Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TR/ATRAPS.Gen and BDS/ZeroAccess.Gen7, and some few more troubles.


  • This topic is locked This topic is locked
6 replies to this topic

#1 cngjsska3095

cngjsska3095

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 23 June 2014 - 06:33 AM

First, sorry for my bad english since I'm korean.

 

At the first I installed comodo firewall, but that thing messed up my computer, so I force uninstall it (with your uninstaller, but not with official uninstaller).

 

But during doing it I'm infected with TR/ATRAPS.Gen and BDS/ZeroAccess.Gen7.

 

It can't be deleted with my avira antivirus and keeps sending me a warning messages.

 

And after that, the firewall doesn't work (it gets error code 0x80070433 when I'm trying to start) So I'm using another firewall.

 

And the lan card (both wireless and lan) can't get the ip automatically from dhcp. (it gets 169.254.xxx.xxx instead of 192.168.xxx.xxx from my router) But it works when I set a IP and DNS manually.

 

And here is my log and many thanks.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17126
Run by Nuts at 20:15:43 on 2014-06-23
Microsoft Windows 7 Ultimate K   6.1.7601.1.949.82.1042.18.8083.4615 [GMT 9:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
E:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
E:\Program Files (x86)\Click To Tweak [Basic]\CTTService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\igfxEM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Program Files\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
E:\Program Files (x86)\PicPick\picpick.exe
C:\Users\Nuts\AppData\Roaming\uTorrent\uTorrent.exe
E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
E:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
E:\Program Files (x86)\Everything\Everything.exe
E:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\StikyNot.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Users\Nuts\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer
mWindow Title = Microsoft Internet Explorer
mWinlogon: Userinit = userinit.exe
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - 
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - 
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Program Files (x86)\Orbitdownloader\GrabPro.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RsvAgent] E:\Program Files (x86)\Click To Tweak [Basic]\RsvAgent.exe
uRun: [BaiduYunGuanjia] "E:\Program Files\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe" AutoRun
uRun: [PicPick Start] E:\Program Files (x86)\PicPick\picpick.exe /startup
uRun: [uTorrent] "C:\Users\Nuts\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [SRS Audio Sandbox] "E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ZoneAlarm] "E:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [Everything] "E:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [Privatefirewall] E:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
mRun: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: &Download by Orbit - E:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - E:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - E:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - E:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Mipony로 다운받기 - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: Send image to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
IE: Send page to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.142.2
TCP: Interfaces\{9678C3DB-1808-4911-983E-A8DB1EB3A068} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9678C3DB-1808-4911-983E-A8DB1EB3A068} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9B24F79A-B985-4F26-81C3-791E2B653BFA} : NameServer = 8.8.8.8,8.8.4.4
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtServer] "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 dcrypt;DiskCryptor driver;C:\Windows\System32\drivers\dcrypt.sys [2014-6-19 210120]
R0 iusb3hcs;인텔® USB 3.0 호스트 컨트롤러 스위치 드라이버;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-7 20464]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-6-19 32544]
R0 UltraRAMDisk;Ultra RAMDisk SCSI Controller;C:\Windows\System32\drivers\UltraRAMDisk.sys [2014-6-19 246520]
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64;{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64;C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [2014-6-23 61120]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-6-19 28600]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2014-6-21 133152]
R2 AntiVirSchedulerService;Avira 스케줄러;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-6-19 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-6-19 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-6-19 112080]
R2 BTDevManager;BTDevManager;C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe [2014-6-19 22528]
R2 CTTService;Click To Tweak Agent Service;E:\Program Files (x86)\Click To Tweak [Basic]\CTTService.exe [2011-5-6 147456]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-3-17 282096]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-19 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-19 21055432]
R2 PFNet;Privacyware network service;E:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-12-17 374600]
R3 IntcDAud;인텔® 디스플레이 오디오;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-7 450520]
R3 iusb3hub;인텔® USB 3.0 허브 드라이버;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-7 358896]
R3 iusb3xhc;인텔® USB 3.0 확장 가능한 호스트 컨트롤러 드라이버;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-7 795632]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-19 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-19 40392]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-6-19 313048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-19 939224]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2014-6-23 1480776]
S2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-6-19 84720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 TinyWall;TinyWall Service;"C:\Program Files (x86)\TinyWall\TinyWall.exe" --> C:\Program Files (x86)\TinyWall\TinyWall.exe [?]
S2 Update Greener Web;Update Greener Web;"C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe" --> C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [?]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;"E:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" --> E:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-22 71168]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-6-19 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-20 111616]
S3 Mezzmo;Mezzmo;"H:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe" /ServerName="Mezzmo" --> H:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\Windows\System32\drivers\RtkBtfilter.sys [2014-6-19 545384]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtwlane.sys [2014-6-23 1480776]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-22 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-22 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-22 117248]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-6-19 1039952]
.
=============== Created Last 30 ================
.
2014-06-23 00:18:40 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-06-23 00:18:40 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-06-23 00:18:21 1480776 ----a-w- C:\Windows\System32\drivers\rtwlane.sys
2014-06-23 00:13:53 -------- d-----w- C:\3DP
2014-06-22 23:36:04 61120 ----a-w- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-22 16:18:58 -------- d-----w- C:\Users\Nuts\AppData\Local\Conceiva
2014-06-22 16:17:00 -------- d-----w- C:\ProgramData\Conceiva
2014-06-22 15:51:57 -------- d-----w- C:\Users\Nuts\AppData\Roaming\Mipony
2014-06-22 15:50:53 -------- d-----w- C:\Program Files (x86)\Greener Web
2014-06-22 15:50:39 -------- d-----w- C:\Program Files (x86)\MiPony
2014-06-21 15:31:36 -------- d-----w- C:\Users\Nuts\AppData\Local\LogMeIn Hamachi
2014-06-21 15:27:44 -------- d-----w- C:\Users\Nuts\AppData\Roaming\GrabPro
2014-06-21 15:27:44 -------- d-----w- C:\downloads
2014-06-21 15:27:20 -------- d-----w- C:\Users\Nuts\AppData\Local\LogMeIn
2014-06-21 15:27:20 -------- d-----w- C:\ProgramData\LogMeIn
2014-06-21 11:04:17 -------- d-----w- C:\Users\Nuts\AppData\Local\Privatefirewall
2014-06-21 11:01:27 133152 ----a-w- C:\Windows\System32\drivers\pwipf6.sys
2014-06-21 11:01:26 -------- d-----w- C:\ProgramData\Privacyware
2014-06-21 10:56:10 -------- d-----w- C:\Program Files (x86)\TinyWall
2014-06-21 10:53:55 -------- d-----w- C:\Users\Nuts\AppData\Roaming\ParetoLogic
2014-06-21 10:53:55 -------- d-----w- C:\Users\Nuts\AppData\Roaming\DriverCure
2014-06-21 10:53:33 -------- d-----w- C:\ProgramData\ParetoLogic
2014-06-21 10:07:17 -------- d-----w- C:\Users\Nuts\AppData\Roaming\URSoft
2014-06-20 13:54:08 -------- d--h--w- C:\VTRoot
2014-06-20 13:31:59 -------- d-sh--w- C:\Users\Nuts\AppData\Local\EmieUserList
2014-06-20 13:31:59 -------- d-sh--w- C:\Users\Nuts\AppData\Local\EmieSiteList
2014-06-20 12:44:46 -------- d-----w- C:\Program Files (x86)\AdTrustMedia
2014-06-20 12:44:45 -------- d-----w- C:\ProgramData\Adtrustmedia
2014-06-20 12:44:20 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-06-20 12:44:03 -------- d-----w- C:\ProgramData\Comodo
2014-06-20 07:42:55 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-06-20 07:40:36 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-20 07:39:51 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-06-20 07:39:51 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-06-20 04:45:37 -------- d-----w- C:\Users\Nuts\AppData\Local\Uzys
2014-06-20 04:37:15 -------- d-----w- C:\Users\Nuts\AppData\Roaming\ProgSense
2014-06-20 02:59:39 -------- d-----w- C:\Users\Nuts\AppData\Local\SRS Labs
2014-06-20 02:59:29 -------- d-----w- C:\ProgramData\SRS Labs
2014-06-20 02:59:25 346992 ----a-w- C:\Windows\System32\drivers\SRS_SSCFilter_amd64.sys
2014-06-20 02:59:25 -------- d-----w- C:\Program Files\SRS Labs
2014-06-20 02:20:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-20 02:20:54 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-20 02:19:54 -------- d-----w- C:\Users\Nuts\AppData\Local\DoNotTrackPlus
2014-06-19 14:08:42 -------- d-----w- C:\Program Files\CCleaner
2014-06-19 14:08:23 -------- d-----w- C:\Users\Nuts\AppData\Roaming\uTorrent
2014-06-19 13:59:56 -------- d-----w- C:\Users\Nuts\AppData\Roaming\PicPick
2014-06-19 13:59:56 -------- d-----w- C:\ProgramData\PicPick
2014-06-19 13:50:02 -------- d-----w- C:\Users\Nuts\AppData\Roaming\AIMP3
2014-06-19 13:46:21 -------- d-----w- C:\Program Files (x86)\CheckPoint
2014-06-19 13:46:01 -------- d-----w- C:\ProgramData\CheckPoint
2014-06-19 13:45:02 -------- d-----w- C:\Users\Nuts\AppData\Roaming\BaiduYunGuanjia
2014-06-19 13:29:24 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-06-19 13:29:24 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-06-19 13:27:04 -------- d-----w- C:\Users\Nuts\AppData\Local\Microsoft Games
2014-06-19 13:26:55 180 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-19 13:17:06 246520 ----a-w- C:\Windows\System32\drivers\UltraRAMDisk.sys
2014-06-19 13:16:44 210120 ----a-w- C:\Windows\System32\drivers\dcrypt.sys
2014-06-19 13:09:15 -------- d-----w- C:\Users\Nuts\AppData\Roaming\Avira
2014-06-19 13:08:43 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-06-19 13:08:43 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-06-19 13:08:43 112080 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-06-19 13:08:43 -------- d-----w- C:\ProgramData\Avira
2014-06-19 13:08:43 -------- d-----w- C:\Program Files (x86)\Avira
2014-06-19 12:31:42 -------- d-----w- C:\Users\Nuts\AppData\Local\Skype
2014-06-19 12:31:40 -------- d-----r- C:\Program Files (x86)\Skype
2014-06-19 12:27:03 -------- d-----w- C:\Users\Nuts\AppData\Roaming\Foxit Software
2014-06-19 12:15:26 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-06-19 12:15:26 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2014-06-19 12:13:08 -------- d-sh--w- C:\Users\Nuts\IntelGraphicsProfiles
2014-06-19 12:13:07 451 ----a-w- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-19 12:13:07 244 ----a-w- C:\Windows\System32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2014-06-19 12:13:06 -------- d-----w- C:\Windows\SysWow64\NV
2014-06-19 12:13:06 -------- d-----w- C:\Windows\System32\NV
2014-06-19 12:12:02 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2014-06-19 12:10:52 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-06-19 12:10:52 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-06-19 12:10:52 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-06-19 12:10:52 2560 ----a-w- C:\Windows\System32\drivers\ko-KR\wdf01000.sys.mui
2014-06-19 12:10:42 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-06-19 12:10:42 125952 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2014-06-19 12:08:40 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-06-19 12:08:40 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-06-19 12:08:40 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-06-19 12:08:40 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-06-19 12:08:40 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-06-19 12:08:40 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-19 12:08:40 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-06-19 12:08:40 2560968 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-06-19 12:08:40 1078616 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-06-19 12:08:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-06-19 12:08:29 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-06-19 12:05:39 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-06-19 12:05:39 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-06-19 12:05:37 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-06-19 12:05:37 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-06-19 12:04:19 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2014-06-19 12:04:19 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2014-06-19 12:04:16 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2014-06-19 12:03:51 -------- d-----w- C:\Intel
2014-06-19 11:56:50 -------- d-----w- C:\Users\Nuts\AppData\Local\MapleStudio
2014-06-19 11:52:49 -------- d-----w- C:\Users\Nuts\AppData\Local\Diagnostics
2014-06-19 11:51:55 939224 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-06-19 11:36:57 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-06-19 11:36:47 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-06-19 11:36:47 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-06-19 11:35:38 -------- d-----w- C:\Windows\Panther
2014-06-19 11:35:25 -------- d-sh--w- C:\Boot
2014-05-29 17:35:18 450968 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
.
==================== Find3M  ====================
.
2014-06-20 07:42:55 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-06-20 07:40:36 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-27 17:17:56 3976792 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2014-05-26 12:46:58 2800344 ----a-w- C:\Windows\System32\RltkAPO64.dll
2014-05-23 11:54:32 948952 ----a-w- C:\Windows\System32\RCoInstII64.dll
2014-05-22 11:21:32 1022168 ----a-w- C:\Windows\System32\RtkApi64.dll
2014-05-19 15:16:04 2843352 ----a-w- C:\Windows\System32\RtPgEx64.dll
2014-05-19 08:47:46 2080472 ----a-w- C:\Windows\RtlExUpd.dll
2014-05-09 09:17:44 628952 ----a-w- C:\Windows\System32\RtDataProc64.dll
2014-04-10 10:19:56 2101848 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2014-04-10 10:19:54 2041432 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll
2014-04-10 10:19:52 1063512 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
.
============= FINISH: 20:15:52.85 ===============

Edited by cngjsska3095, 23 June 2014 - 06:47 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 23 June 2014 - 07:10 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

Also post the attach.txt by DDS.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 cngjsska3095

cngjsska3095
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 23 June 2014 - 08:09 AM

Sorry for late reply.

 

And there was additional message you didn't tell me while opening that program which says "Use Intel VMT (Virtualization thing..?) support during the scan and rootkit detection..?", then I clicked "yes".

 

And I post you another aswMBR_Clicked_NO.txt that I clicked "No" in same message just in case.

 

Really many thanks for your help!  :clapping:

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 23 June 2014 - 08:58 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Orbit Downloader


Close the window.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 cngjsska3095

cngjsska3095
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 23 June 2014 - 09:27 AM

I uploaded ComboFix.txt

 

And I also uninstalled Orbit Downloader properly.

 

But still doesn't work anyways..

 

Thanks!

Attached Files


Edited by cngjsska3095, 23 June 2014 - 09:52 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 24 June 2014 - 06:55 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the doenloaded file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:
 

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
 

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

 

System File Check

For Windows XP:
 

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.

For Windows Vista/7:
 

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"


Within the opening window, write the following:
 

sfc /scannow

(See the blank within).

 

  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:53 AM

Posted 03 July 2014 - 04:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users