Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Program.exe Bad Image Popup


  • This topic is locked This topic is locked
7 replies to this topic

#1 naroots

naroots

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 27 September 2014 - 05:25 AM

Hello! Recently downloaded something super sketchy thinking it was something else entirely and now I'm almost positive I've got a virus of some kind.

After realization dawned on me and I trashed the download, it was too late !!

 

33b50e4f6f56bf8a48439de5052e36c0.png

 

This pops up almost all the time, depending on which types of programs I'm trying to run...!

It seems that only programs that utilize my graphics card get the popup... but I could be wrong. 

Tried to find an easy solution online, but most results just pointed me here, so I figure it's worth a shot to ask for help!

Or a point in the right direction if this isn't a virus at all hahaha

Thanks! 

 

Here's the DDS log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.67.2
Run by meedles at 3:04:24 on 2014-09-27
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3767.1425 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\meedles\Desktop\I HAVE TO PISS\Easy Paint Tool SAI\sai.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = dnf.neople.com
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{5F6219D2-40A1-43BF-8FFC-0DE3879FF446} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AA053D45-882B-4E94-BDDA-35D2AE03F46A} : DHCPNameServer = 192.168.0.1 205.171.2.226
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-4-18 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-4-18 224896]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-4-18 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-4-18 427360]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-4-18 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-4-18 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-22 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-25 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-25 860472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-27 2320920]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2014-4-10 656664]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2010-3-22 295088]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-10-11 56344]
R3 hidkmdf;KMDF Driver;C:\windows\System32\drivers\hidkmdf.sys [2014-4-10 14136]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2009-10-11 233984]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-9-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-9-25 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-9-25 63704]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
R3 WacHidRouter;Wacom Hid Router;C:\windows\System32\drivers\wachidrouter.sys [2014-4-10 102200]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\windows\System32\drivers\wacomrouterfilter.sys [2014-4-10 15160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-9-22 21712]
S3 mferkdk;McAfee Inc. mferkdk;C:\windows\System32\drivers\mferkdk.sys [2010-7-27 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\System32\drivers\mfesmfk.sys [2010-7-27 49480]
S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-9-22 16152]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-09-27 00:41:45 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{87447CB5-487E-4B3B-8E2D-C323576C949B}\offreg.dll
2014-09-25 19:51:05 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-25 19:50:48 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-09-25 19:50:48 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-09-25 19:50:48 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-25 19:50:48 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-25 19:50:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 19:49:59 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-09-25 18:50:17 -------- d-----w- C:\Users\meedles\AppData\Local\gtk-2.0
2014-09-25 18:50:14 -------- d-----w- C:\Users\meedles\.thumbnails
2014-09-25 18:48:02 -------- d-----w- C:\Users\meedles\AppData\Local\fontconfig
2014-09-25 18:48:01 -------- d-----w- C:\Users\meedles\AppData\Local\gegl-0.2
2014-09-25 18:48:01 -------- d-----w- C:\Users\meedles\.gimp-2.8
2014-09-25 18:34:18 -------- d-----w- C:\Program Files\GIMP 2
2014-09-24 05:12:41 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain
2014-09-23 12:07:37 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2014-09-23 12:07:37 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2014-09-23 12:07:37 48960 ----a-w- C:\windows\System32\netfxperf.dll
2014-09-23 12:07:37 444752 ----a-w- C:\windows\System32\mscoree.dll
2014-09-23 12:07:37 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2014-09-23 12:07:37 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2014-09-23 12:07:37 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2014-09-23 12:07:37 1942856 ----a-w- C:\windows\System32\dfshim.dll
2014-09-23 12:07:37 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2014-09-23 12:07:37 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2014-09-22 17:24:00 43152 ----a-w- C:\windows\avastSS.scr
2014-09-22 17:08:25 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-22 16:59:51 98816 ----a-w- C:\windows\sed.exe
2014-09-22 16:59:51 256000 ----a-w- C:\windows\PEV.exe
2014-09-22 16:59:51 208896 ----a-w- C:\windows\MBR.exe
2014-09-22 16:47:53 -------- d-----w- C:\ProgramData\Max Secure
2014-09-22 15:50:53 -------- d-----w- C:\Users\meedles\AppData\Local\Max Secure Software
2014-09-22 15:50:24 -------- d-----w- C:\Users\meedles\AppData\Roaming\GetRightToGo
2014-09-22 15:10:34 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-09-22 15:10:32 -------- d-----w- C:\Users\meedles\AppData\Local\SlimWare Utilities Inc
2014-09-22 15:08:20 21712 ----a-w- C:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-09-22 15:08:20 -------- d-----w- C:\Users\meedles\AppData\Local\eSupport.com
2014-09-22 15:08:17 -------- d-----w- C:\Program Files (x86)\eSupport.com
2014-09-22 09:01:17 -------- d-----w- C:\Program Files (x86)\Toontown Rewritten
2014-09-20 20:03:13 -------- d-----w- C:\Users\meedles\AppData\Local\LogMeIn
2014-09-20 20:03:13 -------- d-----w- C:\ProgramData\LogMeIn
2014-09-20 18:39:32 -------- d-----w- C:\ProgramData\Oracle
2014-09-20 18:39:09 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-19 08:04:35 -------- d-----w- C:\Program Files (x86)\NCSOFT
2014-09-19 07:26:26 -------- d--h--w- C:\windows\msdownld.tmp
2014-09-19 07:26:19 -------- d-----w- C:\windows\SysWow64\directx
2014-09-19 07:25:36 -------- d-----w- C:\Program Files (x86)\NCWest
.
==================== Find3M  ====================
.
2014-09-22 17:24:01 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-09-22 17:24:01 92008 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-09-22 17:24:01 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-09-22 17:24:01 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-09-22 17:24:01 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-09-22 17:24:01 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-09-22 17:24:01 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-08-19 19:12:18 2006808 ----a-w- C:\windows\System32\WacomMT.dll
2014-08-19 19:12:18 1991448 ----a-w- C:\windows\System32\Pen_Tablet.dll
2014-08-19 19:12:18 1984792 ----a-w- C:\windows\System32\Pen_Touch_Tablet.dll
2014-08-19 19:12:18 1858328 ----a-w- C:\windows\System32\Wintab32.dll
2014-08-19 19:12:16 1614104 ----a-w- C:\windows\SysWow64\Pen_Tablet.dll
2014-08-19 19:12:16 1610008 ----a-w- C:\windows\SysWow64\WacomMT.dll
2014-08-19 19:12:16 1607448 ----a-w- C:\windows\SysWow64\Pen_Touch_Tablet.dll
2014-08-19 19:12:16 1493784 ----a-w- C:\windows\SysWow64\Wintab32.dll
2014-08-06 18:15:50 15160 ----a-w- C:\windows\System32\drivers\wacomrouterfilter.sys
2014-08-06 18:15:50 14136 ----a-w- C:\windows\System32\drivers\hidkmdf.sys
2014-08-06 18:15:50 102200 ----a-w- C:\windows\System32\drivers\wachidrouter.sys
.
============= FINISH:  3:05:38.46 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 27 September 2014 - 08:11 AM

Hello naroots and Welcome to the BleepingComputer. :welcome:  

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 27 September 2014 - 09:00 AM

Hi naroots,
 
Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Please uninstall the following applications:
 
McAfee - McShield
Spyware Detector
Windows Live Toolbar
C:\Program Files (x86)\McAfee

---------------------------------------------
 
Please do the following for me
 
Step 1:

Please download SystemLook from one of the links below and save it to your Desktop.
Download 1
Download 2

  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
:filefind
igdumdx32.dLL
Spyware Detector

:folderfind
igdumdx32.dLL
Spyware Detector

:regfind
igdumdx32.dLL
Spyware Detector
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan.
  • Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Step 2:

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 naroots

naroots
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 27 September 2014 - 04:44 PM

I was only able to locate & remove both of the McAfee applications, the other two do not show up in my programs and features lists

should I continue on with the rest of your instructions regardless? 



#5 naroots

naroots
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:17 AM

Posted 27 September 2014 - 05:18 PM

I went ahead and did it anyway to save time seeing as I'm about to log off for the rest of today, hopefully it will not mess up my results too much. 
 
SystemLook log: 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 14:49 on 27/09/2014 by meedles
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "igdumdx32.dLL"
C:\Windows\System32\DriverStore\FileRepository\igdlh64i.inf_amd64_neutral_66b53d49f707aade\igdumdx32.dll --a---- 550912 bytes [03:38 12/10/2009] [09:23 24/09/2009] 67A819022CCD0DE27BC7F965969E9975
C:\Windows\System32\DriverStore\FileRepository\kit51428.inf_amd64_neutral_7942d446fc06021f\igdumdx32.dll --a---- 581120 bytes [20:44 19/02/2013] [20:44 19/02/2013] 943CC558FF2DBEAB34BEBDAF8DA4E097
C:\Windows\SysWOW64\igdumdx32.dll --a---- 581120 bytes [03:38 12/10/2009] [20:44 19/02/2013] 943CC558FF2DBEAB34BEBDAF8DA4E097
 
Searching for "Spyware Detector"
No files found.
 
========== folderfind ==========
 
Searching for "igdumdx32.dLL"
No folders found.
 
Searching for "Spyware Detector"
No folders found.
 
========== regfind ==========
 
Searching for "igdumdx32.dLL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{F1640175-839A-4B3A-8006-D5D25DD10CD5}\0000]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{F1640175-839A-4B3A-8006-D5D25DD10CD5}\0001]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{F1640175-839A-4B3A-8006-D5D25DD10CD5}\0000]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{F1640175-839A-4B3A-8006-D5D25DD10CD5}\0001]
"UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"
 
Searching for "Spyware Detector"
[HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Download Manager\22005F59D41CE6EE2D97DE5D4E88E87F]
"Title"="Spyware Detector"
[HKEY_CURRENT_USER\Software\Digital River\SoftwarePassport\Max Secure Software\Spyware Detector]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ca76247b_0]
@="{0.0.0.00000000}.{08748e96-1e6b-4336-9f54-3da1a81db4d9}|\Device\HarddiskVolume2\Program Files\Max Spyware Detector\MaxSDUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-4197506940-3405119554-1202652740-1001\Software\Digital River\SoftwarePassport\Download Manager\22005F59D41CE6EE2D97DE5D4E88E87F]
"Title"="Spyware Detector"
[HKEY_USERS\S-1-5-21-4197506940-3405119554-1202652740-1001\Software\Digital River\SoftwarePassport\Max Secure Software\Spyware Detector]
[HKEY_USERS\S-1-5-21-4197506940-3405119554-1202652740-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ca76247b_0]
@="{0.0.0.00000000}.{08748e96-1e6b-4336-9f54-3da1a81db4d9}|\Device\HarddiskVolume2\Program Files\Max Spyware Detector\MaxSDUI.exe%b{00000000-0000-0000-0000-000000000000}"
 
-= EOF =-
 
ComboFix log:
 
ComboFix 14-09-24.01 - meedles 09/27/2014  15:08:54.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3767.1685 [GMT -7:00]
Running from: c:\users\meedles\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-27 to 2014-09-27  )))))))))))))))))))))))))))))))
.
.
2014-09-27 22:13 . 2014-09-27 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-25 19:51 . 2014-09-27 21:33 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-25 19:50 . 2014-09-25 19:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-25 19:50 . 2014-09-25 19:50 -------- d-----w- c:\programdata\Malwarebytes
2014-09-25 19:50 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-25 19:50 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-25 19:50 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 19:49 . 2014-09-25 19:50 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2014-09-25 18:50 . 2014-09-25 18:52 -------- d-----w- c:\users\meedles\AppData\Local\gtk-2.0
2014-09-25 18:50 . 2014-09-25 18:50 -------- d-----w- c:\users\meedles\.thumbnails
2014-09-25 18:48 . 2014-09-25 18:48 -------- d-----w- c:\users\meedles\AppData\Local\fontconfig
2014-09-25 18:48 . 2014-09-25 18:54 -------- d-----w- c:\users\meedles\.gimp-2.8
2014-09-25 18:48 . 2014-09-25 18:48 -------- d-----w- c:\users\meedles\AppData\Local\gegl-0.2
2014-09-25 18:34 . 2014-09-25 18:34 -------- d-----w- c:\program files\GIMP 2
2014-09-24 05:12 . 2014-09-24 05:12 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
2014-09-23 12:10 . 2014-09-23 12:10 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-09-23 12:07 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2014-09-23 12:07 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2014-09-23 12:07 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2014-09-23 12:07 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2014-09-23 12:07 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2014-09-23 12:07 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-09-23 12:07 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-09-23 12:07 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2014-09-23 12:07 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2014-09-23 12:07 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2014-09-22 17:24 . 2014-09-22 17:24 43152 ----a-w- c:\windows\avastSS.scr
2014-09-22 16:47 . 2014-09-22 16:48 -------- d-----w- c:\programdata\Max Secure
2014-09-22 15:50 . 2014-09-22 15:50 -------- d-----w- c:\users\meedles\AppData\Local\Max Secure Software
2014-09-22 15:50 . 2014-09-22 15:50 -------- d-----w- c:\users\meedles\AppData\Roaming\GetRightToGo
2014-09-22 15:23 . 2014-09-22 15:23 -------- d-----w- c:\programdata\Intel
2014-09-22 15:10 . 2014-09-22 15:22 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-09-22 15:10 . 2014-09-22 15:10 -------- d-----w- c:\users\meedles\AppData\Local\SlimWare Utilities Inc
2014-09-22 15:08 . 2014-09-22 15:08 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-09-22 15:08 . 2014-09-22 15:08 -------- d-----w- c:\users\meedles\AppData\Local\eSupport.com
2014-09-22 15:08 . 2014-09-22 15:08 -------- d-----w- c:\program files (x86)\eSupport.com
2014-09-22 09:01 . 2014-09-22 09:29 -------- d-----w- c:\program files (x86)\Toontown Rewritten
2014-09-20 20:03 . 2014-09-20 20:03 -------- d-----w- c:\users\meedles\AppData\Local\LogMeIn
2014-09-20 20:03 . 2014-09-20 20:03 -------- d-----w- c:\programdata\LogMeIn
2014-09-20 18:40 . 2014-09-20 18:40 -------- d-----w- c:\users\meedles\AppData\Roaming\Oracle
2014-09-20 18:39 . 2014-09-20 18:39 -------- d-----w- c:\programdata\Oracle
2014-09-20 18:39 . 2014-09-20 18:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-09-20 18:39 . 2014-09-20 18:39 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-20 18:38 . 2014-09-20 18:38 -------- d-----w- c:\program files (x86)\Java
2014-09-19 14:40 . 2014-09-19 14:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-19 08:04 . 2014-09-19 08:04 -------- d-----w- c:\program files (x86)\NCSOFT
2014-09-19 07:26 . 2014-09-19 07:45 -------- d--h--w- c:\windows\msdownld.tmp
2014-09-19 07:25 . 2014-09-19 07:25 -------- d-----w- c:\program files (x86)\NCWest
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 17:24 . 2014-04-18 09:09 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-22 17:24 . 2014-05-06 16:29 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-22 17:24 . 2014-04-18 09:09 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-09-22 17:24 . 2014-04-18 09:09 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-22 17:24 . 2014-04-18 09:09 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-22 17:24 . 2014-04-18 09:09 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-22 17:24 . 2014-04-18 09:09 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-09-22 17:24 . 2014-04-18 09:09 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-22 17:24 . 2014-04-18 09:09 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-19 19:12 . 2014-04-11 00:29 2006808 ----a-w- c:\windows\system32\WacomMT.dll
2014-08-19 19:12 . 2014-04-11 00:29 1991448 ----a-w- c:\windows\system32\Pen_Tablet.dll
2014-08-19 19:12 . 2014-04-11 00:29 1984792 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2014-08-19 19:12 . 2014-04-11 00:29 1858328 ----a-w- c:\windows\system32\Wintab32.dll
2014-08-19 19:12 . 2014-04-11 00:29 1614104 ----a-w- c:\windows\SysWow64\Pen_Tablet.dll
2014-08-19 19:12 . 2014-04-11 00:29 1610008 ----a-w- c:\windows\SysWow64\WacomMT.dll
2014-08-19 19:12 . 2014-04-11 00:29 1607448 ----a-w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
2014-08-19 19:12 . 2014-04-11 00:29 1493784 ----a-w- c:\windows\SysWow64\Wintab32.dll
2014-08-06 18:15 . 2014-04-11 00:29 15160 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys
2014-08-06 18:15 . 2014-04-11 00:29 14136 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2014-08-06 18:15 . 2014-04-11 00:29 102200 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-31 2990304]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 759496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 102400]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-22 4085896]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-09-19 526240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-24 23:00 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10 01:52]
.
2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10 01:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-22 17:24 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\meedles\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}"="c:\windows\test.bat" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-23 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-23 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-23 418800]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
.
------- Supplementary Scan -------
.
uStart Page = dnf.neople.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.2.226
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-27  15:15:08
ComboFix-quarantined-files.txt  2014-09-27 22:15
ComboFix2.txt  2014-09-27 22:02
ComboFix3.txt  2014-09-22 17:08
.
Pre-Run: 325,514,395,648 bytes free
Post-Run: 325,251,776,512 bytes free
.
- - End Of File - - B3601906386E2B0C45366FD3E7375A90
A36C5E4F47E84449FF07ED3517B43A31


#6 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 28 September 2014 - 08:47 AM

Hi naroots,

 

When this problem first started ?  The  file name seems to have changed in the registry.

 

C:\windows\system32\igdumdx32.dLL -----> "UserModeDriverNameWow"="igdumdx32.dll igd10umd32.dll"

------

And Spyware Detector software I see in the system. Max Secure Software\Spyware Detector is "rogue/suspect" anti-spyware.

 

Your load time -----> RP17: 9/22/2014 9:49:45 AM - Installed Spyware Detector

---

I see your system restore points.

 

RP9: 9/19/2014 1:00:55 AM - Installed DirectX  ------>Did you have a problem here program.exe ?

----------------------------------------------------------------------------------------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
Please uninstall the following applications:

 

Max Secure Software\Spyware Detector

------------------------------------------------------------------------------------------

 

Step 1:

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached txt.gif  CFScript.txt   1.67KB   0 downloads and save it to the location where Combofix is saved to.

 

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step 2:
 
Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

---------------------------------------------------------------------------------------

 

and let me know how your system is running. Does the error persists ?

 

 

Have a nice day.

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 30 September 2014 - 06:04 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 02 October 2014 - 05:26 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users