Inactive-A Crypt.exe among other viruses

[Calum2290]

I'm usually quite safe with torrents, but I became over-eager when I saw a certain one and downloaded it without properly reading the comments. It contained a virus and now my computer is infected.

I'd like to state as a heads up, there is no possible way for me to reformat. I've looked into it many times.

I scanned with AVG and Malwarebytes, they both found infected files and "removed" them. But when I did another AVG scan, it found more infected files of the same natures, trojans.

I noticed all 4 of my CPUs were at 100% and checked my processes to see what was throttling it, it was a single process named Crypt.exe, I didn't even need to google it to know that it was a virus.

I've "removed" the viruses several times with AVG but Crypt.exe is still there, I can't find it anyway on my computer!

Please help asap, the most impacting effect of the virus is that it's making installations incredibly slow.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Calum2290]

How fun. I left my computer on over night to perform the malwarebytes scan, and the viruses must have multiplied. MWB found 36.

And, I couldn't actually use any internet browsers or applications until I shut down a process named service.exe. This is getting bad :[

*Cringe*
My computer's a mess.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7502
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 126.381 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 9.215 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Avnex Virtual Audio Device
Device ID: ROOT\MEDIA\0002
Manufacturer: AVNEX Ltd.
Name: Avnex Virtual Audio Device
PNP Device ID: ROOT\MEDIA\0002
Service: VCSVADHWSer
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MTP Device
Device ID: ROOT\WPD\0000
Manufacturer: (Standard MTP-Compliant Device)
Name: MTP Device
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4Videosoft MKV Video Converter
7-Zip 4.65 (x64 edition)
7 Days to Die - Alpha version 0.9.1
A Valley Without Wind
ACE COMBAT ASSAULT HORIZON Enhanced Edition
Ace of Spades
Acrobat.com
Active Desktop Calendar 7.93
Active@ UNDELETE
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Combat Tracker (remove only)
Advanced DVD Player
Age of Empires III
AIM Toolbar
Akamai NetSession Interface
Akamai NetSession Interface Service
Alan Wake
Alan Wake's American Nightmare
Alien Swarm
Alpha Protocol
Amnesia - The Dark Descent
And Yet It Moves
Any Video Converter 3.3.8
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcaniA - Gothic 4
ArcaniA - Gothic 4 Hotfix
ArmA 2 Free Uninstall
Ask Toolbar
Assassin's Creed Brotherhood
Audacity 2.0
Audiosurf
Auto Click 2.1
Auto Clicker v1.1
AV Voice Changer Software DIAMOND 6.0
AVG Free 9.0
AVG SafeGuard toolbar
AVI ReComp 1.5.2
AviSynth 2.5
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Bamboo
Bamboo Dock
Bandisoft MPEG-1 Decoder
Bastion
Batman Arkham City version 1.0
Batman: Arkham Asylum
Battlefield Play4Free
Battlefield: Bad Company 2
Battlestations: Midway
BattlEye (A2Free) Uninstall
BattlEye for OA Uninstall
Beat Hazard
BioShock
Black & WhiteR 2
Blacklight: Retribution
Bonjour
Bontago
Borderlands 2
Brink
BS.Player FREE
BTHomeHub
Cain & Abel v4.9.39
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Cave Story+
championBuilder v0.4.0
Champions Online
Champions Online: Free For All
Cheat Engine 6.1
Chivalry: Medieval Warfare
City Car Driving 1.2.2
City of Villains/City of Heroes (remove only)
Cogs
Combat Arms EU
Community Expansion Pack version 1.01b
Convert AVI to MP4 1.3
Cool Timer 4.9.1
Counter-Strike: Global Offensive
Counter-Strike: Source
Crayon Physics Deluxe
CrimeCraft
Crusader Kings II
Crysis WARHEAD(R)
CrysisR 2
Cucusoft iPod Video Converter 8.08
Cucusoft Ultimate DVD + Video Converter Suite 8.3.8.3
Curse Client
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink PowerDVD Copy
CyberLink PowerProducer
DAEMON Tools Lite
DARK
Darksiders II
DarkSpace 1.527
dBpowerAMP Music Converter
DC Universe Online
Dead Rising 2
Dear Esther
Deer Hunter - The 2005 Season
Defraggler
Demolition Company
Deus Ex - Human Revolution version 1.0
Devil May Cry 3 Special Edition
Diablo II
Digital Media Converter Pro 3.2
Dino D-Day
Dishonored
DiskPie 2.1
DivX Setup
Download Updater (AOL LLC)
Dragon Age: Origins
Driver San Francisco
Driver Sweeper 2.1.0
Driving Test Success - The Complete Theory Test (2010-2011) (Up
Dungeon Keeper 2
DUNGEONS
EA Download Manager
EasyBits GO
Elsword
Endless.Space
Evochron Mercenary
Explorer Suite III
F.E.A.R. Plantinum
Fable - The Lost Chapters
Facade
Fake Webcam 6.1.3
Fallen Earth
Fallout Mod Manager 0.10.2
Fallout Mod Manager 0.13.21
Fallout New Vegas
Family Project v1.0
Far Cry 3
Fate/stay night
FINAL FANTASY VII
FLV Player 2.0 (build 25)
FLV to MP4 Converter 2009.2.20
foobar2000 v1.2.3
Forge
Fraps (remove only)
Free FLAC to MP3 Converter 1.0
Free M4a to MP3 Converter 8.0
Free Mouse Auto Clicker 2.8.2
FreeArc 0.666
From Dust
Frozen Synapse
Futuremark SystemInfo
G-Senjou no Maou English
Game of Thrones version 1.0.0.0
GameCommanderPro 2.0.2.04
GameShadow
GameSpy Arcade
Garry's Mod
Garry's Mod 10 Dedicated Server
GIMP 2.6.6
GoldWave v5.20
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Translator
Google Update Helper
GoToAssist Corporate
Grand Theft Auto
Gratuitous Space Battles
Guild Wars
Guild Wars 2
Half-Life Dedicated Server Update Tool
Hammerfight
HandBrake 0.9.8
Harry Potter and the Deathly Hallows? - Part 1
Hi-Rez Studios Games
HijackThis 2.0.2
Hitman Absolution
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
ijji - Gunz
ijji REACTOR
ILLUSION SchoolMate
Internet Explorer Theme Manager (1.1.3)
iTunes
Java Auto Updater
Java(TM) 6 Update 13 (64-bit)
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Junk Mail filter update
K-Lite Codec Pack 7.6.0 (Basic)
Katawa Shoujo
Killing Floor
Kingdoms of Amalur Reckoning
Krater
Kuros
L.A. Noire
League of Legends
LightScribe System Software
lightshot-4.4.2.0
LimeWire 5.1.3
LOCO EU
MabinogiEU
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 2.4 (remove only)
Martial Empires
MCE Software Encoder 1.1
Media Player Classic - Home Cinema v1.5.0.2827 x64
Medieval II Total War
Men of War: Assault Squad (Remove Only)
Messenger Plus! Live
Metro: Last Light (c) Deep Silver version 1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft Flight
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
MilkShape 3D 1.8.5
mIRC
Mirror's Edge?
MoodTuner
Moon Breakers
Morrowind
MotoGP(TM)13
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mount&Blade
MountMusket Battalion
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Firefox 4.0b12 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
My Screen Recorder Pro 2.3
Need for Speed(TM) Hot Pursuit
NetLimiter 2 Monitor (remove only)
Neverwinter Nights
Neverwinter Nights 2
Nexon Game Manager
Nexus Mod Manager
NightSky
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Performance Drivers
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion mod manager 1.1.12
OpenAL
OpenOffice.org 3.3
Opera 12.12
Paint.NET v3.36
Pale Moon 20.2.1 (x86 en-US)
Pando Media Booster
PAYDAY: The Heist
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PDF Settings
Performance Platform Voguecash
PFConfig 1.0.296
PFPortChecker 1.0.39
Plants vs. Zombies
Project Blackout
Prototype(TM)
Proun
PTFB Pro 3.6.0.1
PunkBuster Services
QuickTime
Rakion International
Random Mouse Clicker version 1.0
RAR Password Unlocker 3.2.0.1
Rayman Origins
Real Kanojo
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Red Faction
Red Faction Armageddon
Red Faction Guerrilla
Red Faction: Armageddon
Red Orchestra 2: Heroes of Stalingrad
Remember Me
Reus
RIFT
RIFT?
Risen 2 Dark Waters
Riva FLV Encoder 2.0
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Roblox
Rogue Legacy version 0.0.0.9
Rusty Hearts
Saints Row IV
Saints Row. The Third 1.0
San Andreas Mod Installer
SCHOOLDAYS HQ
Scribblenauts Unlimited
SecondLifeViewer2 (remove only)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
SequoiaView
Shadowrun Returns
Shank
Shogun - Total War - Warlord Edition
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SimAquarium
Simple Port Forwarding
Sir, You Are Being Hunted 1.00
Sky-Banners browser enhancer
Skype Click to Call
Skype Trivia Bot (remove only)
Skype? 5.8
Sleeping Dogs?
Sniper Elite V2
SOL: Exodus
Soldat 1.5.0
Sony PC Companion 2.10.165
SpaceChem
SpaceMonger 2.1.1
Spec Ops The Line
SpeedFan (remove only)
Spellforce 2: Gold Edition
Spelunky
Spelunky HD 1.0
Split/Second
SPORE?
Spotify
Spyware Doctor 7.0
SQL Server System CLR Types
Star Wars Jedi Knight Jedi Academy
Steam
Street-Ads Browser Enhancer
Street Fighter X Tekken
Subway Surfers 1.0
Super Screen Capture 4.0
System Requirements Lab
System Requirements Lab CYRI
TCPEye 1.0
TeamSpeak 2 RC2
TeamSpeak 3 Client
Terraria
TES Construction Set
The Bureau: XCOM Declassified
The Darkness II
The Great White Destroyer Demo 1.3b
The Guild 2
The Guild II
The Guild II - Pirates of the European Seas
The Saboteur?
The Settlers 7 - Paths to a Kingdom
The Sims Medieval
The Sims? 3
The Sims? 3 Ambitions
The Sims? 3 Create a Pattern Tool
The Sims? 3 Create a World Tool - Beta
The Sims? 3 High-End Loft Stuff
The Sims? 3 Late Night
The Sims? 3 World Adventures
The Walking Dead (c) 3 version 1
The War Z version alpha
The Witcher 2 - Assassins of Kings
There
TightVNC 1.3.9
Titan Quest
Titan Quest: Immortal Throne
Torchlight
TRAUMA
Trine 2
Tunngle beta
Tweaking.com - Windows Repair (All in One)
Two Worlds II
Ubisoft Game Launcher
UltraVNC v1.0.2
Unity Web Player
Unlocker 1.9.0-x64
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Videora iPod Converter 5.04
Viewpoint Media Player
Vincenzo's Admin Tools
Vindictus
Virtual Deck
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 2.0.2
VNC Viewer 5.0.3
VobSub 2.23
VVVVVV
War Thunder Launcher 1.0.1.252
Warcraft III
Warcraft III: All Products
Warframe
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
WeGame Client 2.2.2
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Wings of Prey 1.0.3.2
WinPcap 4.1.2
WinRAR archiver
WinZip 12.1
Wisdom-soft Set up ScreenHunter 5.1 Free
Wizard101(UK)
World of Tanks
World of Warcraft
World of Warcraft Model Viewer
World of Warcraft Public Test
WTFast 1.63
Xfire 2.0
Xfire Codec (remove only)
XfireXO Toolbar
Xilisoft Video Converter Ultimate 6
ZD Soft Screen Recorder 4.1.3.0
Zwei-Stein Video Compositor 3.01 (Beta 2).
μTorrent
デュエルセイヴァージャスティス
.
==== End Of File ===========================

 

[Calum2290]

Now the DDS one.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_30
Run by calum at 2:40:48 on 2013-08-26
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\calum\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe
C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe
C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\calum\AppData\Local\Apps\2.0\1R9N4E0X.M56\XW45C9GL.0TN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\conime.exe
C:\Users\calum\AppData\Local\Temp\AppLunch\Eula.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\calum\AppData\Roaming\fvfos.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe
C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\real\realplayer\update\realsched.exe
C:\Users\calum\AppData\Roaming\46wwx.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\calum\AppData\Local\Akamai\netsession_win.exe
C:\Users\calum\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: XfireXO Toolbar: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi2.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
uRun: [MSMSGS] "C:\Program Files (x86)\Messenger\Msmsgs.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [YVIBBBHA8C] C:\Users\calum\AppData\Local\Temp\Cfl.exe
uRun: [M5T8QL3YW3] C:\Users\calum\AppData\Local\Temp\Cfl.exe
uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
uRun: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent
uRun: [RandomMouseClicker] C:\Program Files (x86)\Random Mouse Clicker\RandomMouseClicker.exe :silent
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] "C:\Users\calum\AppData\Local\Akamai\netsession_win.exe"
uRun: [LightShot] C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Keyboard Inf.] C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe
uRun: [Win Update] C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe
uRun: [Reader] C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe
uRun: [run] C:\filezilla2\process.exe
uRun: [Service] C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe
uRun: [Cleaner] C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe
uRunOnce: [Standard Dynamic Printing Port Monitor] C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\HomeCinema\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [MDS_Menu] "C:\Program Files (x86)\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [CLMLServer] "C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\HomeCinema\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\HomeCinema\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\HomeCinema\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [skb] rundll32 "apnzmkhn.dll",,Run
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BambooCore] "C:\Program Files (x86)\Bamboo Dock\BambooCore.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-R2HQB.exe" /REG /REGSVRMODE
mExplorerRun: [53897] c:\progra~3\dxvtankxu.exe
StartupFolder: C:\Users\calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\calum\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
StartupFolder: C:\Users\calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:-33
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {323AF0A7-690A-47D9-819B-348831CC7DC5} - C:\Program Files (x86)\IECustomizer.com\IEButtons\SearchIECThemes.htm
IE: {472A296E-D7C1-4A70-8511-5039B09EBDDB} - javascript:document.location='http://www.iecustomizer.com/iethemes'
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B9844E33-6201-47AA-B30A-BCA3363C2BFA} - C:\Program Files (x86)\IECustomizer.com\Tools\IETheme.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\calum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4F055F52-8EAE-4733-8243-507FC83E9848} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{661B2675-DB40-4C9B-8349-3F9FD3C2BF63} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [VX1000] C:\Windows\vVX1000.exe
x64-ExplorerRun: [53897] c:\progra~3\dxvtankxu.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files (x86)\Messenger\msmsgs.exe
x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\calum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-08-02 17:26; jid1-QpHD8URtZWJC2A@jetpack; C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; C:\Users\calum\AppData\Roaming\Mozilla\Firefox\Profiles\dncrhr3a.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2009-6-19 282976]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2009-6-19 35664]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2009-6-19 317520]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-3 45856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-1 283200]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-6-23 12744]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-08-26 01:40:13712264----a-w-C:\Windows\is-R2HQB.exe
2013-08-25 22:01:05692736----a-w-C:\Users\calum\AppData\Roaming\sy82g.exe
2013-08-25 21:59:54692736--sh--r-C:\Users\calum\AppData\Roaming\46wwx.exe
2013-08-25 13:00:14116224----a-w-C:\Users\calum\AppData\Roaming\0n9fh.exe
2013-08-24 20:29:39152576--sh--r-C:\Users\calum\AppData\Roaming\fvfos.exe
2013-08-21 00:47:4371048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 00:47:43692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-20 17:17:07282296----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-20 17:17:07282296----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-08-20 17:15:52215128----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2013-08-15 12:20:3745856----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2013-08-05 19:43:33181064----a-w-C:\Windows\PSEXESVC.EXE
2013-06-01 00:07:19283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2011-01-20 04:55:34451279679----a-w-C:\Program Files (x86)\ProjectBlackout_Install.exe
.
============= FINISH: 2:45:44.86 ===============

 

[Calum2290]

And the malwarebytes one.
I opened the log before I tried to remove the viruses, hence it says no action taken. But when I tried to remove the viruses.. It froze half way through. I've not closed the unresponding application yet though.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19120
calum :: ROOMPC [administrator]

26/08/2013 02:49:18
MBAM-log-2013-08-26 (13-01-43).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1092172
Time elapsed: 6 hour(s), 32 minute(s), 30 second(s)

Memory Processes Detected: 1
C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe (Backdoor.Agent) -> 4632 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D} (Adware.EZlife) -> No action taken.
HKCR\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD} (Adware.EZLife) -> No action taken.
HKCR\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B} (Adware.Adrotator) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yqjxlunnii (Adware.Adrotator) -> No action taken.
HKCR\ididp (Trojan.Sasfis) -> No action taken.
HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKCU\Software\SolutionAV (Rogue.AntivirSolutionPro) -> No action taken.
HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKLM\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKLM\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> No action taken.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YVIBBBHA8C (Trojan.FakeAlert) -> Data: C:\Users\calum\AppData\Local\Temp\Cfl.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Win Update (Backdoor.Agent) -> Data: C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|M5T8QL3YW3 (Trojan.FakeAlert) -> Data: C:\Users\calum\AppData\Local\Temp\Cfl.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|skb (Trojan.Agent.Gen) -> Data: rundll32 "apnzmkhn.dll",,Run -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls|AppSecDll (Trojan.Agent) -> Data: C:\Users\calum\AppData\Local\Windows Server\hcdqyx.dll -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\calum\AppData\Local\av.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

Folders Detected: 3
C:\Users\calum\AppData\Roaming\dclogs (Stolen.Data) -> No action taken.
C:\Program Files (x86)\$NtUninstallWTF1012$ (Adware.EZLife) -> No action taken.
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Files Detected: 11
C:\Program Files (x86)\Cain\Abel.exe (HackTool.Cain) -> No action taken.
C:\Program Files (x86)\Cain\Abel64.exe (HackTool.Cain) -> No action taken.
C:\Program Files (x86)\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.
C:\Program Files (x86)\HomeCinema\MediaShow4\subsys\BigBang\Runtime\MUITransfer\MUITransfer.dll (Trojan.Hiloti.Gen) -> No action taken.
C:\Program Files (x86)\Space Pirates and Zombies\TDU.exe (Packer.ModifiedUPX) -> No action taken.
C:\Users\calum\Downloads\XvidSetup.exe (Adware.Hotbar) -> No action taken.
C:\Windows\System32\yqjxlunnii.exe (Adware.Adrotator) -> No action taken.
C:\Users\calum\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\calum\AppData\Roaming\dclogs\2013-08-25-1.dc (Stolen.Data) -> No action taken.
C:\Users\calum\AppData\Local\Temp\Win Update\Win Update.exe (Backdoor.Agent) -> No action taken.

(end)

 

[Calum2290]

Update: Since MWB virus remover had frozen, I started going through all the listed files and zapping them with Killbox.
I noticed it had a program in it to auto-kill unwanted processes, I remembered the virus process stopping me from using the internet was a service.exe process. I, being the clever boy I am, decided to add services.exe to the autokill list, and was promptly met with a shutting down computer. I won't be doing that again lol.

When I started the computer again with clenched teeth and crossed fingers, it booted up normally. I began trying to zap the files away again but it informed me for all of them that they didn't seem to exist. Which I'm assuming means MWB succeeded in its removal before the shutdown.

I took a look at regedit to try and find the registry keys the MWB log indicated but I couldn't find how to get to the "HKCU" part at the start of the directory address.

 

[Calum2290]

I'm also assuming it is currently very unsafe to attempt internet banking or entering passwords?

 

[Calum2290]

Is there a way to safely enter a password though? I really need to.

 

[Broni]

First of all you're not following my rules.
You should re-read them.
One of them says:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Yes you should refrain from using any secure sites like banking online until your computer is clean.
As a matter of fact since I can see pretty serious infection there you should use some other CLEAN computer and change all your sensitive passwords.

Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Calum2290]

Roguekiller logs:



RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : calum [Admin rights]
Mode : Scan -- Date : 08/27/2013 11:07:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] Lightshot.exe -- C:\Users\calum\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe [7] -> KILLED [TermProc]
[SUSP PATH] CurseClient.exe -- C:\Users\calum\AppData\Local\Apps\2.0\1R9N4E0X.M56\XW45C9GL.0TN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
[SUSP PATH] usbmon.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe [-] -> KILLED [TermProc]
[SUSP PATH] auditpol.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-] -> KILLED [TermProc]
[SUSP PATH] Eula.exe -- C:\Users\calum\AppData\Local\Temp\AppLunch\Eula.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 23 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] dncrhr3a.default : user_pref("network.proxy.type", 2); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 24546b09c74b6c841d1813050ee17ed2
[BSP] f0fad741f6715f98fddcaa167c46e09e : Whistler/Sinowal.B MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 933384 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1911572480 | Size: 20482 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08272013_110721.txt >>



RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : calum [Admin rights]
Mode : Remove -- Date : 08/27/2013 11:08:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] Lightshot.exe -- C:\Users\calum\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe [7] -> KILLED [TermProc]
[SUSP PATH] CurseClient.exe -- C:\Users\calum\AppData\Local\Apps\2.0\1R9N4E0X.M56\XW45C9GL.0TN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
[SUSP PATH] usbmon.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe [-] -> KILLED [TermProc]
[SUSP PATH] auditpol.exe -- C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-] -> KILLED [TermProc]
[SUSP PATH] Eula.exe -- C:\Users\calum\AppData\Local\Temp\AppLunch\Eula.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 22 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : LightShot (C:\Users\calum\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [-][x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Keyboard Inf. (C:\Users\calum\AppData\Roaming\GetRightToGo\msdn.exe [x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Reader (C:\Users\calum\AppData\Local\Temp\Acrobat\Reader.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Service (C:\Users\calum\AppData\Local\Temp\Kodack\Service.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\Run : Cleaner (C:\Users\calum\AppData\Local\Temp\CCleaner\Cleaner.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2889728259-429752201-602912618-1000\[...]\RunOnce : Standard Dynamic Printing Port Monitor (C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKLM\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 53897 (c:\progra~3\dxvtankxu.exe [-]) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 24546b09c74b6c841d1813050ee17ed2
[BSP] f0fad741f6715f98fddcaa167c46e09e : Whistler/Sinowal.B MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 933384 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1911572480 | Size: 20482 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_08272013_110822.txt >>
RKreport[0]_S_08272013_110721.txt

 

[Calum2290]

MBAM logs
I tried removing the viruses and it froze midway through completion yet again. Though, last time this happened, it did remove the files despite freezing.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.27.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19120
calum :: ROOMPC [administrator]

27/08/2013 11:09:30
MBAM-log-2013-08-27 (11-57-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293306
Time elapsed: 47 minute(s), 43 second(s)

Memory Processes Detected: 2
C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe (Trojan.FakeMS) -> 4580 -> No action taken.
C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe (Trojan.Backdoor) -> 5700 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Standard Dynamic Printing Port Monitor (Trojan.FakeMS) -> Data: C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\calum\AppData\Roaming\dclogs (Stolen.Data) -> No action taken.

Files Detected: 11
C:\Users\calum\AppData\Roaming\Microsoft\Windows\auditpol.exe (Trojan.FakeMS) -> No action taken.
C:\Users\calum\Documents\Downloads\videora-ipod-503-setup.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\calum\Downloads\mirc717.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\calum\Downloads\PFPortChecker.exe (PUP.Optional.AskToolbar) -> No action taken.
C:\Users\calum\Downloads\Setup (1).exe (PUP.Optional.IBryte.A) -> No action taken.
C:\Users\calum\Downloads\SoftonicDownloader_for_internet-explorer.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\calum\Downloads\SoftonicDownloader_for_microsoft-net-framework-repair-tool.exe (PUP.Optional.Softonic) -> No action taken.
C:\Users\calum\Downloads\Unlocker1.9.0-x64.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\calum\Downloads\video-media-download_setup.exe (PUP.Downware) -> No action taken.
C:\Users\calum\AppData\Roaming\dclogs\2013-08-27-3.dc (Stolen.Data) -> No action taken.
C:\Users\calum\AppData\Roaming\Microsoft\Windows\usbmon.exe (Trojan.Backdoor) -> No action taken.

(end)

 

[Broni]

It still says "No action taken".

I also need MBAR logs.

 

[Calum2290]

Whenever I try and remove the viruses, MBAM freezes. So the logs always say that.

 

[Broni]

Try to re-run it from Safe Mode.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.