Jump to content

Got a pretty nasty virus


Flump
 Share

Recommended Posts

Here is what I'm experiencing. There is no sound via youtube or iTunes. There is a red x over the wifi signal bars in the bottom right hand corner but i have wifi access. I had Avira Anti-virus on when the virus appeared and it didn't do anything to stop it. Malwarebytes wouldn't open. I tried doing the run malwarebytes clean, then restart, then run malwarebytes but I get the error co create instance failed error: 0x80040154 at the end of the install. Then malwarebytes tries to run and I get: runtime error 0, then runtime error 440: automation error.

I DL'd combofix, ran it in regular mode, ran it in safemode, and it didn't help in the slightest. Avira was actually up and running again, but I have a feeling the virus has basically taken it over because it isn't offering any help. Like i said Malwarebytes doesn't get remotely close to doing anything right now.

So, as I Dl'd the dds program and here are the logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1

Run by Dafenzeh at 18:40:42 on 2012-09-21

.

============== Running Processes ===============

.

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Rosewill\Common\RaUI.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Dafenzeh\Downloads\dds.com

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3045277

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File

BHO: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - No File

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2525D220-F578-41CB-AA08-42550E9647F8} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2525D220-F578-41CB-AA08-42550E9647F8}\2416269702355616C60234C6572626562737 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2525D220-F578-41CB-AA08-42550E9647F8}\25F637567796C6C6143353431483 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2525D220-F578-41CB-AA08-42550E9647F8}\4586560224F63737 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2525D220-F578-41CB-AA08-42550E9647F8}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3A3DD140-DC74-4FEA-8DDE-F51664CB150C} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3A3DD140-DC74-4FEA-8DDE-F51664CB150C}\44146454E4A55484D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{795905D7-47B5-4355-A732-A7515847B0C5} : DhcpNameServer = 192.168.0.1

BHO-X64: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Guard BHO - No File

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R? axefx2load;Fractal Audio Systems AxeFx2 USB Service

R? BBUpdate;BBUpdate

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? fasusbaudio;fasusbaudio

R? fasusbaudioks;fasusbaudioks

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? MSICDSetup;MSICDSetup

R? PCTBD;PC Tools Browser Defender Driver

R? rspAux;rspAux

R? sdAuxService;PC Tools Auxiliary Service

R? sdCoreService;PC Tools Security Service

R? SynasUSB;SynasUSB

R? TsUsbFlt;TsUsbFlt

R? USBAAPL64;Apple Mobile USB Driver

R? vwifimp;Microsoft Virtual WiFi Miniport Service

R? WatAdminSvc;Windows Activation Technologies Service

S? AMD External Events Utility;AMD External Events Utility

S? amdkmdag;amdkmdag

S? amdkmdap;amdkmdap

S? AntiVirSchedulerService;Avira Scheduler

S? AntiVirService;Avira Realtime Protection

S? AtiHDAudioService;ATI Function Driver for HD Audio Service

S? avgntflt;avgntflt

S? avkmgr;avkmgr

S? BBSvc;BingBar Service

S? Browser Defender Update Service;Browser Defender Update Service

S? netr28x;Ralink 802.11n Wireless Driver for Windows Vista

S? PCTCore;PCTools KDS

S? pctDS;PC Tools Data Store

S? pctEFA;PC Tools Extended File Attributes

S? PCTSD;PC Tools Spyware Doctor Driver

S? RalinkRegistryWriter;Ralink Registry Writer

S? RalinkRegistryWriter64;Ralink Registry Writer 64

S? RTL8167;Realtek 8167 NT Driver

S? vwififlt;Virtual WiFi Filter Driver

.

=============== Created Last 30 ================

.

2012-09-21 23:37:53 -------- d-----w- C:\Users\Dafenzeh\AppData\Roaming\Malwarebytes

2012-09-21 23:37:47 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-21 23:37:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-21 23:37:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-21 23:36:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14CED9C5-9517-4533-A01D-5DB661E457AC}\offreg.dll

2012-09-21 23:04:03 -------- d-sh--w- C:\$RECYCLE.BIN

2012-09-21 22:20:44 85224 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys

2012-09-21 22:20:44 767960 ----a-w- C:\Windows\BDTSupport.dll

2012-09-21 22:20:43 2267096 ----a-w- C:\Windows\PCTBDCore.dll

2012-09-21 22:20:43 1689560 ----a-w- C:\Windows\PCTBDRes.dll

2012-09-21 22:20:43 149464 ----a-w- C:\Windows\SGDetectionTool.dll

2012-09-21 22:20:34 341200 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2012-09-21 22:20:34 145464 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2012-09-21 22:20:29 14808 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys

2012-09-21 22:20:25 92928 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2012-09-21 22:20:19 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-09-21 22:13:58 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2012-09-21 22:13:58 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2012-09-21 22:13:57 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2012-09-21 22:13:56 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-09-21 22:13:55 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-09-21 22:13:39 -------- d-----w- C:\Users\Dafenzeh\AppData\Roaming\TestApp

2012-09-21 22:13:39 -------- d-----w- C:\ProgramData\PC Tools

2012-09-21 20:30:52 -------- d-----w- C:\ProgramData\HitmanPro

2012-09-21 19:44:09 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-21 19:44:08 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-21 19:44:05 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-21 19:44:05 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-21 19:44:01 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-21 19:44:01 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-21 19:44:00 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-21 19:32:33 98816 ----a-w- C:\Windows\sed.exe

2012-09-21 19:32:33 518144 ----a-w- C:\Windows\SWREG.exe

2012-09-21 19:32:33 256000 ----a-w- C:\Windows\PEV.exe

2012-09-21 19:32:33 208896 ----a-w- C:\Windows\MBR.exe

2012-09-07 19:11:16 163256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2012-09-07 19:11:16 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2012-09-07 19:11:16 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-09-05 17:08:06 -------- d-----w- C:\ProgramData\7531CC96CDC31B05DB6B3B05F875F002

2012-09-05 17:07:46 -------- d-----w- C:\Users\Dafenzeh\AppData\Local\{368CBBF0-F77C-11E1-8270-B8AC6F996F26}

2012-08-25 16:13:02 -------- d-----w- C:\Program Files (x86)\Citrix

.

==================== Find3M ====================

.

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-06 03:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 18:42:24.50 ===============

Attach Log:

.

==== Installed Programs ======================

.

Adobe Flash Player 10 Plugin

Adobe Reader 9.5.1

Apple Application Support

Apple Software Update

Audacity 1.3.12 (Unicode)

Avira Free Antivirus

Axe-Edit 0.9.191

Axe-Edit 1.0

Axe-Fx II Driver v1.29.0

Axe-Fx II USB Driver Installer 1.29

Bing Bar

Bing Rewards Client Installer

BitTorrent

Browser Guard 4.0

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Norwegian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

DivX Setup

FLAC 1.2.1b (remove only)

FLV Player 2.0 (build 25)

Freez FLV to AVI/MPEG/WMV Converter

Google Chrome

Google Update Helper

GoToMeeting 5.1.0.880

Guitar Pro 5.2

HP Deskjet 3050 J610 series Help

HP Photo Creations

HP Update

HydraVision

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

LAME v3.98.2 for Audacity

Logitech Harmony Remote Software

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSI Afterburner 2.0.0

OpenOffice.org 3.3

PC Tools Spyware Doctor with AntiVirus 9.0

PreSonus Inspire driver v5.13.0.0

QuickTime

Rosewill Wireless Network 11N PCI adapter RNX-N300

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Steinberg Cubase LE 4

Syncrosoft License Control

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.4053

VLC media player 2.0.1

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== End Of File ===========================

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

As I mentioned in the first post I am unable to run malwarebytes. It is blocked. I can't install it either. I get error messages which are also mentioned in the first post. Renaming doesn't work.

Sorry I forgot to add what is happening with the computer. My sound doesn't work. There is an x over the wifi signal even though I am getting it. I also can't uninstall/install programs correctly.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.