Jump to content

Need help in removing PUM.UserWLoad and Trojan Ransom. And Malware questions


Recommended Posts

Hi!

Lately, I've suspected malware in my system because of low performance. Upon full scan of MBAB, it returned a few malware and I attempted to remove them all. But 2 threats refused to be removed even after several boots. It seems I've been compromised and I really need some help.

and another thing, could malware possibly affect my keyboard driver? I've been noticing some of the keys in my Laptop are faulty after the suspected infection, and the no. of keys that wont work seems to be increasing after a while. It may be a hardware problem, but I'm just checking if it is possible.

 

2 Questions before we start:

If I format an reinstall my OS and do a full wipe of my HDD, will that solve it?
 

And f it can, Is it possible that when I transfer a files into a backup that I might infect that storage when doing so? I'm just scared to connect any form of storage into my PC as of the moment.
 

Oh, and I already have a DDS and Attach copy, as per the instructions in the pinned post. just tell me what to do and I'll do it

Thank You!

Link to post
Share on other sites

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.10.2
Run by Nico at 16:34:18 on 2013-09-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.63.1033.18.4095.2260 [GMT 8:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Games\Garena Plus\ggdllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindows: Load = C:\Users\Nico\LOCALS~1\Temp\msjibyro.scr
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [GarenaPlus] "D:\Games\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
uRun: [kpcgrhynko] wscript.exe //B "C:\Users\Nico\AppData\Roaming\kpcgrhynko..vbs"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
StartupFolder: C:\Users\Nico\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 124.106.4.2 124.106.5.2 192.168.1.1
TCP: Interfaces\{3ECC334B-3F07-490B-862F-3F52AA62C4B2} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{47896B7E-AE88-4026-B003-CC4CAA04A26B} : DHCPNameServer = 124.106.4.2 124.106.5.2 192.168.1.1
TCP: Interfaces\{47896B7E-AE88-4026-B003-CC4CAA04A26B}\0516373777F6274602963702132333435363 : DHCPNameServer = 124.106.7.2 124.106.5.2 192.168.1.1
TCP: Interfaces\{47896B7E-AE88-4026-B003-CC4CAA04A26B}\05C444450235D6162747027596649602A5F6E656 : DHCPNameServer = 121.1.3.81 121.1.3.82
TCP: Interfaces\{47896B7E-AE88-4026-B003-CC4CAA04A26B}\14E6F6E61637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{47896B7E-AE88-4026-B003-CC4CAA04A26B}\378616E656D6162796 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{47896B7E-AE88-4026-B003-CC4CAA04A26B}\D456E646F6A716 : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= AirfoilInject3.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 45856]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-9-3 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-22 301152]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-6-7 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-24 72216]
R2 MyPublicWiFiService;MyPublicWiFi Service;C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [2013-8-24 756224]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-9-10 1643184]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-23 283200]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-4-28 31232]
R3 VBAudioVACMME;System Audio Driver (WDM);C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [2013-5-26 38272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 cxasbt;cxasbt;D:\Games\as\avital\cxbt64.sys [2013-6-4 82320]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-14 115272]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-12 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-12 30208]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-4-28 746392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-12 1255736]
.
=============== Created Last 30 ================
.
2013-09-29 07:47:37 -------- d-----w- C:\Windows\pss
2013-09-25 01:23:38 -------- d-----w- C:\Users\Nico\AppData\Roaming\Nico Mak Computing
2013-09-25 01:23:36 18760 ----a-w- C:\Windows\System32\roboot64.exe
2013-09-25 01:23:33 -------- d-----w- C:\ProgramData\YTD Video Downloader
2013-09-25 01:21:25 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-09-24 09:39:43 168918 --sha-w- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs
2013-09-24 09:39:43 168918 --sha-w- C:\Users\Nico\AppData\Roaming\kpcgrhynko..vbs
2013-09-24 05:47:09 -------- d-----w- C:\Users\Nico\AppData\Local\Western Digital
2013-09-14 08:15:46 -------- d-----w- C:\Users\Nico\AppData\Local\SCE
2013-09-08 18:30:10 -------- d-----w- C:\Users\Nico\AppData\Roaming\AVG2014
2013-09-08 18:29:58 -------- d-----w- C:\Users\Nico\AppData\Local\AVG Secure Search
2013-09-08 18:29:27 -------- d-----w- C:\Users\Nico\AppData\Roaming\TuneUp Software
2013-09-08 18:29:16 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-08 18:29:11 -------- d-----w- C:\ProgramData\AVG Secure Search
2013-09-08 18:29:10 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-09-08 18:29:09 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2013-09-08 18:27:40 -------- d--h--w- C:\$AVG
2013-09-08 18:27:39 -------- d-----w- C:\ProgramData\AVG2014
2013-09-08 18:27:07 -------- d-----w- C:\Program Files (x86)\AVG
2013-09-08 18:13:35 -------- d--h--w- C:\ProgramData\Common Files
2013-09-08 18:13:35 -------- d-----w- C:\Users\Nico\AppData\Local\MFAData
2013-09-08 18:13:35 -------- d-----w- C:\Users\Nico\AppData\Local\Avg2014
2013-09-08 18:13:35 -------- d-----w- C:\ProgramData\MFAData
2013-09-08 14:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-02 02:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 02:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-09-02 02:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 02:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M  ====================
.
2013-08-20 14:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-01 08:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-08-01 08:06:28 147768 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-07-20 19:13:52 165480 ----a-w- C:\Windows\SysWow64\AirfoilInject3.dll
.
============= FINISH: 16:35:59.04 ===============
 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2013 9:24:26 PM
System Uptime: 9/29/2013 4:03:55 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | F6V       
Processor: Intel® Core2 Duo CPU     P8400  @ 2.26GHz | Socket 478 | 2245/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 128 GiB total, 63.887 GiB free.
D: is FIXED (NTFS) - 338 GiB total, 227.032 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 9/16/2013 9:14:40 PM - Scheduled Checkpoint
RP69: 9/21/2013 8:35:03 AM - Revo Uninstaller's restore point - DC Universe Online
RP70: 9/25/2013 11:19:55 AM - Revo Uninstaller's restore point - WinZip Registry Optimizer
RP71: 9/29/2013 3:12:07 PM - Revo Uninstaller's restore point - WinZip Registry Optimizer
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Airfoil
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATK Hotkey
Audacity 2.0.2
Avatar Star
AVG 2014
AVG Security Toolbar
Bonjour
Call Of Cthulhu DCoTE
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CopyTrans Suite Remove Only
Counter-Strike: Global Offensive
CPUID CPU-Z 1.64.0
D3DX10
DAEMON Tools Lite
Diner Dash
DirectVobSub 2.41.7259 (5d3641a) Beta
DiskAid 5.47
DivX Setup
Dropbox
ffdshow (remove only)
FIFA 13
foobar2000 v1.2.1
Garena - BlackShot
Google Chrome
Google Update Helper
iPhoneNotes
iTunes
Java 7 Update 10
Java 7 Update 10 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.6.5 (64-bit)
K-Lite Codec Pack 9.6.5 (Full)
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
MyPublicWiFi 5.1
NewBlue Film Effects for Windows
Pando Media Booster
PCSX2 - Playstation 2 Emulator
Photo Common
Photo Gallery
PowerISO
QuickTime
Remote Mouse version 2.02
Revo Uninstaller 1.94
Skype™ 6.1
StarCraft II
Steam
swMSM
TeraCopy 2.27
Tunngle beta
Unity Web Player
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 10.0 (64-bit)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Yahoo! Messenger
YTD Video Downloader 4.5.1
.
==== Event Viewer Messages From Past Week ========
.
9/29/2013 4:04:19 PM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
9/29/2013 4:04:19 PM, Error: atikmdag [43029]  - Display is not active
9/29/2013 3:57:00 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:57:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/29/2013 3:57:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/29/2013 3:56:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/29/2013 3:56:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/29/2013 3:56:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/29/2013 3:56:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/29/2013 3:56:25 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 3:56:25 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 3:56:08 PM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
9/29/2013 3:16:58 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
9/29/2013 3:16:58 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/29/2013 3:10:07 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/29/2013 2:35:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
9/28/2013 7:38:02 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
9/25/2013 12:10:39 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{47896B7E-AE88-4026-B003-CC4CAA04A26B} because another computer on the network has the same name.  The server could not start.
9/25/2013 12:10:39 PM, Error: NetBT [4321]  - The name "NICOPC         :20" could not be registered on the interface with IP address 10.1.122.227. The computer with the IP address 169.254.199.107 did not allow the name to be claimed by this computer.
9/25/2013 12:10:39 PM, Error: NetBT [4321]  - The name "NICOPC         :0" could not be registered on the interface with IP address 10.1.122.227. The computer with the IP address 169.254.199.107 did not allow the name to be claimed by this computer.
9/24/2013 1:52:17 PM, Error: Ntfs [137]  - The default transaction resource manager on volume G: encountered a non-retryable error and could not start.  The data contains the error code.
.
==== End Of File ===========================
Link to post
Share on other sites

Hello SmileeFace and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites

Greetings Borislav and Thank you for responding

 

Hmm, after I've read the articles, I'm pretty sure I'd just want a complete reformat and reinstall. But I really need instructions on backing up my data on an uninfected ext HDD. I have some pretty important schoolwork in my drives and I need to preserve them.

My initial thinking was if we cleaned my PC, it would be safer to transfer files to a storage device.

We can both save time and effort because I was planning to do a reformat and reinstall anyway, I just couldn't back the files up because i'm scared.

thanks!

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.