Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32 DNS Changer won't stop! [Closed]


  • This topic is locked This topic is locked

#16
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\SysNative\rt2500usb.dll

Driver::
ixiaendpoint

NetSvc::
ixiaendpoint


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2.

Please post:

Combofix.txt



After this fix please reboot and check for your recycle bin and run command. Please let me know if it is corrected.

Also please update me on the computer performance.
  • 0

Advertisements


#17
Michael Vuong

Michael Vuong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Unfortunatley they are not corrected but here is the combo fix log:
ComboFix 12-04-10.02 - Michael Vuong 11/04/2012 15:45:04.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2814.1910 [GMT -4:00]
Running from: c:\users\Michael Vuong\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael Vuong\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\rt2500usb.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110906.txt
c:\cflog\CrashLog_20110924.txt
c:\program files (x86)\LP
c:\program files (x86)\LP\5502\69FC.tmp
c:\program files (x86)\LP\5502\9ABC.tmp
c:\windows\SysWow64\windir
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ixiaendpoint
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 19:56 . 2012-04-11 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 22:22 . 2012-04-10 22:22 -------- d-----w- c:\users\Michael Vuong\AppData\Local\Facebook
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- C:\_OTL
2012-04-07 14:10 . 2012-02-23 15:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-07 14:10 . 2012-02-23 15:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-07 14:10 . 2012-02-23 15:13 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-04-07 14:09 . 2012-02-23 15:12 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-04-07 14:09 . 2012-02-23 15:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-07 14:09 . 2012-02-23 15:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-07 14:09 . 2012-02-23 15:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-07 14:09 . 2012-02-23 15:11 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-04-07 14:09 . 2012-02-23 15:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-07 14:09 . 2012-02-23 15:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-07 14:09 . 2012-02-23 14:54 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-04-07 02:52 . 2012-04-07 02:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 02:26 . 2012-04-07 02:26 -------- d-----w- C:\_OTM
2012-04-05 02:05 . 2012-04-05 02:05 -------- d-----w- c:\programdata\Atheros
2012-04-02 21:29 . 2009-08-22 02:50 24616 ----a-w- c:\windows\system32\drivers\TsLwWfF.sys
2012-04-02 21:29 . 2012-04-02 21:29 -------- d-----w- c:\program files (x86)\CommViewWiFiTroll
2012-03-27 00:06 . 2012-03-27 00:06 -------- d-----we c:\windows\system64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 02:11 . 2011-03-05 00:12 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-02 02:11 . 2011-03-05 00:12 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-02 02:11 . 2011-03-05 00:12 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-02 02:11 . 2011-03-05 00:12 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-25 20:26 . 2011-06-11 14:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 15:23 . 2011-02-05 18:06 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 15:23 . 2011-02-05 18:06 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-03 01:21 . 2011-02-24 00:48 99384 ----a-w- c:\users\Michael Vuong\AppData\Roaming\inst.exe
2012-02-03 01:21 . 2011-02-24 00:48 82816 ----a-w- c:\users\Michael Vuong\AppData\Roaming\pcouffin.sys
2012-02-03 01:18 . 2011-02-24 00:48 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
.
.
((((((((((((((((((((((((((((( [email protected]_20.59.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-11 20:02 49678 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-05 16:04 . 2012-04-11 20:02 15036 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766364085-2439274923-2515737355-1001_UserData.bin
+ 2011-02-05 16:21 . 2012-04-10 21:00 52270 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 21:00 49630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-05 16:04 . 2012-04-10 21:00 14964 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766364085-2439274923-2515737355-1001_UserData.bin
- 2012-04-10 20:58 . 2012-04-10 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-11 20:00 . 2012-04-11 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-11 20:00 . 2012-04-11 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-10 20:58 . 2012-04-10 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-10 21:41 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-10 20:33 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-04-10 21:05 742148 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-04-10 20:39 742148 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-04-10 20:39 156190 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-10 21:05 156190 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-10 21:05 742148 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-10 20:39 742148 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 21:05 156190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-10 20:39 156190 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-11 19:58 482332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-10 20:57 482332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-10 22:22 . 2012-04-10 22:22 397312 c:\windows\Installer\4d47ba.msi
- 2009-07-14 04:54 . 2012-04-10 20:33 1900544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 21:41 1900544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 21:41 2867200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 20:33 2867200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-04-10 23:03 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-10 03:35 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-10 03:35 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-10 23:03 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-02-05 18:09 . 2012-04-11 19:58 37887656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1766364085-2439274923-2515737355-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Michael Vuong\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-10 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}"="c:\program files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe" [2010-09-20 126976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"<NO NAME>"=
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6.1\dbk64.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 GUCI_AVS;USB2.0 UVC VGA;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 X6va003;X6va003;c:\users\MICHAE~1\AppData\Local\Temp\00324CE.tmp [x]
R3 X6va005;X6va005;c:\users\MICHAE~1\AppData\Local\Temp\005F5A.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R4 BootRacerServ;BootRacerServ;c:\program files (x86)\BootRacer\BootRacerServ.exe [2011-01-26 65304]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 135664]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-02-23 131288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-09-09 20:28]
.
2012-04-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1766364085-2439274923-2515737355-1001Core.job
- c:\users\Michael Vuong\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 22:22]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1766364085-2439274923-2515737355-1001UA.job
- c:\users\Michael Vuong\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 22:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 15:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"combofix"="c:\combofix\CF15638.3XE" [2009-07-14 344576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
sweepsrv.sys
aic78u2
ixiaendpoint
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\Microsoft Office 2010\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\Microsoft Office 2010\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michael Vuong\AppData\Roaming\Mozilla\Firefox\Profiles\mzfhcfqi.default\
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\MICHAE~1\AppData\Local\Temp\00324CE.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\MICHAE~1\AppData\Local\Temp\005F5A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"=hex:51,66,7a,6c,4c,1d,38,12,b8,aa,cd,
8f,50,21,85,00,f1,ff,c9,c1,aa,53,6b,80
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:48,f4,ab,b6,b7,0b,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,ab,16,c9,27,bc,2d,4d,95,51,4c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,ab,16,c9,27,bc,2d,4d,95,51,4c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="481B0E68AB6E39ADF03BFCEDF718B862C5A5A4CF1F262B2D2A4B7B545FC1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B555A6171C11EC38DE3D90A65B06D057813EB46B5883F533B64432CB9DAD8F0698621C0E58EE0A11CE570E6FA86A77B7EDB8E470AFCF0F77833090772D8141B5448EE543AF0A5CCFBF1E0D26CF5ABA0B255A7E9982E90A471FE206A1778E198CB2CB687783BA3D60BD3C828EA2FB466DF7560B6285D1FA8189F85A983053B44F36C7C3EFA9A0F6898E080682B7292BCD38513D56AE41DDD9480674BB52841795A29F3B013E8C326B754ED2EC6CF05C6EBFE26A97BDA28F59648DE305190B264D53E6B3971E838075C0CE4A4FDE163466E8990ADBAF964FD9698B5AFC0704AC37A4A5BAB16BBF53703C3E6EBBF10EEC9F93F6BA6AC9EE440C676E2FC1613FD868F8557D650D2F84733B44E7DC4D06295AA26DBC23953577F2F5965985B0423D49B5E54ED62D73CD6D957C836D5B596C28FE6873755C24D5E82B5B798F41435115C4B926C2B860CEA025F7AFBECB9C9E701444E967312B32962486CF39A5316DDF14299EF8E1010B22483A023591150D6CD1D14C12656D407E02D443F133ACD18B94FDF65C20926A5C623A3147E33F67AD2A566B2314C21B71E87A5D3A02871F523B781263AD07378BD8E59804BE47C115178A3CDA97373E99029CCA29EF4D5DC0844A76990782A1C2971CB909601195D9921B57908F898C72F9D35F691E3975366A1B4F20EFE0BCE78C31B78CCB323E869CAA792BE12D4B4A01AF9039F03B376AF105EB276DAC00B4AA6C5AD44876FCFA3A4C842936C9A2C64C32F76B917854639E193E77CAA94736690B8D40E15BF6E8700B7D9B77BB215E1451D2E36EC9E3FEF9D8DEEC95CC524EC13C61BDE51432D64C618BA75712B8DD15F6042038BB5F6E133C86F69FBEC2B4B325895369071C9FDEC37C07C8903DE29080112C638E2535FA2C15177EDE227041DCDD97424E86733A934286052E69644A40242BA936782E470A8EE50F3DD95FF0EE5AB58DB8A3D3F52C7087889659A78AFC8B5287DBFE0491A8188EEB9F3BB5CD5C2071A7490E18ADD9C00091298FC920EFB7ED3F5C43B8774DFD50F90077F76619F09B35B541E902DC0F77A4F9713A58473F5AD547B3A09AB4AEFD5D8BA87F4D8CB69F9D681D4A166B5D8D8B5048BC0C26DC0B13E223E4A00DBB0082A348F91A927B778B81650A11AED0F1D128C0E78F216D8505A54801B37ADD50165D366A65FCF0B36ED144501FC331E9C6AF6C2AC242F365FC3D3C470113EFFE890436A54F0EE8F8F960C597EFB9EBCFFECB4241050915D79009FDDC3A61EF2F1414EED5FAFD5D80A3675930B6181110D31419413AE51B1E"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-11 16:08:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 20:08
ComboFix2.txt 2012-04-10 21:06
.
Pre-Run: 64,360,435,712 bytes free
Post-Run: 64,084,582,400 bytes free
.
- - End Of File - - 7D3F187C50443118EA5CE8FFECB0EA12

system is running really well.

Edited by Michael Vuong, 11 April 2012 - 02:17 PM.

  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We will address the recycle bin icon and run command shortly. First we need to scan for additional malware and check for the updates you need to bring your security up to date.


Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#19
Michael Vuong

Michael Vuong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Malware Bytes didnt find anything so Im not [posting the log

here is eset:

C:\Program Files (x86)\HideIPEasy\hide.ip.easy.5.0.2.2-patch.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\SG Interactive\Project Blackout\xfire_installer.projblackout.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Michael Vuong\Downloads\[cheat-project.com] WinJect 1.7 2009-05-02.rar a variant of Win32/HackTool.Inject.F application deleted - quarantined
C:\Users\Michael Vuong\Downloads\CheatEngine60.exe multiple threats deleted - quarantined
C:\Users\Michael Vuong\Downloads\CheatEngine61.exe multiple threats deleted - quarantined
C:\Users\Michael Vuong\Downloads\Faith.rar Win32/HackTool.Inject.B application deleted - quarantined
C:\Users\Michael Vuong\Downloads\FInject.exe Win32/HackTool.Inject.B application cleaned by deleting - quarantined
C:\Users\Michael Vuong\Downloads\gMS v1.05 MatiuzPE.zip a variant of Win32/HackTool.Inject.A application deleted - quarantined
C:\Users\Michael Vuong\Downloads\gMS v1.05 MatiuzPE\[gMS v1.05] MatiuzPE\Matiuz Injector.exe a variant of Win32/HackTool.Inject.A application cleaned by deleting - quarantined
C:\Users\Michael Vuong\Downloads\JDownloaderSetup_3IC.exe a variant of Win32/InstallCore.H application deleted - quarantined
C:\Users\Michael Vuong\Downloads\PerX.rar a variant of Win32/HackTool.Inject.D application deleted - quarantined
C:\Users\Michael Vuong\Downloads\Sony Vegas 10 Cracked.rar a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined
C:\Users\Michael Vuong\Downloads\SONY Vegas Pro 11.0 Build 370 + Patch (32-bit) [RH]\SVP.11.0.370_[RH].rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
C:\Users\Michael Vuong\Downloads\Valkyrie.rar.xcibfyp.partial a variant of Win32/HackTool.Inject.B application deleted - quarantined
C:\Windows\AutoKMS.exe Win32/HackKMS application cleaned by deleting - quarantined
C:\Windows\Resources\Themes\Midnight\Theme Optioanal Extras\VistaGlazzSetup.exe Win32/OpenCandy application deleted - quarantined
C:\Windows\Resources\Themes\Theme Manager\Midnight\Midnight\Theme Optioanal Extras\VistaGlazzSetup.exe Win32/OpenCandy application deleted - quarantined

Security Log:
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 10.2.152.26 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Computer is running fine, however now whenever I run games i always get an fps spike while before it was very stable. Could the virus had something to do with it?
  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Please run the MGA Diagnostic Tool and post the report it produces:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program.
  • Click Continue.
  • Ensure that the Windows tab is selected. (It should be by default.)
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report into your next reply.



---------------------------------------------------------------------------------------



  • Please download WVCheck by Artellos from one of the mirrors below;
    Artellos.com (exe)
  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.


Step 2.

Please post:

MGA Diagnostic report

WVCheck report

  • 0

#21
Michael Vuong

Michael Vuong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {D8E7DE21-D315-4848-858A-032BF419F831}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.110408-1633
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D8E7DE21-D315-4848-858A-032BF419F831}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1766364085-2439274923-2515737355</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L300D</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>1.80</Version><SMBIOSVersion major="2" minor="4"/><Date>20090901000000.000000+000</Date></BIOS><HWID>ECBB3607018400F6</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57256</Pid><PidType>14</PidType></Product><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>88554D4F2BB7EBA</Val><Hash>KS1U43JbCLnfACfI/uR1JMUASh0=</Hash><Pid>81605-861-0752572-65141</Pid><PidType>8</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-4105-7600.0000-0362011
Installation ID: 019293211534434241898732349342333684331992514982427723
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/04/2012 4:30:36 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:7:2012 21:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAIABAABAAEAAgABAAAAAgABAAEAeqg2fU402o8yyxAzsK5U+XKg1ErElt6IzEmAhhwjfig=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSINV TOSINV00
FACP TOSINV TOSINV00
SRAT AMD AMD CRB
MSCT AMD AMD CRB
HPET TOSINV TOSINV00
BOOT TOSINV TOSINV00
MCFG TOSINV TOSINV00
SLIC TOSINV TOSINV00
SSDT AMD PowerNow

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1714_12-04-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last Success Time for Update Detection: 2011-06-12 16:37:55
Last Success Time for Update Download: 2011-06-11 15:01:30
Last Success Time for Update Installation: 2011-06-11 15:08:30


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\system64\slwga.dll
Size: 15360 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 1:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 19:52:11
Modification; 13/7/2009 21:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 1:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 1:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 8/2/2011 16:39:6
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - e8b0ffc209e504cb7e79fc24e6c085f0


-------- End of File, program close at 1721_12-04-2012 --------
  • 0

#22
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Click Start >> Control Panel >> System and Security >> Under Action Center click Change User Account Control settings >> Set to Default >> Click OK
Posted Image

Automatic updates is turned of f and has not been checked since June 11, 2011. This is very dangerous.

  • Now back on the System and Security screen under Windows Update click Turn automatic updating on or off >> Select Install updates automatically (recommended) and set it to Install new updates: Daily at a time of your choosing. Also make sure Recommended updates, Who can install updates, and Microsoft Update are all checked >> Click OK
  • Now again back on the System and Security screen click Windows Update >> Check for Updates >> Install updates >> Reboot when asked.
Windows updates are critical to your security and you shoud always install the critical and important ones at the very least


Step 2.

Update Java

Upgrade Java : (64 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")


Step 3.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


Step 4.

Update Flash Player

Uninstall your current version of flash player by downloading the uninstaller here and running it. Once it is complete reboot .

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Make sure to uncheck the install of the McAfee tool before downloading. You will need to select your operating system (Win & 64-bit) and then each version to download and install separately.


Step 5.

UPDATE Firefox

Start Firefox
Click Help >> About FireFox >> Update


Step 6.


What issues remain? Have any of the issues you previously mentioned resolve or are they still there?
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP