02-22 10:31:41 -------- d-----w- C:\Users\Bitey\AppData\Local\{943BDD16-FDBB-474F-A255-53626064896B}

.

==================== Find3M ====================

.

2012-01-29 05:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 13:31:44.84 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 20/05/2011 15:28:21

System Uptime: 21/03/2012 13:23:08 (0 hours ago)

.

Motherboard: CLEVO CO. | | W150HRM

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | SOCKET 0 | 1775/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 244 GiB total, 52.877 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 454 GiB total, 265.296 GiB free.

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP189: 17/02/2012 10:07:37 - Windows Update

RP190: 24/02/2012 14:55:57 - Windows Modules Installer

RP191: 27/02/2012 11:09:37 - IObit Uninstaller restore point

RP192: 27/02/2012 15:50:05 - IObit Uninstaller restore point

RP193: 27/02/2012 15:57:28 - IObit Uninstaller restore point

RP194: 27/02/2012 17:41:28 - IObit Uninstaller restore point

RP195: 27/02/2012 17:47:25 - IObit Uninstaller restore point

RP196: 27/02/2012 17:55:28 - Installed 1CLICK DVD COPY

RP197: 28/02/2012 16:15:48 - IObit Uninstaller restore point

RP198: 28/02/2012 16:26:41 - IObit Uninstaller restore point

RP199: 28/02/2012 16:27:58 - IObit Uninstaller restore point

RP200: 28/02/2012 16:59:15 - Device Driver Package Install: VSO Software

RP201: 28/02/2012 17:16:08 - IObit Uninstaller restore point

.

==== Installed Programs ======================

.

1Click DVD Copy 5.9.5.2

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 8.3.1

Advanced SystemCare 5

AnyDVD

Apple Application Support

Apple Software Update

avast! Free Antivirus

BBC iPlayer Desktop

BisonCam

BitTorrent

ChiconyCam

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CloneDVD 4.1.0.23

Crysis® 2

D3DX10

Dawn of War - Soulstorm

DVD Decrypter (Remove Only)

DVD Flick 1.3.0.7

DVD Shrink 3.2

DVDFab 8.0.9.1 (11/05/2011) Qt

Empire: Total War

Forsaken World

Futuremark SystemInfo

Game Booster 3

GTK2-Runtime

HandBrake 0.9.5

Hotkey 3.3023

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java™ 6 Update 26

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.1.1000

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mount&Blade With Fire and Sword

Mozilla Firefox 8.0.1 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Napoleon: Total War

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

OLYMPUS Master 2

Portal

QuickTime

Realtek High Definition Audio Driver

REALTEK Wireless LAN Driver

Renesas Electronics USB 3.0 Host Controller Driver

RGSS-RTP Standard

RPGXP

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Sid Meier's Civilization V - Demo

Smart Defrag 2

SoulSeek 157 NS 13e

Steam

System Requirements Lab

System Requirements Lab CYRI

The Witcher

Total War: SHOGUN 2 Demo

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VLC media player 1.1.11

Waves Demo

WebCam Installer

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.5

.

==== Event Viewer Messages From Past Week ========

.

21/03/2012 13:25:52, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

21/03/2012 13:25:52, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

21/03/2012 13:09:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

21/03/2012 13:09:27, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

21/03/2012 13:08:05, Error: bowser [8003] - The master browser has received a server announcement from the computer PHILIP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A23E193E-F80C-4417-91CA-00A72835A680}. The master browser is stopping or an election is being forced.

21/03/2012 10:20:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

21/03/2012 10:19:33, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

21/03/2012 10:19:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

21/03/2012 10:19:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

21/03/2012 10:19:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

21/03/2012 10:19:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

21/03/2012 10:19:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

21/03/2012 10:19:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

21/03/2012 10:19:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

21/03/2012 10:19:13, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

21/03/2012 10:13:24, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

18/03/2012 10:57:18, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

18/03/2012 10:31:16, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Hal\Bitey (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

.

==== End Of File ===========================

and here is the malwarebytes scan log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.20.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Bitey :: HAL [administrator]

21/03/2012 12:15:49

mbam-log-2012-03-21 (12-15-49).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 513189

Time elapsed: 47 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Bitey\AppData\Local\Temp\23A6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Bitey\AppData\Local\Temp\x5InLa5UC4wHxB.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

can anyone help?

without having any other guidance, I downloaded and ran eset scanner, which foundand deleted another trojan which supposedly malwarebytes had not. UNfortunately i think I made the same mistake that I have previously and selected to unistall the eset scanner application after the scan which means theres no log to post. As avast didn't seem to be able to turn itself back on I got rid of it with the iobit uninstaller and installed an eset trial instead, when I ran that it found 8 'infiltrations'.... Can anyone offer any help?

From my admittedly basic comprehension, this doesn't seem like a poarticularly major infection- computer seems to be running reasonably normally now- just a bit slowly and with strange, non-functioning/ unnassociated programs that were running fine before but I was unpleasantly surprised that eset found more threats when I thought it was clear...

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Thanks for responding, I updated and ran another full malwarebytes scan which showed all clear, here's the log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.26.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Bitey :: HAL [administrator]

26/03/2012 10:12:43

mbam-log-2012-03-26 (10-12-43).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 509262

Time elapsed: 1 hour(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The thing is, I had done that before (updated and ran a full mbam scan) and malwrebytes didn't detect any malicious items but my antivirus software (then avast) still wasn't working and when I ran the eset scan, that did find a trojan and then 8 'infiltrations' I think it called them.

As to my impressions of how my system is running, like i mentioned before it seems fairly normal, there were a few programs that don't run when their icon is clicked, everything seems to take a little longer to run than before- but not to a really noticeable degree and my internet browser, firefox, seemed to be using quite a lot of memory like 200,000 k plus with only a couple of tabs open which struck me as a bit odd. If i hadn't gone through the process of having to do a system restore in order to be able to use my computer because of the infection I had I wouldn't think there was anything particularly wrong, but because I know I was infected, with: Trojan.FakeAlert and Rogue.FakeHDD, it makes me a bit more cautious...

Share this post


Link to post
Share on other sites

OK. Lets dig deeper.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Ok then here is the combofix log:

ComboFix 12-03-26.02 - Bitey 26/03/2012 16:56:42.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8099.6187 [GMT 1:00]

Running from: c:\users\Bitey\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\p9WZMTeaBSt1dZ

c:\programdata\Roaming

c:\programdata\windows

c:\programdata\windows\ccdxmmde.dat

c:\programdata\windows\drss.dat

c:\programdata\windows\xessmsxe.dat

c:\users\Bitey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\windows\815ACA12E991BAAD.log

c:\windows\SysWow64\systeminfo3.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))

.

.

2012-03-26 16:05 . 2012-03-26 16:05 -------- d-----w- c:\users\TEMP.Hal.017\AppData\Local\temp

2012-03-26 16:05 . 2012-03-26 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-24 16:31 . 2012-03-20 03:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61EC2FA0-1513-41B5-AF87-496810E1DAAF}\mpengine.dll

2012-03-24 16:30 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-24 16:30 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-24 16:30 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-24 16:30 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-24 16:30 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-24 16:30 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-24 16:30 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-24 16:30 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-24 16:30 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-24 16:30 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-24 16:25 . 2012-03-24 16:25 -------- d-----w- c:\users\Bitey\AppData\Local\ESET

2012-03-24 16:23 . 2012-03-24 16:23 -------- d-----w- c:\program files\ESET

2012-03-04 19:53 . 2012-03-04 19:53 -------- d-----w- c:\users\Bitey\AppData\Local\Google

2012-03-04 19:51 . 2012-03-04 19:53 -------- d-----w- c:\program files (x86)\Google

2012-02-29 13:35 . 2012-03-21 10:25 -------- d-----w- c:\program files (x86)\DVD43 Plug-in

2012-02-28 16:58 . 2012-02-28 16:59 -------- d-----w- c:\users\Bitey\AppData\Roaming\Vso

2012-02-28 16:58 . 2012-02-28 16:58 93696 ----a-w- c:\users\Bitey\AppData\Roaming\ezpinst.exe

2012-02-28 16:58 . 2012-02-28 16:58 82048 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2012-02-28 16:58 . 2012-02-28 16:58 82048 ----a-w- c:\users\Bitey\AppData\Roaming\pcouffin.sys

2012-02-28 16:58 . 2012-02-28 16:58 -------- d-----w- c:\program files (x86)\CloneDVD

2012-02-28 16:58 . 2012-02-28 16:58 -------- d-----w- c:\programdata\DVDXStudio

2012-02-28 16:31 . 2012-03-21 10:25 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt

2012-02-28 16:07 . 2012-03-21 10:25 -------- d-----w- c:\users\Bitey\AppData\Roaming\RipIt4Me

2012-02-27 18:58 . 2012-03-21 10:25 -------- d-----w- c:\users\Bitey\AppData\Local\HandBrake

2012-02-27 18:58 . 2012-02-27 18:59 -------- d-----w- c:\users\Bitey\AppData\Roaming\HandBrake

2012-02-27 17:58 . 2012-03-24 18:08 -------- d-----w- c:\programdata\1click dvd copy

2012-02-27 17:55 . 2012-03-21 10:25 -------- d-----w- c:\program files (x86)\LG Software Innovations

2012-02-27 17:31 . 2011-12-08 16:07 892928 ----a-w- c:\windows\SysWow64\iconv.dll

2012-02-27 17:31 . 2011-12-08 16:07 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax

2012-02-27 17:31 . 2011-12-08 16:07 496640 ----a-w- c:\windows\SysWow64\xvid.ax

2012-02-27 17:31 . 2012-02-27 17:42 -------- d-----w- c:\program files (x86)\Aimersoft

2012-02-27 13:51 . 2012-02-27 15:50 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-02-27 13:49 . 2012-03-22 09:35 -------- d-----w- c:\program files (x86)\SlySoft

2012-02-27 13:47 . 2012-02-27 13:47 -------- d-----w- c:\program files (x86)\DVD Decrypter

2012-02-26 21:33 . 2012-02-26 21:33 -------- d-----w- c:\users\Bitey\AppData\Roaming\RenPy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-24 14:57 . 2012-02-24 14:57 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-24 14:57 . 2012-02-24 14:57 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-24 14:56 . 2012-02-24 14:56 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-24 14:56 . 2012-02-24 14:56 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-23 09:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-28 03:59 . 2012-02-17 10:07 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-25 619352]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-24 2348864]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-25 494424]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-27 33792]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.pcspecialist.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Bitey\AppData\Roaming\Mozilla\Firefox\Profiles\9qdgkg8b.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-BsScanner

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-566711638-334717480-2869754105-1001_Classes\Wow6432Node\CLSID\{3f499239-9606-498b-ace2-7dc054484627}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000015f

"Therad"=dword:00000027

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,46,8f,3c,f2,5c,68,ee,21,1b,cb,6a,76,af,77,\

.

[HKEY_USERS\S-1-5-21-566711638-334717480-2869754105-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):77,b5,36,08,36,6b,ec,34,5a,a7,e4,0f,b2,ca,d7,d8,1d,37,b8,01,99,

9b,71,05,03,69,cb,5e,2d,a6,ca,be,f5,91,02,37,c6,4e,18,25,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-26 17:08:15

ComboFix-quarantined-files.txt 2012-03-26 16:08

.

Pre-Run: 66,169,974,784 bytes free

Post-Run: 66,558,640,128 bytes free

.

- - End Of File - - 37B9BD98F3DC14671712C550F6623112

No noticeable changes to the system- its a bit strange because there seem to be some 'orphan' (i think thats the term) remnants of avast hanging around: it doesn't appear as one of the unistall programs options but combofix seemed to imply at least som of it was still on my system- I'll probably end up going back to it as my antivirus software when the eset 30 day trial runs out but as it stands I thought i had uninstalled it because the virus, or whatever, had stopped it working and it couldn't be turned back on...

Share this post


Link to post
Share on other sites

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

That's the only issue I see, is having 2 AV's.

If it won't uninstall try this:

http://www.appremover.com/supported-applications

Then try and download / install it, but only run 1 AV at a time.

Be sure to uninstall combofix:

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Share this post


Link to post
Share on other sites

Thanks for your help- that app remover doesn'tlist avast as one of the programs it removes unfortunatly, its weird because I can find anything related to the avast program when i use the windows 7 start menu search... it just comes up with the mnam scan and when i turned off the eset antivirus, when i get a message saying that I have multiple av programs and nnoe of them are active

Share this post


Link to post
Share on other sites

OK i've just noticed something very weird, I was just using the iobit uninstaller to clear out some unwanted programs and I noticed that the steam game Portal is claiming to be taking up 58gb of space on my hard drive, theres no way such a relatively simple game is anything like that size so I don't quite know whats going on. I don't know if its related to any of this but it seems very odd...

Share this post


Link to post
Share on other sites

Sorry for multiposting but I can't edit posts for some reason, anyway it just occurred to me from poking around a bt that the 58gb figure may refer to the total size of all the steam apps I have installed not the individual game, although why it should show only portal as being this size when it creectly shows the sizes of games like total war empire...

Share this post


Link to post
Share on other sites

ALWIL Software avast! Antivirus 4.8.x

ALWIL Software avast! Internet Security 5.0.x

ALWIL Software avast! Antivirus Professional 4.8.x

ALWIL Software avast! Free Antivirus 5.1.x

ALWIL Software avast! Free Antivirus 5.0.x

ALWIL Software avast! Free Antivirus 6.0.x

ALWIL Software avast! Business Protection 6.x

ALWIL Software avast! Business Protection Plus 6.x

Share this post


Link to post
Share on other sites

I have just noticed that a folder called $RECYCLE.BIN has appeared on my e drive, no idea where that came from, i don't think its anything to do with my actual recycle bin...

Share this post


Link to post
Share on other sites

Yep combofix is uninstalled, before I started getting guidance from you, I found that others who'd experienced a similar infection had used a program to show folders hidden by the rogue malware called unhide from bleeping computer, so I used that a few days ago which may be related but this $RECYCLE.BIN folder has appeared since then, and I never had it on my e drive previously. It was empty- didn't contain any of the files that were actually in my bin.

As for the appremover progra, it doesn't seem to do anything, I downloaded it ok but when I run it ijust get an empty interface with detection, select products, removal and finshed tabs along the top but no programs in the box underneath to select, there doesn't seem to be anything to click on to make the program do anything...

Share this post


Link to post
Share on other sites

Should i uninstall the eset smart security av first? because I can't see any way of doing that from within the program and the iobit uninstaller or that appremeover you linked for me don't find it either...

Share this post


Link to post
Share on other sites

ok another weird thing has happened. My computer is a windows 7 laptop with optimus switching technology- it has an intergrated intel graphics chipset for day to day use and a higher end nvidia gt555m card to play games with. The optimus technology is meant to seamlessly switch between the two so as to save energy- no point running a resources hungry gpu if you're just browsing the web or word processing etc. Thing is my laptop now won't switch to the dedicated graphics card. I just tried loading a game: napoleon:total war and it stayed running from the integrated graphics with the rubbish performance effects you'd expect. I also tried with empire:total war, crysis 2 and the witcher, all of which were only running with integrated graphics card, even selecting with a right ouse click to run with the nvidia card doesnt work. For reference that exact game- napoleon: total war was running fine with the dedicated card yesterday and as far as I kknow i'vedone nothing that would alter that...

Share this post


Link to post
Share on other sites

If you want to use Avast you need to uninstall Eset.

I can't help you with the games, video, etc. because I don't have those myself.

I can only help with any infections.

Share this post


Link to post
Share on other sites

Sure I understand that, my concern was that the change to graphics card functionality, ability of games to use the card or whatever it actually is may have occurred because of the infection. I haven't done anything that could account for it so I was just flagging it up as an example of my system doing strange things that I hadn't been involved in...

Share this post


Link to post
Share on other sites

You might need to go to the manufactors online downloads and download the drivers for the laptop.

Share this post


Link to post
Share on other sites

Ok i pulled back from unistalling eset because it seems unnecessarily complicated and scary, you have to download some special uninstaller and use command prompts where you get scary warnings about damaging your system and losing nic drivers, which would need to be reinstalled in turn leading to loss of static ip/ wifi settings, I have no idea what any of this means- its all a bit over my head and I'd rather avoid the hassle. At the moment the eset av seems to be working and I don't really care which av i use, I'm just more familiar with avast. I hope (perhaps optimistically) that when the 30 day trial is up I will be able to uninstall it and then get avast again...

Anyhow I'm still feeling fairly suspicous about the state of my system, the latest warning sign I've noted is that I keep getting windows update notifications which then fail to download. Is there any way we can do a deeper scan or something- I'm not convinced I'm in the clear. maybe I should give the kapersky online scanner a go?

oh and one last thing, the eset uninstall program did find 2 av programs: 1.ESS/EAV/EMSX (WHICH I THINK IS ESET) and 2.SEP (AVAST?)

Share this post


Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

Yeah Eset showed all clear, but then I had already run it- thats how I initially found out about the 2 infections mbam had missed. heres the log in any case:

SETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5a0ee841b0e76f43b45d66852a10a738

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-29 12:32:27

# local_time=2012-03-29 01:32:27 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 415266 85487008 0 0

# compatibility_mode=8206 39157117 100 74 3477 16329122 0 0

# scanned=152552

# found=0

# cleaned=0

# scan_time=2389

# nod_component=V3 Build:0x30000000

Share this post


Link to post
Share on other sites

If none of the scans are finding anything, I'd assume it's OK.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.