Jump to content

Unable to scan or update Malware Bytes.

Jimmyhunter1000
 Share

Recommended Posts

Jimmyhunter1000

Jimmyhunter1000

Posted
Posted

Upon start up, I get an error about "wserver.exe has failed to launch". I'm also unable to update my Malware Bytes to the point reinstalling it via Chameleon gives me a non-updated version, with the checking for updates screen instantly finishing and not updating.  The "Check for updates" button is disabled, and attempting to scan by any means gives me "Run-type error "13". The current version is v0.00.00.00 with no way to update it. I'm really worried I did something potentially bad here.

Link to post
Share on other sites
Jimmyhunter1000

Jimmyhunter1000

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.5.1
Run by Jimmyhunter at 0:08:59 on 2014-03-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6142.4257 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\Windows Server\wserver.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UTSCSI.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\svchost.exe -k netsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Jimmyhunter\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uWinlogon: Shell = explorer.exe,"C:\Windows\SysWOW64\Windows Server\wserver.exe"
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\JIMMYH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk -
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{442083C3-24BC-4B5E-8F26-2B801AB07728} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{442083C3-24BC-4B5E-8F26-2B801AB07728}\0596A6F616E675962756C65637 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{442083C3-24BC-4B5E-8F26-2B801AB07728}\84F4D454D293542323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{442083C3-24BC-4B5E-8F26-2B801AB07728}\C696E6B6379737 : DHCPNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{89B713BA-2F54-41A5-9427-55A6A2CAB306} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{89B713BA-2F54-41A5-9427-55A6A2CAB306}\0596A6F616E675962756C65637 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{89B713BA-2F54-41A5-9427-55A6A2CAB306}\14F4A49343 : DHCPNameServer = 192.168.1.1 71.243.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
IFEO: AvastSvc.exe - nqij.exe
IFEO: AvastUI.exe - nqij.exe
IFEO: avcenter.exe - nqij.exe
IFEO: avconfig.exe - nqij.exe
IFEO: avgcsrvx.exe - nqij.exe
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll



x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: AvastSvc.exe - nqij.exe
x64-IFEO: AvastUI.exe - nqij.exe
x64-IFEO: avcenter.exe - nqij.exe
x64-IFEO: avconfig.exe - nqij.exe
x64-IFEO: avgcsrvx.exe - nqij.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-20 8704]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-9 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-9 15129376]
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [2011-6-23 529024]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-2-23 411936]
R3 AM10;Cisco AM10 Driver;C:\Windows\System32\drivers\am10w7.sys [2010-5-14 1101600]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2011-7-31 15896]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-7-31 327576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-11 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-2-3 49152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-11 111616]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-12 18360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-18 59392]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2013-5-6 29696]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2013-5-6 36864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-23 1255736]
SUnknown vpoztluj;vpoztluj; [x]
.
=============== Created Last 30 ================
.
2014-03-02 04:51:58    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 04:12:14    --------    d-sh--w-    C:\Windows\SysWow64\Windows Server
2014-03-02 04:11:40    --------    d-----w-    C:\Users\Jimmyhunter\AppData\Roaming\MultiBit
2014-03-02 04:11:12    --------    d-----w-    C:\Program Files (x86)\MultiBit-0.5.16
2014-02-24 04:53:59    599840    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-02-24 04:49:54    9690424    ----a-w-    C:\Windows\SysWow64\nvopencl.dll
2014-02-24 04:49:54    863520    ----a-w-    C:\Windows\SysWow64\NvIFR.dll
2014-02-24 04:49:54    844576    ----a-w-    C:\Windows\SysWow64\NvFBC.dll
2014-02-24 04:49:53    9728064    ----a-w-    C:\Windows\SysWow64\nvcuda.dll
2014-02-24 04:49:53    2956576    ----a-w-    C:\Windows\SysWow64\nvcuvid.dll
2014-02-24 04:49:53    2410784    ----a-w-    C:\Windows\SysWow64\nvcuvenc.dll
2014-02-24 04:49:52    17560352    ----a-w-    C:\Windows\SysWow64\nvcompiler.dll
2014-02-21 00:44:13    17858952    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-16 20:29:52    --------    d-----w-    C:\Program Files (x86)\PFPortChecker
2014-02-12 04:59:34    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-11 23:11:45    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-11 23:11:44    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-11 23:11:36    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-02-11 23:11:36    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-11 18:45:14    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-02-03 23:08:26    --------    d-----w-    C:\Program Files (x86)\Common Files\BattlEye
2014-02-03 23:00:46    --------    d-----w-    C:\Users\Jimmyhunter\AppData\Local\DayZ
2014-02-03 21:57:10    --------    d-----w-    C:\Users\Jimmyhunter\AppData\Local\EdgeOfReality
.
==================== Find3M  ====================
.
.
============= FINISH:  0:09:17.84 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2011 8:31:11 PM
System Uptime: 3/1/2014 11:41:09 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0N826N
Processor: Intel® Core2 Duo CPU     E6550  @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 79.151 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP371: 2/21/2014 9:01:06 PM - Windows Update
RP372: 2/25/2014 1:02:43 AM - Windows Update
RP373: 2/28/2014 6:46:37 AM - Windows Update
RP374: 3/1/2014 11:34:33 PM - Windows Update
.
==== Image File Execution Options =============
.
IFEO: AvastSvc.exe - nqij.exe
IFEO: AvastUI.exe - nqij.exe
IFEO: avcenter.exe - nqij.exe
IFEO: avconfig.exe - nqij.exe
IFEO: avgcsrvx.exe - nqij.exe
IFEO: avgidsagent.exe - nqij.exe
IFEO: avgnt.exe - nqij.exe
IFEO: avgrsx.exe - nqij.exe
IFEO: avguard.exe - nqij.exe
IFEO: avgui.exe - nqij.exe
IFEO: avgwdsvc.exe - nqij.exe
IFEO: avp.exe - nqij.exe
IFEO: avscan.exe - nqij.exe
IFEO: bdagent.exe - nqij.exe
IFEO: ccuac.exe - nqij.exe
IFEO: ComboFix.exe - nqij.exe
IFEO: egui.exe - nqij.exe
IFEO: hijackthis.exe - nqij.exe
IFEO: instup.exe - nqij.exe
IFEO: keyscrambler.exe - nqij.exe
IFEO: mbampt.exe - nqij.exe
IFEO: mbamscheduler.exe - nqij.exe
IFEO: MpCmdRun.exe - nqij.exe
IFEO: MSASCui.exe - nqij.exe
IFEO: MsMpEng.exe - nqij.exe
IFEO: msseces.exe - nqij.exe
IFEO: rstrui.exe - nqij.exe
IFEO: spybotsd.exe - nqij.exe
IFEO: wireshark.exe - nqij.exe
IFEO: zlclient.exe - nqij.exe
x64-IFEO: AvastSvc.exe - nqij.exe
x64-IFEO: AvastUI.exe - nqij.exe
x64-IFEO: avcenter.exe - nqij.exe
x64-IFEO: avconfig.exe - nqij.exe
x64-IFEO: avgcsrvx.exe - nqij.exe
x64-IFEO: avgidsagent.exe - nqij.exe
x64-IFEO: avgnt.exe - nqij.exe
x64-IFEO: avgrsx.exe - nqij.exe
x64-IFEO: avguard.exe - nqij.exe
x64-IFEO: avgui.exe - nqij.exe
x64-IFEO: avgwdsvc.exe - nqij.exe
x64-IFEO: avp.exe - nqij.exe
x64-IFEO: avscan.exe - nqij.exe
x64-IFEO: bdagent.exe - nqij.exe
x64-IFEO: ccuac.exe - nqij.exe
x64-IFEO: ComboFix.exe - nqij.exe
x64-IFEO: egui.exe - nqij.exe
x64-IFEO: hijackthis.exe - nqij.exe
x64-IFEO: instup.exe - nqij.exe
x64-IFEO: keyscrambler.exe - nqij.exe
x64-IFEO: mbampt.exe - nqij.exe
x64-IFEO: mbamscheduler.exe - nqij.exe
x64-IFEO: MpCmdRun.exe - nqij.exe
x64-IFEO: MSASCui.exe - nqij.exe
x64-IFEO: MsMpEng.exe - nqij.exe
x64-IFEO: msseces.exe - nqij.exe
x64-IFEO: rstrui.exe - nqij.exe
x64-IFEO: spybotsd.exe - nqij.exe
x64-IFEO: wireshark.exe - nqij.exe
x64-IFEO: zlclient.exe - nqij.exe
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
8500A909_BasicWeb
8500A909_Help_BasicWeb
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AIM 7
Antichamber
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Audiosurf
Batman: Arkham Asylum GOTY Edition
BIT.TRIP VOID
Bitcoin
Bleed
Bonjour
Borderlands 2
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Cisco Valet Connector
Civ3 Conquests v1.22 Full
Civilization III
Civilization III - Play the World v1.27F
Civilization III Play the World
Civilization III: Conquests
Counter-Strike: Source
CPUID HWMonitor 1.21
Cry of Fear
Dark Souls: Prepare to Die Edition
DayZ
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
Dual-Core Optimizer
Dwarfs F2P
Entropia Universe
f.lux
FCEUX 2.1.5
FTL: Faster Than Light
Garry's Mod
GeForce Experience NvStream Client Components
Google Earth Plug-in
Google Update Helper
Half-Life
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hi-Rez Studios Authenticate and Update Service
HP Officejet Pro 8500 A909 Series
Intel® Graphics Media Accelerator Driver
Jade Empire: Special Edition
Java Auto Updater
Java 6 Update 31
Java 7 Update 1 (64-bit)
Java 7 Update 5
JavaFX 2.1.1
Kega Fusion 3.64
Killing Floor
League of Legends
Left 4 Dead 2
LG VZW United Drivers
Loadout
Logitech Webcam Software
Logitech Webcam Software Driver Package
Lost Planet 2
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Moonbase Alpha
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiBit 0.5.16
My Game Long Name
Natural Selection 2
Network64
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 334.89
NVIDIA 3D Vision Driver 334.89
NVIDIA Control Panel 334.89
NVIDIA GeForce Experience 1.8.1
NVIDIA Graphics Driver 334.89
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OpenAL
Overwolf
Overwolf.Setup.VC100CRTx64.Dist
Pando Media Booster
PAYDAY 2
PAYDAY: The Heist
PFPortChecker 1.0.39
Poker Night at the Inventory
Populous MatchMaker
Populous: The Beginning
Populous: Undiscovered Worlds - Patch
Portal 2
Portal 2 Publishing Tool
puush
Python 2.7.5 (64-bit)
QuickTime
RuneScape Launcher 1.2.3
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
SHIELD Streaming
Sid Meier's Civilization V - Game of the Year Edition
Skype™ 5.10
Source SDK Base 2006
Star Wars - Battlefront II
StarCraft II
Steam
Super Puzzle Platformer Deluxe
Team Fortress 2
TeamSpeak 3 Client
TERA
Terraria
The Mighty Quest For Epic Loot version 1.219367
Toolbox
Torchlight II
Tribes Ascend Closed Beta
Tribes: Ascend
Tweaking.com - Windows Repair (All in One)
UltraISO Premium V9.36
Universe Sandbox
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Ventrilo Client for Windows x64
VLC media player 1.1.10
Warcraft III
WebReg
Windows Live ID Sign-in Assistant
WinRAR 4.01 (32-bit)
World of Warcraft
Worms Revolution
Xfire (remove only)
XSplit Broadcaster
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZSNESw 1.51
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 4:24:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.167.838.0).
3/1/2014 11:41:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
3/1/2014 11:41:39 PM, Error: Service Control Manager [7003]  - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
3/1/2014 11:41:39 PM, Error: Service Control Manager [7003]  - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
3/1/2014 11:41:39 PM, Error: Service Control Manager [7001]  - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/1/2014 11:33:55 PM, Error: Service Control Manager [7034]  - The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
3/1/2014 11:18:34 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.
3/1/2014 11:15:52 PM, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  Access is denied.
3/1/2014 11:15:52 PM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  Access is denied.
3/1/2014 11:12:21 PM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
3/1/2014 11:12:21 PM, Error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
2/27/2014 8:17:31 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:32 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:31 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:31 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:31 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/27/2014 8:15:31 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 8:15:31 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/27/2014 10:25:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.167.566.0).
2/24/2014 5:18:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.167.317.0).
.
==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Jimmyhunter1000 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

Ask Toolbar

Ask Toolbar Updater

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
Jimmyhunter1000

Jimmyhunter1000

Posted
  • Author
Posted

Indeed I would like to move forward so maybe we can get this rolling.

 

Step one: No issues, removed both without any errors.

 

Step two: I am unable to run Combofix.exe I get an error message. "Windows cannot find 'C:\Users\Jimmyhunter\Desktop\ComboFix.exe'. Make sure you type the name correctly, and then try again" I have ComboFix on my desktop while trying this as well.

Link to post
Share on other sites
Jimmyhunter1000

Jimmyhunter1000

Posted
  • Author
Posted

Here's the log from running Combofix:

 

ComboFix 14-02-24.02 - Jimmyhunter 03/02/2014  12:01:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6142.4357 [GMT -5:00]
Running from: c:\users\Jimmyhunter\Desktop\ComboFi.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-02 to 2014-03-02  )))))))))))))))))))))))))))))))
.
.
2014-03-02 17:14 . 2014-03-02 17:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-02 06:19 . 2014-03-02 06:19    --------    d-----w-    c:\users\Jimmyhunter\AppData\Roaming\Search Protection
2014-03-02 05:37 . 2014-03-02 05:53    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-02 05:37 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-02 04:35 . 2014-03-02 04:44    --------    d-----w-    c:\windows\system32\MRT
2014-03-02 04:12 . 2014-03-02 04:12    --------    d-sh--w-    c:\windows\SysWow64\Windows Server
2014-03-02 04:11 . 2014-03-02 04:13    --------    d-----w-    c:\users\Jimmyhunter\AppData\Roaming\MultiBit
2014-03-02 04:11 . 2014-03-02 04:11    --------    d-----w-    c:\program files (x86)\MultiBit-0.5.16
2014-02-24 04:54 . 2014-02-24 04:54    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-02-24 04:53 . 2014-02-08 16:18    599840    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-02-21 00:44 . 2014-02-21 00:44    17858952    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-16 20:29 . 2014-02-16 20:29    --------    d-----w-    c:\program files (x86)\PFPortChecker
2014-02-12 04:59 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-12 04:59 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-02-11 23:11 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-11 23:11 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-11 23:11 . 2013-12-06 02:30    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-11 23:11 . 2013-12-06 02:02    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-11 23:11 . 2013-12-24 23:09    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-02-11 23:11 . 2013-12-24 22:48    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-11 23:11 . 2013-11-26 08:16    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-02-11 23:11 . 2013-11-22 22:48    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-11 18:45 . 2013-12-05 08:42    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-02-11 18:45 . 2013-12-05 08:42    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-02-03 23:08 . 2014-02-03 23:08    --------    d-----w-    c:\program files (x86)\Common Files\BattlEye
2014-02-03 23:00 . 2014-02-03 23:08    --------    d-----w-    c:\users\Jimmyhunter\AppData\Local\DayZ
2014-02-03 21:57 . 2014-02-03 21:57    --------    d-----w-    c:\users\Jimmyhunter\AppData\Local\EdgeOfReality
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 00:44 . 2012-06-10 03:35    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 00:44 . 2011-06-24 01:48    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-08 18:34 . 2013-12-10 23:23    23683360    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-02-08 18:34 . 2013-07-02 02:04    15740232    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2013-06-02 03:43    14669032    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2012-10-11 02:23    3090184    ----a-w-    c:\windows\system32\nvapi64.dll
2014-02-08 18:34 . 2012-10-11 02:23    18257576    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2012-10-11 02:22    2713728    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-02-08 17:42 . 2011-06-22 04:18    6712608    ----a-w-    c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2011-06-22 04:18    3498272    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2011-06-22 04:18    923936    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2011-06-22 04:18    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2011-06-22 04:18    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-01-27 14:58 . 2011-06-24 03:42    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-20 21:25 . 2013-12-20 21:25    98304    ----a-w-    c:\users\Jimmyhunter\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-12-20 21:25 . 2013-12-20 21:25    24576    ----a-w-    c:\users\Jimmyhunter\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-12-20 21:25 . 2013-12-20 21:25    1351680    ----a-w-    c:\users\Jimmyhunter\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-12-10 02:13 . 2013-12-10 00:20    982232    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-12-10 00:20    1100248    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-12-10 00:19    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"="c:\users\Jimmyhunter\AppData\Roaming\Search Protection\SearchProtection.EXE" [2014-02-20 840552]
"puush"="c:\program files (x86)\puush\puush.exe" [2013-08-01 567880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe;c:\program files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\DRIVERS\am10w7.sys;c:\windows\SYSNATIVE\DRIVERS\am10w7.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 00:44]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27 03:07]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27 03:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jimmyhunter\AppData\Roaming\Mozilla\Firefox\Profiles\cppmiaih.default\


FF - prefs.js: browser.search.selectedEngine - Yahoo!

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Jimmyhunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\UTSCSI.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2014-03-02  12:21:56 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-02 17:21
.
Pre-Run: 93,508,374,528 bytes free
Post-Run: 96,314,761,216 bytes free
.
- - End Of File - - EC5EE23B5829EBCA5119B7D507BA0EEC
A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
Jimmyhunter1000

Jimmyhunter1000

Posted
  • Author
Posted

So after a grueling 3 and a half hour scan, this is what was found:

 

C:\Program Files (x86)\Sid Meier's Civilization V\steam_api.dll    Win32/HackTool.Crack.CC potentially unsafe application    deleted - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\32b66c0e-6237aa2b    a variant of Java/Exploit.CVE-2010-0840.NAN trojan    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4c48bb8f-3a0ee217    a variant of Java/Exploit.CVE-2010-0840.NAN trojan    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\65322854-499a2de4    Java/Exploit.Agent.OOZ trojan    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\134bfa9-2764f17a    Java/Exploit.Agent.NQY trojan    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-462ae4d4    Java/TrojanDownloader.OpenStream.NCM trojan    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2dc8efef-40a71750    a variant of Java/TrojanDownloader.OpenStream.NCM trojan    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\eb89d30-2ae3c0fa    multiple threats    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3fe53bc9-30f2e9a1    multiple threats    cleaned by deleting - quarantined
C:\Users\Jimmyhunter\Downloads\guiminer7z.exe    a variant of MSIL/Injector.CVO trojan    cleaned by deleting - quarantined
C:\Windows\System32\Windows Server\wserver.exe    a variant of MSIL/Injector.CVO trojan    cleaned by deleting (after the next restart) - quarantined
C:\Windows\SysWOW64\Windows Server\wserver.exe    a variant of MSIL/Injector.CVO trojan    cleaned by deleting (after the next restart) - quarantined
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa
Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites
Jimmyhunter1000

Jimmyhunter1000

Posted
  • Author
Posted

After detecting a bunch of stuff, with one requiring a restart, here is the results.

 

Status: Deleted   (events: 9)    
3/4/2014 9:48:37 AM    Deleted    Trojan program Trojan.Win64.Agent.by    C:\Documents and Settings\Jimmyhunter\AppData\Local\Temp\svftfjs\sqcwypr\wow64.dll    High    
3/4/2014 9:48:12 AM    Deleted    Trojan program Trojan.Win32.Crypt.pfj    C:\Documents and Settings\Jimmyhunter\AppData\Local\Temp\svftfjs\sqcwypr\wow.dll    High    
3/4/2014 9:48:21 AM    Deleted    Trojan program HEUR:Exploit.Script.Generic    C:\Documents and Settings\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7ff2a192-430e28d0    High    
3/4/2014 9:48:48 AM    Deleted    Trojan program HEUR:Exploit.Java.Generic    C:\Documents and Settings\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\549e2314-68d25719    High    
3/4/2014 9:52:16 AM    Deleted    Trojan program HEUR:Exploit.Script.Generic    C:\Documents and Settings\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5e41f66f-5918b0cc    High    
3/4/2014 9:52:21 AM    Deleted    Trojan program HEUR:Exploit.Script.Generic    C:\Documents and Settings\Jimmyhunter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\b14903e-4e8d9566    High    
3/4/2014 1:38:26 PM    Deleted    Trojan program HEUR:Trojan.Script.Iframer    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AI3IVYRS\zonepub[1].htm    High    
3/4/2014 1:40:52 PM    Deleted    Trojan program HEUR:Trojan.Script.Iframer    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYMGFYFM\afrCA6U9YDY.htm    High    
3/4/2014 1:57:51 PM    Deleted    Trojan program Trojan-Spy.MSIL.KeyLogger.ahja    C:\Windows\SysWOW64\Windows Server\wserver.exe    High    
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.