Inactive System Check virus, a lot of problems

M

MjuTaS

Posts: 105   +0
Hello! Im new to this site, i saw u helpt alot of others with virus problems.
Yesterday i got this system check virus.

I had AVG free antivirus but it didnt find anything, dowloaded Malwarebytes Anti-Malware and i got rid of the pop-ups from the virus.

BUT everything in the startmenu dissappeared, also program files is missing, i cant play Starcraft anymore, just getting error message when im gonna start it, when i google something i get redirected to other random pages.

I also uninstalled AVG and installed AVAST, it didnt find anything. But my guess is that the virus is still there in the background somewere :( Can you please help me
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.
 
The UnHide made the start menu things back, but not program files.

Here is the first malwarebytes scan i did yesterday, now it just shows :0 on everything.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databasversion: v2012.02.07.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Simon :: SIMON-PC [begränsad]

2012-02-08 02:56:16
mbam-log-2012-02-08 (02-56-16).txt

Skanningstyp: Fullständig skanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 310690
Förfluten tid: 38 minut(er), 12 sekund(er)

Upptäckta minnesprocesser: 1
C:\Windows\Temp\lbcfvg\setup.exe (Trojan.Downloader) -> 3808 -> Ta bort vid nästa datorstart.

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 2
HKLM\SYSTEM\CurrentControlSet\Services\AMService (Trojan.Downloader) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winner Casino (PUP.Casino) -> Sattes i karantän och togs bort.

Upptäckta registervärden: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QGuaayvrII.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\QGuaayvrII.exe -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Data: C:\Users\Simon\AppData\Roaming\WMPRWISE.EXE -> Sattes i karantän och togs bort.

Upptäckta registerdataposter: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Dåligt: (0) Bra: (1) -> Sattes i karantän och reparerades framgångsrikt.

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 6
C:\Windows\Temp\lbcfvg\setup.exe (Trojan.Downloader) -> Ta bort vid nästa datorstart.
C:\ProgramData\QGuaayvrII.exe (Rogue.FakeHDD) -> Sattes i karantän och togs bort.
C:\Casino\Winner Casino\_WinnerCSetup_55c192.exe (PUP.Casino) -> Sattes i karantän och togs bort.
C:\ProgramData\XXkZ73R5CmQoEU.exe (Rogue.FakeHDD) -> Sattes i karantän och togs bort.
C:\Users\Simon\AppData\Local\Temp\KTbqO0dOajyreR.exe.tmp (Rogue.FakeHDD) -> Sattes i karantän och togs bort.
C:\Users\Simon\AppData\Local\Temp\data\venmix.exe (Trojan.Wreckit) -> Sattes i karantän och togs bort.

(klar)
 
The startmenu only had my computer and ducuments on the right side, and nothing on the left side, now after the UnHide i got all the old stuff back on the right side, like controlpanel,games,music etc.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-08 20:05:06
Windows 6.1.7601 Service Pack 1
Running: 7k2z5vbx.exe; Driver: C:\Users\Simon\AppData\Local\Temp\awtoypog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x2B 0x84 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x7B 0xCA 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xCE 0x0B 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB9 0xA1 0x13 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x2B 0x84 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x7B 0xCA 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xCE 0x0B 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB9 0xA1 0x13 0xF0 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB21072$\1327194865 0 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939 0 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\@ 2048 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\cfg.ini 197 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\L 0 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\L\xadqgnnk 74752 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\oemid 35 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\twl.dll 223744 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U 0 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U\80000000.@ 66048 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\U\80000032.@ 73216 bytes
File C:\Windows\$NtUninstallKB21072$\2418786939\version 862 bytes

---- EOF - GMER 1.0.15 ----
 
DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Simon at 22:00:03 on 2012-02-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1033.18.3327.1817 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\simon\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B523D576-2927-47EB-B58C-5897A926D97D} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\simon\appdata\roaming\mozilla\firefox\profiles\clbeh0im.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=3ce818f1000000000000002618f04b04&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\simon\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: d:\veetle\player\npvlc.dll
FF - plugin: d:\veetle\plugins\npVeetle.dll
FF - plugin: d:\veetle\vlcbroadcast\npvbp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 3ce818f1000000000000002618f04b04
FF - user.js: extensions.BabylonToolbar_i.hardId - 3ce818f1000000000000002618f04b04
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:57:13
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-8 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-8 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-16 239168]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-4 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-8 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-8 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-8 44768]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 awtoypog;awtoypog;c:\users\simon\appdata\local\temp\awtoypog.sys [2012-2-8 100864]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\photoshopelementsfileagent.exe --> c:\program files\PhotoshopElementsFileAgent.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\photoshopelementsdeviceconnect.exe --> c:\program files\PhotoshopElementsDeviceConnect.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-8 15872]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-02-08 17:37:02 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-02-08 16:50:23 388096 ----a-r- c:\users\simon\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-08 16:50:23 -------- d-----w- c:\program files\Trend Micro
2012-02-08 13:50:28 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-08 13:50:22 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-08 13:50:03 41184 ----a-w- c:\windows\avastSS.scr
2012-02-08 13:49:58 -------- d-----w- c:\programdata\AVAST Software
2012-02-08 13:49:58 -------- d-----w- c:\program files\AVAST Software
2012-02-08 12:58:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 12:03:31 -------- d-----w- c:\users\simon\appdata\local\{407444FE-074C-420B-9288-E273F7CF8F11}
2012-02-08 12:03:17 -------- d-----w- c:\users\simon\appdata\local\{A0E23D20-2D6B-4A92-A292-8404D0ABDAF5}
2012-02-08 02:51:54 -------- d-----w- c:\programdata\MFAData
2012-02-08 01:55:39 -------- d-----w- c:\users\simon\appdata\roaming\Malwarebytes
2012-02-08 01:55:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 01:41:51 -------- d-----w- c:\program files\Enigma Software Group
2012-02-08 01:40:45 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-08 01:40:41 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-02-07 23:28:59 -------- d-----w- c:\users\simon\appdata\local\{661DD34C-CF58-40D6-A540-4E1BF6EA6F36}
2012-02-07 22:25:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 11:28:36 -------- d-----w- c:\users\simon\appdata\local\{63AB4F93-2597-47AE-8524-1DCC6C2C88CE}
2012-02-06 23:28:12 -------- d-----w- c:\users\simon\appdata\local\{9E95CC46-5F7F-475D-86A9-5D995F2511CA}
2012-02-06 11:27:48 -------- d-----w- c:\users\simon\appdata\local\{AC44901C-360B-4256-9C29-6C1D4220C0B5}
2012-02-05 14:28:00 -------- d-----w- c:\users\simon\appdata\local\{9A2E91D9-E32F-43B8-85F6-67697968A23C}
2012-02-05 00:01:20 -------- d-----w- c:\users\simon\appdata\local\{28433BE0-9BEF-46D3-B544-6B3DC4FBC7B8}
2012-02-04 12:00:56 -------- d-----w- c:\users\simon\appdata\local\{B3E3CAE2-A7B3-4879-B799-637199051B4D}
2012-02-04 00:00:31 -------- d-----w- c:\users\simon\appdata\local\{9D4F6076-12B0-4D7E-A76E-70B9BBDD2BD7}
2012-02-03 12:00:08 -------- d-----w- c:\users\simon\appdata\local\{FA1F5C9B-FEA0-4779-9719-1BEA38134902}
2012-02-03 11:59:57 -------- d-----w- c:\users\simon\appdata\local\{1EB7DE0E-331E-4267-933A-A7F49F2514C5}
2012-02-02 23:59:31 -------- d-----w- c:\users\simon\appdata\local\{76491197-3009-4CF2-9085-AD8336D6C486}
2012-02-02 23:59:19 -------- d-----w- c:\users\simon\appdata\local\{0E83332E-FF01-4300-AEF8-9B0DAE9D0A98}
2012-02-01 14:51:24 -------- d-----w- c:\users\simon\appdata\local\{FD41B25C-435F-481D-8F4B-65DB008C77C9}
2012-01-29 21:35:52 -------- d-----w- c:\users\simon\appdata\local\{3FFA9400-0BC8-46F4-9ABE-61F15877FE38}
2012-01-29 21:35:41 -------- d-----w- c:\users\simon\appdata\local\{A9A618CF-A5FC-4729-92D8-DCE630BC5D25}
2012-01-28 13:20:47 -------- d-----w- c:\users\simon\appdata\local\{9910B6DB-D0C3-4584-907A-949B94C65F01}
2012-01-28 01:20:23 -------- d-----w- c:\users\simon\appdata\local\{D718F386-62FC-4D44-AFAC-1D7312058CC9}
2012-01-27 13:19:59 -------- d-----w- c:\users\simon\appdata\local\{4EFE92D5-25DC-457B-94E3-4B53D819BEFE}
2012-01-26 14:06:34 -------- d-----w- c:\users\simon\appdata\local\{693626DB-0B90-4CF6-AD6B-D0847E9FEB75}
2012-01-26 02:06:11 -------- d-----w- c:\users\simon\appdata\local\{BE9DC4F6-3364-443A-A746-B57959A61162}
2012-01-26 02:05:59 -------- d-----w- c:\users\simon\appdata\local\{93041ED9-DC3B-469A-804B-88DF600486F3}
2012-01-25 18:19:01 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 18:19:01 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 18:19:01 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-25 18:19:01 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 18:19:01 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 18:19:01 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 18:19:01 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 18:19:01 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 18:19:01 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 18:19:01 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 14:05:31 -------- d-----w- c:\users\simon\appdata\local\{D4DA736D-C380-433D-BC47-84D77129514D}
2012-01-24 23:44:04 -------- d-----w- c:\users\simon\appdata\local\{07FA1142-0065-4286-9450-2383C8E47978}
2012-01-24 11:43:39 -------- d-----w- c:\users\simon\appdata\local\{93F16013-7824-4E35-BD34-F6A1BABC48DC}
2012-01-23 23:43:13 -------- d-----w- c:\users\simon\appdata\local\{5AF06565-9E8E-45D6-8711-6D579722957F}
2012-01-23 11:42:49 -------- d-----w- c:\users\simon\appdata\local\{8144D9E5-B11B-486A-A9B8-27E216A69146}
2012-01-22 17:08:44 -------- d-----w- c:\users\simon\appdata\local\{BD955B3A-3F9F-4D89-8843-B7F044C0753C}
2012-01-22 17:08:34 -------- d-----w- c:\users\simon\appdata\local\{392F9F9B-6E03-4852-A2D1-9F06524AE9E9}
2012-01-12 14:03:16 -------- d-----w- c:\users\simon\appdata\local\{89B33B8D-D893-4E03-A9D1-437F08249393}
2012-01-12 02:02:53 -------- d-----w- c:\users\simon\appdata\local\{19AE6CAC-69A1-42B3-9E3C-B91F0F74F837}
2012-01-11 14:02:29 -------- d-----w- c:\users\simon\appdata\local\{3C711829-C102-434D-960F-C356149BEC38}
2012-01-10 19:28:20 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 19:28:20 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 19:28:19 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-10 19:28:18 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 17:55:21 -------- d-----w- c:\users\simon\appdata\local\{CD77497F-40AE-4844-95AB-7F52149A2B80}
.
==================== Find3M ====================
.
2012-02-07 22:25:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-21 19:32:17 9728 ------w- c:\users\simon\appdata\roaming\desktop.ini
2011-12-21 19:32:17 55808 ------w- c:\users\simon\appdata\roaming\ntuser.dat
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 01:16:44 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 00:40:01 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-15 23:37:07 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
.
============= FINISH: 22:06:27,80 ===============
 
attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-11-22 20:18:56
System Uptime: 2012-02-08 17:47:12 (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
Processor: AMD Phenom(tm) II X4 945 Processor | AM3 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 28,075 GiB free.
D: is FIXED (NTFS) - 388 GiB total, 141,351 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM-enhet
Device ID: IDE\CDROMTSSTCORP_CDDVDW_SH-S223B________________SB02____\5&F437AB5&0&0.1.0
Manufacturer: (Standard-CD-ROM-enheter)
Name: TSSTcorp CDDVDW SH-S223B ATA Device
PNP Device ID: IDE\CDROMTSSTCORP_CDDVDW_SH-S223B________________SB02____\5&F437AB5&0&0.1.0
Service: cdrom
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: @%SystemRoot%\system32\drivers\netbt.sys,-2
Device ID: ROOT\LEGACY_NETBT\0000
Manufacturer:
Name: @%SystemRoot%\system32\drivers\netbt.sys,-2
PNP Device ID: ROOT\LEGACY_NETBT\0000
Service: NetBT
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Kommunikationsport
Device ID: ACPI\PNP0501\1
Manufacturer: (Standardporttyper)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM-enhet
Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&3&01
Manufacturer: (Standard-CD-ROM-enheter)
Name: DTSOFT Virtual CdRom Device
PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&3&01
Service: cdrom
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Drivrutin för Offline Files
Device ID: ROOT\LEGACY_CSC\0000
Manufacturer:
Name: Drivrutin för Offline Files
PNP Device ID: ROOT\LEGACY_CSC\0000
Service: CSC
.
==== System Restore Points ===================
.
RP310: 2012-02-08 14:10:19 - Removed AVG 2012
RP311: 2012-02-08 14:25:09 - Installed Java(TM) 6 Update 30
RP312: 2012-02-08 14:49:43 - avast! Free Antivirus Setup
RP313: 2012-02-08 17:49:58 - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0 - Svenska
Adobe Shockwave Player 11.5
ATI Catalyst Install Manager
ATI Catalyst Registration
avast! Free Antivirus
BankID säkerhetsprogram
BitTorrent
bwin Poker JPC 1.0.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
D3DX10
DAEMON Tools Lite
Facebook Video Calling 1.1.1.1
Facemoods Toolbar
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Newerth
HiJackThis
ImagXpress
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.25)
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
PokerStars
redbet
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.5
Spotify
StarCraft II
Svenska Spels Poker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veetle TV 0.9.18
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
VLC media player 1.0.3
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Nothing happens when im trying to run aswMBR.exe, when i downloaded it, a window came up and say the file could harm my computer, i just clicked that window down
 
oh sorry, here it is:


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by Simon on 08-02-2012 at 23:04:36
Windows 7 (X86)
Running From: C:\Users\Simon\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 51%
Total physical RAM: 3327.18 MB
Available physical RAM: 1616.75 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 4776.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.68 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:78.03 GB) (Free:28.14 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:387.63 GB) (Free:141.35 GB) NTFS

Disk nr Status Storlek Ledigt Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk nr 0 Online 465 G B 1024 K B

DiskPart avslutas...

Partitions of Disk Disk nr 0 Online 465 G B 1024 K B :
===============

Argumenten som angetts f”r kommandot „r inte giltiga.
Om du vill ha mer information om kommandot skriver du: HELP SELECT DISK

Ingen disk har valts.


****** End Of Log ******
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
ok, it started to restart but right before it restarted i got blue screen, when i was gonna start the comp i got bluescreen again and again and again, with normal start mode. Im trying to start it with repair mode now, im on a laptop now.

what happend? why bluescreen? any clue?
 
You must log in or register to reply here.

Similar threads

C
Solved Got a neighbors old computer, its a good one, but slow.
2
Replies
27
Views
5K
Broni
Broni
S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
RanISR
  • Locked
Inactive A VERY Persistent Virus
Replies
3
Views
1K
Broni
Broni

Latest posts

Back