Posted 09 September 2015 - 10:35 AM
My name is Tobias.
Im sitting on a MSI GT70 2PE Dominator Pro.
Intel Core i7-4810Q @2.8GHz (8 cpu)
Nvidia GeForce GTX880M
Killer Network e2200
So my laptops story so far.
Yesterday i thought that i should update my graph card. So i downloaded the update through the nvidia software. I download the update and begin to install (fresh custom) and it prompts me for the usual restart. But when the laptop starts my extra screen dosn't work.
Thats when all hell break lose.
I have been under the imprescion that my pc have been under some sort of malware attack, one reason was that i couldn't add extensions to Chrome.
So i made a fresh install of Chrome and added ghostery extensions, but i can't remember if i removed chrome remote desktop or videostream.
So there i am with a blacked out screen and only got my laptop.
But nvidiq dosn't start, even after a couple of minutes.
I notice a doublet of Rundll32 in taskmanager, chrome acting wierd.
Finding a googleggupdater.exe in the google folder, videostream activated as well as nvidia (but can't start it).
As i said before, i thought there was something wrong with lap. So i downloaded an ip tracker and found 3 ip's active, getting up the cmd to see where it comes from. But before i could do that i see one new ip and then it "split" into several inbounding so i decide to look that one up fast instead got ahold of the ip.
I quickly turn on recovery and set it back. But i can only set it back 2 months, but stressed out as i am i do it.
"Back" 2 months later and everything starts up fine i start up the prog & feat fast to uninstall chrome and started looking for the file googleggupdater, deleted it.
But then the fight over admin rights starts.
The time was maybe 01:00, at 05:00 i had what i thought secured my admin rights with changing the user in the regedit on the local path. But now im home and it still tries to take over.
I'm afraid to connect the pc to internet since i read the error logs in Computer Management that says Kernel-processor-power proces. 0 in group 0 limited by firmware event 37.
Perflib and perfnet trying to start different system32 dll's but the four bytes DWORD stops it. Also i think that the Virus has infected quite alot of the system.
I got some several users as well.
User folders stored in temporary locations.
So my friend is coming over so that i can at least download all your softwares that you might be needing to help me, if thats an option. I dont mind doing a recovery otherwise, but i don't know if it's safe.
If there is anything that you need me to do just tell me.