TechSpot

Crypt.exe among other viruses

Inactive-A
By Calum Shennan
Aug 24, 2013
  1. I'm usually quite safe with torrents, but I became over-eager when I saw a certain one and downloaded it without properly reading the comments. It contained a virus and now my computer is infected.

    I'd like to state as a heads up, there is no possible way for me to reformat. I've looked into it many times.

    I scanned with AVG and Malwarebytes, they both found infected files and "removed" them. But when I did another AVG scan, it found more infected files of the same natures, trojans.

    I noticed all 4 of my CPUs were at 100% and checked my processes to see what was throttling it, it was a single process named Crypt.exe, I didn't even need to google it to know that it was a virus.

    I've "removed" the viruses several times with AVG but Crypt.exe is still there, I can't find it anyway on my computer!

    Please help asap, the most impacting effect of the virus is that it's making installations incredibly slow.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    How fun. I left my computer on over night to perform the malwarebytes scan, and the viruses must have multiplied. MWB found 36.

    And, I couldn't actually use any internet browsers or applications until I shut down a process named service.exe. This is getting bad :[

    *Cringe*
    My computer's a mess.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7502
    Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 912 GiB total, 126.381 GiB free.
    D: is FIXED (FAT32) - 20 GiB total, 9.215 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Avnex Virtual Audio Device
    Device ID: ROOT\MEDIA\0002
    Manufacturer: AVNEX Ltd.
    Name: Avnex Virtual Audio Device
    PNP Device ID: ROOT\MEDIA\0002
    Service: VCSVADHWSer
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MTP Device
    Device ID: ROOT\WPD\0000
    Manufacturer: (Standard MTP-Compliant Device)
    Name: MTP Device
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    4Videosoft MKV Video Converter
    7-Zip 4.65 (x64 edition)
    7 Days to Die - Alpha version 0.9.1
    A Valley Without Wind
    ACE COMBAT ASSAULT HORIZON Enhanced Edition
    Ace of Spades
    Acrobat.com
    Active Desktop Calendar 7.93
    Active@ UNDELETE
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Manager
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS
    Adobe Photoshop CS3
    Adobe Reader 9.1
    Adobe Setup
    Adobe Shockwave Player 12.0
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Combat Tracker (remove only)
    Advanced DVD Player
    Age of Empires III
    AIM Toolbar
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Alan Wake
    Alan Wake's American Nightmare
    Alien Swarm
    Alpha Protocol
    Amnesia - The Dark Descent
    And Yet It Moves
    Any Video Converter 3.3.8
    APB Reloaded
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcaniA - Gothic 4
    ArcaniA - Gothic 4 Hotfix
    ArmA 2 Free Uninstall
    Ask Toolbar
    Assassin's Creed Brotherhood
    Audacity 2.0
    Audiosurf
    Auto Click 2.1
    Auto Clicker v1.1
    AV Voice Changer Software DIAMOND 6.0
    AVG Free 9.0
    AVG SafeGuard toolbar
    AVI ReComp 1.5.2
    AviSynth 2.5
    Baldur's Gate(TM) II - Throne of Bhaal (TM)
    Bamboo
    Bamboo Dock
    Bandisoft MPEG-1 Decoder
    Bastion
    Batman Arkham City version 1.0
    Batman: Arkham Asylum
    Battlefield Play4Free
    Battlefield: Bad Company 2
    Battlestations: Midway
    BattlEye (A2Free) Uninstall
    BattlEye for OA Uninstall
    Beat Hazard
    BioShock
    Black & WhiteR 2
    Blacklight: Retribution
    Bonjour
    Bontago
    Borderlands 2
    Brink
    BS.Player FREE
    BTHomeHub
    Cain & Abel v4.9.39
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Cave Story+
    championBuilder v0.4.0
    Champions Online
    Champions Online: Free For All
    Cheat Engine 6.1
    Chivalry: Medieval Warfare
    City Car Driving 1.2.2
    City of Villains/City of Heroes (remove only)
    Cogs
    Combat Arms EU
    Community Expansion Pack version 1.01b
    Convert AVI to MP4 1.3
    Cool Timer 4.9.1
    Counter-Strike: Global Offensive
    Counter-Strike: Source
    Crayon Physics Deluxe
    CrimeCraft
    Crusader Kings II
    Crysis WARHEAD(R)
    CrysisR 2
    Cucusoft iPod Video Converter 8.08
    Cucusoft Ultimate DVD + Video Converter Suite 8.3.8.3
    Curse Client
    CyberLink LabelPrint
    CyberLink MediaShow
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 9
    CyberLink PowerDVD Copy
    CyberLink PowerProducer
    DAEMON Tools Lite
    DARK
    Darksiders II
    DarkSpace 1.527
    dBpowerAMP Music Converter
    DC Universe Online
    Dead Rising 2
    Dear Esther
    Deer Hunter - The 2005 Season
    Defraggler
    Demolition Company
    Deus Ex - Human Revolution version 1.0
    Devil May Cry 3 Special Edition
    Diablo II
    Digital Media Converter Pro 3.2
    Dino D-Day
    Dishonored
    DiskPie 2.1
    DivX Setup
    Download Updater (AOL LLC)
    Dragon Age: Origins
    Driver San Francisco
    Driver Sweeper 2.1.0
    Driving Test Success - The Complete Theory Test (2010-2011) (Up
    Dungeon Keeper 2
    DUNGEONS
    EA Download Manager
    EasyBits GO
    Elsword
    Endless.Space
    Evochron Mercenary
    Explorer Suite III
    F.E.A.R. Plantinum
    Fable - The Lost Chapters
    Facade
    Fake Webcam 6.1.3
    Fallen Earth
    Fallout Mod Manager 0.10.2
    Fallout Mod Manager 0.13.21
    Fallout New Vegas
    Family Project v1.0
    Far Cry 3
    Fate/stay night
    FINAL FANTASY VII
    FLV Player 2.0 (build 25)
    FLV to MP4 Converter 2009.2.20
    foobar2000 v1.2.3
    Forge
    Fraps (remove only)
    Free FLAC to MP3 Converter 1.0
    Free M4a to MP3 Converter 8.0
    Free Mouse Auto Clicker 2.8.2
    FreeArc 0.666
    From Dust
    Frozen Synapse
    Futuremark SystemInfo
    G-Senjou no Maou English
    Game of Thrones version 1.0.0.0
    GameCommanderPro 2.0.2.04
    GameShadow
    GameSpy Arcade
    Garry's Mod
    Garry's Mod 10 Dedicated Server
    GIMP 2.6.6
    GoldWave v5.20
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Translator
    Google Update Helper
    GoToAssist Corporate
    Grand Theft Auto
    Gratuitous Space Battles
    Guild Wars
    Guild Wars 2
    Half-Life Dedicated Server Update Tool
    Hammerfight
    HandBrake 0.9.8
    Harry Potter and the Deathly Hallows? - Part 1
    Hi-Rez Studios Games
    HijackThis 2.0.2
    Hitman Absolution
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    ijji - Gunz
    ijji REACTOR
    ILLUSION SchoolMate
    Internet Explorer Theme Manager (1.1.3)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 13 (64-bit)
    Java(TM) 6 Update 22
    Java(TM) 6 Update 30
    Junk Mail filter update
    K-Lite Codec Pack 7.6.0 (Basic)
    Katawa Shoujo
    Killing Floor
    Kingdoms of Amalur Reckoning
    Krater
    Kuros
    L.A. Noire
    League of Legends
    LightScribe System Software
    lightshot-4.4.2.0
    LimeWire 5.1.3
    LOCO EU
    MabinogiEU
    Magicka
    Malwarebytes Anti-Malware version 1.75.0.1300
    ManyCam 2.4 (remove only)
    Martial Empires
    MCE Software Encoder 1.1
    Media Player Classic - Home Cinema v1.5.0.2827 x64
    Medieval II Total War
    Men of War: Assault Squad (Remove Only)
    Messenger Plus! Live
    Metro: Last Light (c) Deep Silver version 1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Corporation
    Microsoft Flight
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Halo
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Office XP Professional with FrontPage
    Microsoft Reader
    Microsoft Silverlight
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    MilkShape 3D 1.8.5
    mIRC
    Mirror's Edge?
    MoodTuner
    Moon Breakers
    Morrowind
    MotoGP(TM)13
    Mount & Blade: Warband
    Mount & Blade: With Fire and Sword
    Mount&Blade
    MountMusket Battalion
    Mozilla Firefox 22.0 (x86 en-US)
    Mozilla Firefox 4.0b12 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mumble 1.2.3
    My Screen Recorder Pro 2.3
    Need for Speed(TM) Hot Pursuit
    NetLimiter 2 Monitor (remove only)
    Neverwinter Nights
    Neverwinter Nights 2
    Nexon Game Manager
    Nexus Mod Manager
    NightSky
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 310.90
    NVIDIA 3D Vision Driver 310.90
    NVIDIA Control Panel 310.90
    NVIDIA Graphics Driver 310.90
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA Performance Drivers
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Oblivion
    Oblivion - Horse Armor Pack
    Oblivion - Knights of the Nine
    Oblivion - Mehrunes Razor
    Oblivion - Orrery
    Oblivion - Spell Tomes
    Oblivion - Thieves Den
    Oblivion - Vile Lair
    Oblivion mod manager 1.1.12
    OpenAL
    OpenOffice.org 3.3
    Opera 12.12
    Paint.NET v3.36
    Pale Moon 20.2.1 (x86 en-US)
    Pando Media Booster
    PAYDAY: The Heist
    PCSX2 - Playstation 2 Emulator
    Pcsx2 0.9.6
    PDF Settings
    Performance Platform Voguecash
    PFConfig 1.0.296
    PFPortChecker 1.0.39
    Plants vs. Zombies
    Project Blackout
    Prototype(TM)
    Proun
    PTFB Pro 3.6.0.1
    PunkBuster Services
    QuickTime
    Rakion International
    Random Mouse Clicker version 1.0
    RAR Password Unlocker 3.2.0.1
    Rayman Origins
    Real Kanojo
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Red Faction
    Red Faction Armageddon
    Red Faction Guerrilla
    Red Faction: Armageddon
    Red Orchestra 2: Heroes of Stalingrad
    Remember Me
    Reus
    RIFT
    RIFT?
    Risen 2 Dark Waters
    Riva FLV Encoder 2.0
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Roblox
    Rogue Legacy version 0.0.0.9
    Rusty Hearts
    Saints Row IV
    Saints Row. The Third 1.0
    San Andreas Mod Installer
    SCHOOLDAYS HQ
    Scribblenauts Unlimited
    SecondLifeViewer2 (remove only)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
    SequoiaView
    Shadowrun Returns
    Shank
    Shogun - Total War - Warlord Edition
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 - Warlords
    SimAquarium
    Simple Port Forwarding
    Sir, You Are Being Hunted 1.00
    Sky-Banners browser enhancer
    Skype Click to Call
    Skype Trivia Bot (remove only)
    Skype? 5.8
    Sleeping Dogs?
    Sniper Elite V2
    SOL: Exodus
    Soldat 1.5.0
    Sony PC Companion 2.10.165
    SpaceChem
    SpaceMonger 2.1.1
    Spec Ops The Line
    SpeedFan (remove only)
    Spellforce 2: Gold Edition
    Spelunky
    Spelunky HD 1.0
    Split/Second
    SPORE?
    Spotify
    Spyware Doctor 7.0
    SQL Server System CLR Types
    Star Wars Jedi Knight Jedi Academy
    Steam
    Street-Ads Browser Enhancer
    Street Fighter X Tekken
    Subway Surfers 1.0
    Super Screen Capture 4.0
    System Requirements Lab
    System Requirements Lab CYRI
    TCPEye 1.0
    TeamSpeak 2 RC2
    TeamSpeak 3 Client
    Terraria
    TES Construction Set
    The Bureau: XCOM Declassified
    The Darkness II
    The Great White Destroyer Demo 1.3b
    The Guild 2
    The Guild II
    The Guild II - Pirates of the European Seas
    The Saboteur?
    The Settlers 7 - Paths to a Kingdom
    The Sims Medieval
    The Sims? 3
    The Sims? 3 Ambitions
    The Sims? 3 Create a Pattern Tool
    The Sims? 3 Create a World Tool - Beta
    The Sims? 3 High-End Loft Stuff
    The Sims? 3 Late Night
    The Sims? 3 World Adventures
    The Walking Dead (c) 3 version 1
    The War Z version alpha
    The Witcher 2 - Assassins of Kings
    There
    TightVNC 1.3.9
    Titan Quest
    Titan Quest: Immortal Throne
    Torchlight
    TRAUMA
    Trine 2
    Tunngle beta
    Tweaking.com - Windows Repair (All in One)
    Two Worlds II
    Ubisoft Game Launcher
    UltraVNC v1.0.2
    Unity Web Player
    Unlocker 1.9.0-x64
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Uplay
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    Videora iPod Converter 5.04
    Viewpoint Media Player
    Vincenzo's Admin Tools
    Vindictus
    Virtual Deck
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 2.0.2
    VNC Viewer 5.0.3
    VobSub 2.23
    VVVVVV
    War Thunder Launcher 1.0.1.252
    Warcraft III
    Warcraft III: All Products
    Warframe
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WeGame Client 2.2.2
    WinDirStat 1.1.2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Wings of Prey 1.0.3.2
    WinPcap 4.1.2
    WinRAR archiver
    WinZip 12.1
    Wisdom-soft Set up ScreenHunter 5.1 Free
    Wizard101(UK)
    World of Tanks
    World of Warcraft
    World of Warcraft Model Viewer
    World of Warcraft Public Test
    WTFast 1.63
    Xfire 2.0
    Xfire Codec (remove only)
    XfireXO Toolbar
    Xilisoft Video Converter Ultimate 6
    ZD Soft Screen Recorder 4.1.3.0
    Zwei-Stein Video Compositor 3.01 (Beta 2).
    μTorrent
    デュエルセイヴァージャスティス
    .
    ==== End Of File ===========================
     
  4. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    Now the DDS one.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_30
    Run by calum at 2:40:48 on 2013-08-26
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\vVX1000.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\calum\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
    C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe
    C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe
    C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\calum\AppData\Local\Apps\2.0\1R9N4E0X.M56\XW45C9GL.0TN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\conime.exe
    C:\Users\calum\AppData\Local\Temp\AppLunch\Eula.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\calum\AppData\Roaming\fvfos.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\SysWOW64\msiexec.exe
    C:\Windows\SysWOW64\svchost.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe
    C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
    C:\Program Files (x86)\real\realplayer\update\realsched.exe
    C:\Users\calum\AppData\Roaming\46wwx.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Users\calum\AppData\Local\Akamai\netsession_win.exe
    C:\Users\calum\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    mStart Page = hxxp://uk.yahoo.com
    mDefault_Page_URL = hxxp://uk.yahoo.com
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: XfireXO Toolbar: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
    TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
    uRun: [MSMSGS] "C:\Program Files (x86)\Messenger\Msmsgs.exe" /background
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [YVIBBBHA8C] C:\Users\calum\AppData\Local\Temp\Cfl.exe
    uRun: [M5T8QL3YW3] C:\Users\calum\AppData\Local\Temp\Cfl.exe
    uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
    uRun: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent
    uRun: [RandomMouseClicker] C:\Program Files (x86)\Random Mouse Clicker\RandomMouseClicker.exe :silent
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Akamai NetSession Interface] "C:\Users\calum\AppData\Local\Akamai\netsession_win.exe"
    uRun: [LightShot] C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    uRun: [Keyboard Inf.] C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe
    uRun: [Win Update] C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe
    uRun: [Reader] C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe
    uRun: [run] C:\filezilla2\process.exe
    uRun: [Service] C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe
    uRun: [Cleaner] C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe
    uRunOnce: [Standard Dynamic Printing Port Monitor] C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\HomeCinema\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [MDS_Menu] "C:\Program Files (x86)\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    mRun: [CLMLServer] "C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\HomeCinema\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [skb] rundll32 "apnzmkhn.dll",,Run
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BambooCore] "C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-R2HQB.exe" /REG /REGSVRMODE
    mExplorerRun: [53897] c:\progra~3\dxvtankxu.exe
    StartupFolder: C:\Users\calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\Users\calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\calum\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
    StartupFolder: C:\Users\calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:-33
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files (x86)\IECustomizer.com\IEButtons\SearchIECThemes.htm
    IE: {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes'
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files (x86)\IECustomizer.com\Tools\IETheme.exe
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{4F055F52-8EAE-4733-8243-507FC83E9848} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{661B2675-DB40-4C9B-8349-3F9FD3C2BF63} : DHCPNameServer = 7.254.254.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [VX1000] C:\Windows\vVX1000.exe
    x64-ExplorerRun: [53897] c:\progra~3\dxvtankxu.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\msmsgs.exe
    x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\
    FF - prefs.js: network.proxy.type - 2
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
    FF - component: C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\calum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - ExtSQL: 2013-08-02 17:26; jid1-QpHD8URtZWJC2A@jetpack; C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
    FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-6-19 282976]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-6-19 35664]
    R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-6-19 317520]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-3 45856]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-1 283200]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
    S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-6-23 12744]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\WordPad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-08-26 01:40:13712264----a-w-C:\Windows\is-R2HQB.exe
    2013-08-25 22:01:05692736----a-w-C:\Users\calum\AppData\Roaming\sy82g.exe
    2013-08-25 21:59:54692736--sh--r-C:\Users\calum\AppData\Roaming\46wwx.exe
    2013-08-25 13:00:14116224----a-w-C:\Users\calum\AppData\Roaming\0n9fh.exe
    2013-08-24 20:29:39152576--sh--r-C:\Users\calum\AppData\Roaming\fvfos.exe
    2013-08-21 00:47:4371048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-21 00:47:43692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-20 17:17:07282296----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2013-08-20 17:17:07282296----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2013-08-20 17:15:52215128----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2013-08-15 12:20:3745856----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2013-08-05 19:43:33181064----a-w-C:\Windows\PSEXESVC.EXE
    2013-06-01 00:07:19283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2011-01-20 04:55:34451279679----a-w-C:\Program Files (x86)\ProjectBlackout_Install.exe
    .
    ============= FINISH: 2:45:44.86 ===============
     
  5. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    And the malwarebytes one.
    I opened the log before I tried to remove the viruses, hence it says no action taken. But when I tried to remove the viruses.. It froze half way through. I've not closed the unresponding application yet though.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.04.07

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.19120
    calum :: ROOMPC [administrator]

    26/08/2013 02:49:18
    MBAM-log-2013-08-26 (13-01-43).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 1092172
    Time elapsed: 6 hour(s), 32 minute(s), 30 second(s)

    Memory Processes Detected: 1
    C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe (Backdoor.Agent) -> 4632 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D} (Adware.EZlife) -> No action taken.
    HKCR\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD} (Adware.EZLife) -> No action taken.
    HKCR\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B} (Adware.Adrotator) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yqjxlunnii (Adware.Adrotator) -> No action taken.
    HKCR\ididp (Trojan.Sasfis) -> No action taken.
    HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
    HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
    HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
    HKCU\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken.
    HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
    HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
    HKLM\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
    HKLM\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> No action taken.

    Registry Values Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YVIBBBHA8C (Trojan.FakeAlert) -> Data: C:\Users\calum\AppData\Local\Temp\Cfl.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Win Update (Backdoor.Agent) -> Data: C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe -> No action taken.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|M5T8QL3YW3 (Trojan.FakeAlert) -> Data: C:\Users\calum\AppData\Local\Temp\Cfl.exe -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|skb (Trojan.Agent.Gen) -> Data: rundll32 "apnzmkhn.dll",,Run -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls|AppSecDll (Trojan.Agent) -> Data: C:\Users\calum\AppData\Local\Windows Server\hcdqyx.dll -> No action taken.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\calum\AppData\Local\av.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

    Folders Detected: 3
    C:\Users\calum\AppData\Roaming\dclogs (Stolen.Data) -> No action taken.
    C:\Program Files (x86)\$NtUninstallWTF1012$ (Adware.EZLife) -> No action taken.
    C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

    Files Detected: 11
    C:\Program Files (x86)\Cain\Abel.exe (HackTool.Cain) -> No action taken.
    C:\Program Files (x86)\Cain\Abel64.exe (HackTool.Cain) -> No action taken.
    C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.
    C:\Program Files (x86)\HomeCinema\MediaShow4\subsys\BigBang\Runtime\MUITransfer\MUITransfer.dll (Trojan.Hiloti.Gen) -> No action taken.
    C:\Program Files (x86)\Space Pirates and Zombies\TDU.exe (Packer.ModifiedUPX) -> No action taken.
    C:\Users\calum\Downloads\XvidSetup.exe (Adware.Hotbar) -> No action taken.
    C:\Windows\System32\yqjxlunnii.exe (Adware.Adrotator) -> No action taken.
    C:\Users\calum\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
    C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
    C:\Users\calum\AppData\Roaming\dclogs\2013-08-25-1.dc (Stolen.Data) -> No action taken.
    C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe (Backdoor.Agent) -> No action taken.

    (end)
     
  6. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    Update: Since MWB virus remover had frozen, I started going through all the listed files and zapping them with Killbox.
    I noticed it had a program in it to auto-kill unwanted processes, I remembered the virus process stopping me from using the internet was a service.exe process. I, being the clever boy I am, decided to add services.exe to the autokill list, and was promptly met with a shutting down computer. I won't be doing that again lol.

    When I started the computer again with clenched teeth and crossed fingers, it booted up normally. I began trying to zap the files away again but it informed me for all of them that they didn't seem to exist. Which I'm assuming means MWB succeeded in its removal before the shutdown.

    I took a look at regedit to try and find the registry keys the MWB log indicated but I couldn't find how to get to the "HKCU" part at the start of the directory address.
     
  7. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    I'm also assuming it is currently very unsafe to attempt internet banking or entering passwords?
     
  8. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    Is there a way to safely enter a password though? I really need to.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    [​IMG] First of all you're not following my rules.
    You should re-read them.
    One of them says:
    Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

    [​IMG] Yes you should refrain from using any secure sites like banking online until your computer is clean.
    As a matter of fact since I can see pretty serious infection there you should use some other CLEAN computer and change all your sensitive passwords.

    [​IMG] Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  10. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    Roguekiller logs:



    RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : calum [Admin rights]
    Mode : Scan -- Date : 08/27/2013 11:07:21
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 6 ¤¤¤
    [SUSP PATH] Lightshot.exe -- C:\Users\calum\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe [7] -> KILLED [TermProc]
    [SUSP PATH] CurseClient.exe -- C:\Users\calum\AppData\Local\Apps\2.0\1R9N4E0X.M56\XW45C9GL.0TN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
    [SUSP PATH] usbmon.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe [-] -> KILLED [TermProc]
    [SUSP PATH] auditpol.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-] -> KILLED [TermProc]
    [SUSP PATH] Eula.exe -- C:\Users\calum\AppData\Local\Temp\AppLunch\Eula.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 23 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [FF][PROXY] dncrhr3a.default : user_pref("network.proxy.type", 2); -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
    --- User ---
    [MBR] 24546b09c74b6c841d1813050ee17ed2
    [BSP] f0fad741f6715f98fddcaa167c46e09e : Whistler/Sinowal.B MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 933384 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1911572480 | Size: 20482 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_S_08272013_110721.txt >>



    RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : calum [Admin rights]
    Mode : Remove -- Date : 08/27/2013 11:08:22
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 6 ¤¤¤
    [SUSP PATH] Lightshot.exe -- C:\Users\calum\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe [7] -> KILLED [TermProc]
    [SUSP PATH] CurseClient.exe -- C:\Users\calum\AppData\Local\Apps\2.0\1R9N4E0X.M56\XW45C9GL.0TN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
    [SUSP PATH] usbmon.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe [-] -> KILLED [TermProc]
    [SUSP PATH] auditpol.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-] -> KILLED [TermProc]
    [SUSP PATH] Eula.exe -- C:\Users\calum\AppData\Local\Temp\AppLunch\Eula.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 22 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKLM\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> [0x2] The system cannot find the file specified.
    [HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
    --- User ---
    [MBR] 24546b09c74b6c841d1813050ee17ed2
    [BSP] f0fad741f6715f98fddcaa167c46e09e : Whistler/Sinowal.B MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 933384 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1911572480 | Size: 20482 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_D_08272013_110822.txt >>
    RKreport[0]_S_08272013_110721.txt
     
  11. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    MBAM logs
    I tried removing the viruses and it froze midway through completion yet again. Though, last time this happened, it did remove the files despite freezing.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.27.03

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.19120
    calum :: ROOMPC [administrator]

    27/08/2013 11:09:30
    MBAM-log-2013-08-27 (11-57-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 293306
    Time elapsed: 47 minute(s), 43 second(s)

    Memory Processes Detected: 2
    C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe (Trojan.FakeMS) -> 4580 -> No action taken.
    C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe (Trojan.Backdoor) -> 5700 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Standard Dynamic Printing Port Monitor (Trojan.FakeMS) -> Data: C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Users\calum\AppData\Roaming\dclogs (Stolen.Data) -> No action taken.

    Files Detected: 11
    C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe (Trojan.FakeMS) -> No action taken.
    C:\Users\calum\Documents\Downloads\videora-ipod-503-setup.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\calum\Downloads\mirc717.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\calum\Downloads\PFPortChecker.exe (PUP.Optional.AskToolbar) -> No action taken.
    C:\Users\calum\Downloads\Setup (1).exe (PUP.Optional.IBryte.A) -> No action taken.
    C:\Users\calum\Downloads\SoftonicDownloader_for_internet-explorer.exe (PUP.Optional.Softonic) -> No action taken.
    C:\Users\calum\Downloads\SoftonicDownloader_for_microsoft-net-framework-repair-tool.exe (PUP.Optional.Softonic) -> No action taken.
    C:\Users\calum\Downloads\Unlocker1.9.0-x64.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\calum\Downloads\video-media-download_setup.exe (PUP.Downware) -> No action taken.
    C:\Users\calum\AppData\Roaming\dclogs\2013-08-27-3.dc (Stolen.Data) -> No action taken.
    C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe (Trojan.Backdoor) -> No action taken.

    (end)
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    It still says "No action taken".

    I also need MBAR logs.
     
  13. Calum Shennan

    Calum Shennan TS Rookie Topic Starter

    Whenever I try and remove the viruses, MBAM freezes. So the logs always say that.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Try to re-run it from Safe Mode.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Still with me?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.