Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer opening gameharbor.org on startup and severe mouse drift


  • Please log in to reply
17 replies to this topic

#1 TheCrippledPizza

TheCrippledPizza

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 September 2014 - 08:33 AM

When I start my computer, it immediately opens Internet Explorer and goes to gameharbor.org, which seems to be some shady Russian gaming site. Also, my mouse seems to wander wherever it wants, but it doesn't seem to have a mind of its own(it doesn't open programs or close my tabs, just drags in varying degrees to the lower right) so I don't think it's malware. In fact I have a feeling the issues are totally unrelated. However I recently used Deluge(a torrent client) and I have a strong feeling something I downloaded is causing the gameharbor issue. Let me know if any further information is needed. Thank you in adnvace.

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

Edit: My bad, I didn't even thing to read deeply into how the forum works. Nobody expects to be the obnoxius forum user until they are.


Edited by TheCrippledPizza, 19 September 2014 - 08:45 AM.


BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 19 September 2014 - 08:56 AM

Hello, 
 
Please run the following programme. 
 
6gkmKHQ.png Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

Posted Image

#3 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 September 2014 - 09:08 AM

 

Hello, 
 
Please run the following programme. 
 
6gkmKHQ.png Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

 

Just sent it.



#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 19 September 2014 - 09:14 AM

Hello, 
 
Please take note of the following warning for future reference. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngComboFix Warning

------------------------------
 
From your logs I can see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest infections; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article

 

STEP 1
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Deleting Run Value... >"%userprofile%\desktop\fix.txt"
    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CMD /f >>"%userprofile%\desktop\fix.txt" 2>&1
    echo.
    echo Deleting Temp Files/Folders...
    del %TEMP%\*.* /F /S /Q
    rd /S /Q %TEMP%
    echo.
    echo Flushing Internet. Please wait... >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /release >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\fix.txt" 2>&1
    echo.
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\fix.txt" 2>&1
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file del.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate del.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. 
  • A log (fix.txt) will be saved to your DesktopCopy the contents of the log and paste in your next reply. 
     

Let me know if there are any outstanding issues after your computer reboots.


Posted Image

#5 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 September 2014 - 09:22 AM

Hello, 
 
Please take note of the following warning for future reference. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngComboFix Warning

------------------------------
 
From your logs I can see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest infections; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article

 

STEP 1
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Deleting Run Value... >"%userprofile%\desktop\fix.txt"
    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v CMD /f >>"%userprofile%\desktop\fix.txt" 2>&1
    echo.
    echo Deleting Temp Files/Folders...
    del %TEMP%\*.* /F /S /Q
    rd /S /Q %TEMP%
    echo.
    echo Flushing Internet. Please wait... >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /release >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\fix.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\fix.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\fix.txt" 2>&1
    echo.
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\fix.txt" 2>&1
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file del.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate del.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. 
  • A log (fix.txt) will be saved to your DesktopCopy the contents of the log and paste in your next reply. 
     

Let me know if there are any outstanding issues after your computer reboots.

Computer booted perfectly and didn't open gameharbor.org. I daresay my mouse is even stationary again, though that's likely wishful thinking. Thank you for your help. I had no right getting off so easily with how recklessly I was using my PC.



#6 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 19 September 2014 - 09:30 AM

Hello,
 
Have you tried connecting a different mouse? 
 
If you wish to check for remnants, and confirm your machine appears free of malware, I suggest working through the following steps.

 

STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
iAdP9bf.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select Run as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. 
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click List of found threats.... If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to Uninstall Application on Close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 5
rzqZvBe.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • njvAG80.png
    • 6N6QY9z.png
    • zmWTIXg.png
    • VAFn5gg.png
    • AtULTyM.png
    • 4roTXa5.png
    • kLju9nY.png
    • chxHkm0.png
    • 6KiAnDw.png
    • bKYHfhP.png
    • rO2mCup.png & Ii0HSu5.png
    • fd89mAB.png
    • vz7b54X.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • MBAM log
  • mbar log
  • system log
  • ESET log
  • Result.txt

Edited by LiquidTension, 19 September 2014 - 09:31 AM.

Posted Image

#7 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 September 2014 - 02:14 PM

1. I accidentally closed this log, do you happen to know where it's located? I can't find it.

 

2. No errors found, so no log.

 

3. Same as #2.

 

4.This is the log copy and pasted in it's entirety: C:\Documents and Settings\Battman\Downloads\Setup(1).exe a variant of Win32/AdWare.iBryte.BG application

C:\Users\Battman\Downloads\Setup(1).exe a variant of Win32/AdWare.iBryte.BG application
D:\$RECYCLE.BIN\S-1-5-21-836762672-4246738911-131963420-1000\$R4H8UBH\Game\Bin\3dmgame.dll a variant of Win32/Packed.VMProtect.AAA trojan
D:\Games\GOG Games\The Chronicles of Riddick - Assault on Dark Athena\System\Win32_x86\dvm.dll a variant of Win32/HackTool.Crack.D potentially unsafe application
D:\Games\MGQ Parts 1-3 100% Translated\mod\Spirits\Messenger Plus! Live 5.00.702.zip a variant of Win32/MessengerPlus.A potentially unwanted application
D:\Games\MGQ Parts 1-3 100% Translated\mod\Spirits\Setup-MsgPlus-511.exe a variant of Win32/MessengerPlus.A potentially unwanted application
 
5. This is the log:
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® 82578DC Gigabit Network Connection = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Battman-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Intel® 82578DC Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-27-0E-23-0C-05
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:c:1180:15b:ed2e:3cde:212a:23a6(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:c:1180:15b:71c1:fcb9:6947:11aa(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::ed2e:3cde:212a:23a6%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.26(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, September 19, 2014 11:31:51 AM
   Lease Expires . . . . . . . . . . : Friday, September 26, 2014 11:31:50 AM
   Default Gateway . . . . . . . . . : fe80::21d:d3ff:fe9e:8be1%11
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234891022
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-95-21-E3-00-27-0E-23-0C-05
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.hsd1.nj.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:43:177f:f5ff:ffe5(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::43:177f:f5ff:ffe5%13(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4006:806::1007
 74.125.226.3
 74.125.226.7
 74.125.226.9
 74.125.226.1
 74.125.226.0
 74.125.226.5
 74.125.226.4
 74.125.226.8
 74.125.226.2
 74.125.226.6
 74.125.226.14
 
 
Pinging google.com [2607:f8b0:4006:808::1004] with 32 bytes of data:
Reply from 2607:f8b0:4006:808::1004: time=20ms 
Reply from 2607:f8b0:4006:808::1004: time=19ms 
 
Ping statistics for 2607:f8b0:4006:808::1004:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 20ms, Average = 19ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=88ms TTL=47
Reply from 206.190.36.45: bytes=32 time=86ms TTL=47
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 88ms, Average = 87ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 27 0e 23 0c 05 ......Intel® 82578DC Gigabit Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.26     20
         10.0.0.0    255.255.255.0         On-link         10.0.0.26    276
        10.0.0.26  255.255.255.255         On-link         10.0.0.26    276
       10.0.0.255  255.255.255.255         On-link         10.0.0.26    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.26    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.26    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::21d:d3ff:fe9e:8be1
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:43:177f:f5ff:ffe5/128
                                    On-link
 11     28 2601:c:1180:15b::/64     On-link
 11    276 2601:c:1180:15b:71c1:fcb9:6947:11aa/128
                                    On-link
 11    276 2601:c:1180:15b:ed2e:3cde:212a:23a6/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::43:177f:f5ff:ffe5/128
                                    On-link
 11    276 fe80::ed2e:3cde:212a:23a6/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/19/2014 11:33:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 11:33:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/19/2014 11:33:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/19/2014 11:27:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/19/2014 11:25:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/19/2014 11:25:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/19/2014 10:37:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 10:20:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 08:42:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2014 09:45:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/19/2014 08:32:27 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (09/15/2014 08:26:43 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (09/11/2014 11:43:57 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/11/2014 11:43:03 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (09/11/2014 11:37:37 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/11/2014 08:54:26 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff8800ffb1ec0, 0xfffff88005239b30, 0x0000000000000000)C:\Windows\MEMORY.DMP091114-19156-01
 
Error: (09/11/2014 08:54:22 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:51:51 PM on ‎9/‎11/‎2014 was unexpected.
 
Error: (09/11/2014 05:17:53 AM) (Source: BugCheck) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP091114-25490-01
 
Error: (09/11/2014 05:17:44 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:15:59 AM on ‎9/‎11/‎2014 was unexpected.
 
Error: (09/10/2014 04:24:45 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff8800f0bf29c, 0xfffff8800602ea90, 0x0000000000000000)C:\Windows\MEMORY.DMP091014-24148-01
 
 
Microsoft Office Sessions:
=========================
Error: (09/19/2014 11:33:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 11:33:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Battman\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/19/2014 11:33:18 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Battman\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/19/2014 11:27:52 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Battman\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/19/2014 11:25:15 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Battman\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/19/2014 11:25:12 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Battman\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/19/2014 10:37:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 10:20:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2014 08:42:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2014 09:45:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-11 23:43:03.196
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-11 23:43:03.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
 
=========================== Installed Programs ============================
4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40811 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Blade Symphony (HKLM-x32\...\Steam App 225600) (Version:  - Puny Human)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Deluge 1.3.7 (HKLM-x32\...\Deluge) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
Intel® Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Intel® Network Connections 17.0.200.2 (Version: 17.0.200.2 - Intel) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MPC-HC 1.7.6 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.6 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Retro City Rampage™ (HKLM-x32\...\Steam App 204630) (Version:  - Vblank Entertainment, Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
The Sims Complete Collection (HKLM-x32\...\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}) (Version:  - )
The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Urban Chaos (HKLM-x32\...\GOGPACKURBANCHAOS_is1) (Version: 2.0.0.11 - GOG.com)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 56%
Total physical RAM: 4086.33 MB
Available physical RAM: 1789.86 MB
Total Pagefile: 8172.66 MB
Available Pagefile: 2953.56 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.61 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.51 GB) (Free:861.64 GB) NTFS
2 Drive d: (Spare Disk) (Fixed) (Total:1765.21 GB) (Free:485.99 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BATTMAN-PC
 
Administrator            Battman                  Guest                    
 
========================= Restore Points ==================================
 
10-09-2014 20:29:21 1
10-09-2014 22:08:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
10-09-2014 22:09:11 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
10-09-2014 22:11:15 Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
11-09-2014 09:35:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
12-09-2014 06:56:13 Installed DirectX
16-09-2014 15:11:04 Windows Update
19-09-2014 12:29:56 Device Driver Package Install: Mad Catz Mice and other pointing devices
19-09-2014 12:30:52 Device Driver Package Install: Mad Catz Human Interface Devices
 
**** End of log ****
 


#8 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 19 September 2014 - 02:37 PM

Hello, 
 
Please consider the following warning. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngCRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Cracked software is not only unethical and illegal; it is also a serious security risk – your infected computer is evidence of this. Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.

I suggest you remove all traces of cracked software from your machine immediately.

 


 
Empty your Recycle Bin (right-click Recycle Bin + click Empty).

MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Deleting files/folders...
    del /f /s /q "C:\Documents and Settings\Battman\Downloads\Setup(1).exe"
    del /f /s /q "C:\Users\Battman\Downloads\Setup(1).exe"
    del /f /s /q "D:\Games\GOG Games\The Chronicles of Riddick - Assault on Dark Athena\System\Win32_x86\dvm.dll"
    del /f /s /q "D:\Games\MGQ Parts 1-3 100% Translated\mod\Spirits\Messenger Plus! Live 5.00.702.zip"
    del /f /s /q "D:\Games\MGQ Parts 1-3 100% Translated\mod\Spirits\Setup-MsgPlus-511.exe"
    echo.
    echo Finished.
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.

How is your computer performing? Any outstanding issues?


Posted Image

#9 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 September 2014 - 02:53 PM

Hello, 
 
Please consider the following warning. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngCRACKED SOFTWARE WARNING

------------------------------

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Cracked software is not only unethical and illegal; it is also a serious security risk – your infected computer is evidence of this. Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.

I suggest you remove all traces of cracked software from your machine immediately.

 


 
Empty your Recycle Bin (right-click Recycle Bin + click Empty).

MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    echo Deleting files/folders...
    del /f /s /q "C:\Documents and Settings\Battman\Downloads\Setup(1).exe"
    del /f /s /q "C:\Users\Battman\Downloads\Setup(1).exe"
    del /f /s /q "D:\Games\GOG Games\The Chronicles of Riddick - Assault on Dark Athena\System\Win32_x86\dvm.dll"
    del /f /s /q "D:\Games\MGQ Parts 1-3 100% Translated\mod\Spirits\Messenger Plus! Live 5.00.702.zip"
    del /f /s /q "D:\Games\MGQ Parts 1-3 100% Translated\mod\Spirits\Setup-MsgPlus-511.exe"
    echo.
    echo Finished.
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.

How is your computer performing? Any outstanding issues?

Thank you for all your help, my PC is running wonderfully now. I kept the Dark Athena file, I trust the site I got that from and bought the game legitimately and I think it's just a crack they use to get around a now defunct DRM system. I removed the others though(the .bat didn't seem to get rid of them), two are shady setup files and the others are even shadier files for a game I don't know why I downloaded. Thank you again for all your help.


Edited by TheCrippledPizza, 19 September 2014 - 02:54 PM.


#10 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 19 September 2014 - 02:57 PM

OK, sounds good.
 
Lets update your vulnerable programmes to avoid the risk of reinfection, and then we can remove the tools we've used. 
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

  • u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates.
     

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Flash Player 10 ActiveX
  • Follow the prompts and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) AVOiBNU.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt

Posted Image

#11 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 September 2014 - 06:14 AM

Here is the log for the security check:

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
Thank you again for all your help. My mouse is still acting strange but I have a feeling the mouse is just dying or something like that.


#12 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 20 September 2014 - 09:53 AM

Hello, 

 

Have you tried connecting a different mouse? 


Posted Image

#13 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 September 2014 - 10:46 AM

Hello, 

 

Have you tried connecting a different mouse? 

I haven't used a new mouse but I've tried a new surface, which seems to have fixed the problem. It's a Cyborg R.A.T. 7 which is an optical mouse, and one known to be sensitive to boot, so I think my dirty old mousepad just needs to be tossed in the wash or replaced.



#14 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 20 September 2014 - 10:51 AM

Great, glad to hear! Now for the good news.

 

All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
 
STEP 1
9SN2ePL.png ComboFix Uninstall

  • If ComboFix is still installed from when you used the programme, please follow the instructions below. If not, skip to STEP 2.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. 
 
Thank you for using BleepingComputer.
 
Safe Surfing.  :thumbup2: 
Adam (LiquidTension).


Posted Image

#15 TheCrippledPizza

TheCrippledPizza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 20 September 2014 - 01:04 PM

Uh oh. I tried to uninstall ComboFix using the method you posted but it just tells me "Windows cannot find ComboFix" even though it's spelled right and is definitely installed on my computer. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users