Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with malware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with malware.

Unread postby blahman » March 5th, 2014, 1:25 pm

Hi guys,

I've picked up something nasty. It seems to be dug in deep. Most of my virus/malware scanners won't work. A message says that they cannot be found or that I don't have the right permissions. Any help would be greatly appreciated.

Thanks.

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.25.2
Run by Administrator at 17:15:59 on 2014-03-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3070.2539 [GMT 0:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Windows Server\wserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uWinlogon: Shell = explorer.exe,"c:\windows\system32\windows server\wserver.exe"
uRun: [HijackThis startup scan] c:\users\administrator\maintenance\hijackthis\HijackThis.exe /startupscan
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B8373335-FFC5-4EC0-9845-18A9B89B511E} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
IFEO: AvastSvc.exe - nqij.exe
IFEO: AvastUI.exe - nqij.exe
IFEO: avcenter.exe - nqij.exe
IFEO: avconfig.exe - nqij.exe
IFEO: avgcsrvx.exe - nqij.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\pczz5a69.default\
FF - prefs.js: browser.startup.homepage - www.google.ie
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-23 78416]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-23 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-23 51280]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-3-4 43368]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-2-19 1222680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-13 22216]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-6-25 20168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-23 147640]
S4 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S4 MBAMService;MBAMService;c:\users\administrator\maintenance\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]
S4 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2012-9-5 4590968]
S4 OODefragAgent;O&O Defrag Agent;c:\users\administrator\maintenance\o&o defrag\oodag.exe [2011-6-29 2468168]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
.
=============== File Associations ===============
.
ShellExec: javaw.exe: open="javaw.exe" "-classpath" "c:\program files\weka-3-6" "runweka" "-i" "c:\program files\weka-3-6\runweka.ini" "-w" "c:\program files\weka-3-6\weka.jar" "-c" "explorer" "%1"
.
=============== Created Last 30 ================
.
2014-03-05 16:07:48 -------- d-----w- C:\ComboFix
2014-03-05 15:52:20 -------- d-----w- C:\FRST
2014-03-04 23:06:36 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2014-03-04 23:06:35 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-03-04 20:53:15 5186850 ----a-w- C:\ComboFix.exe
2014-03-04 19:40:25 -------- d-----w- c:\users\administrator\appdata\local\Adobe
2014-03-04 19:32:35 -------- d-sh--w- c:\windows\system32\Windows Server
2014-03-03 20:35:01 -------- d-----w- c:\users\administrator\appdata\roaming\NVIDIA
2014-02-26 17:41:27 -------- d-----w- c:\windows\Migration
2014-02-26 17:35:33 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-02-26 17:35:33 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-02-26 17:35:33 155648 ----a-w- c:\windows\system32\wscript.exe
2014-02-26 17:35:33 135168 ----a-w- c:\windows\system32\cscript.exe
2014-02-26 17:35:33 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-02-26 17:35:32 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-26 17:35:31 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-02-26 17:35:31 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-02-26 17:35:31 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2014-02-26 17:35:31 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-02-26 17:35:31 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-26 17:35:27 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-02-26 17:06:16 664864 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-26 17:06:16 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-02-26 17:06:16 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-26 17:06:16 376096 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-26 17:06:16 3045664 ----a-w- c:\windows\system32\nvsvc.dll
2014-02-26 17:06:05 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-23 21:00:33 -------- d-----w- c:\program files\Westwood
2014-02-17 16:52:28 -------- d-----w- c:\program files\FXpansion
2014-02-11 20:39:10 -------- dc-h--w- c:\programdata\{7E15FB3A-A743-4BAD-9286-E6F67959668B}
2014-02-11 19:25:10 -------- dc-h--w- c:\programdata\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}
2014-02-07 16:41:04 -------- d-----w- c:\programdata\CODEX
.
==================== Find3M ====================
.
2014-03-03 17:28:12 89680 ----a-w- c:\users\administrator\MSSSerif120.fon
2014-02-28 20:01:36 448 ----a-w- c:\windows\system32\msvcsv60.dll
2014-02-26 13:30:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-26 13:30:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-19 11:50:42 240 ----a-w- c:\users\administrator\appdata\roaming\msregsvv.dll
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-14 02:44:12 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 17:17:16.72 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/06/2009 18:05:00
System Uptime: 05/03/2014 17:13:19 (0 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz | CPU 1 | 2666/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 259.982 GiB free.
D: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 10.632 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.{B8373335-FFC5-4EC0-9845-18A9B89B511E}
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02AC1028&REV_02\0000000300
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02AC1028&REV_02\0000000300
Service: RTL8169
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0BDA&PID_0151\20060413092100000
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0BDA&PID_0151\20060413092100000
Service: USBSTOR
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: AvastSvc.exe - nqij.exe
IFEO: AvastUI.exe - nqij.exe
IFEO: avcenter.exe - nqij.exe
IFEO: avconfig.exe - nqij.exe
IFEO: avgcsrvx.exe - nqij.exe
IFEO: avgidsagent.exe - nqij.exe
IFEO: avgnt.exe - nqij.exe
IFEO: avgrsx.exe - nqij.exe
IFEO: avguard.exe - nqij.exe
IFEO: avgui.exe - nqij.exe
IFEO: avgwdsvc.exe - nqij.exe
IFEO: avp.exe - nqij.exe
IFEO: avscan.exe - nqij.exe
IFEO: bdagent.exe - nqij.exe
IFEO: blindman.exe - nqij.exe
IFEO: ccuac.exe - nqij.exe
IFEO: ComboFix.exe - nqij.exe
IFEO: egui.exe - nqij.exe
IFEO: hijackthis.exe - nqij.exe
IFEO: instup.exe - nqij.exe
IFEO: keyscrambler.exe - nqij.exe
IFEO: mbam.exe - nqij.exe
IFEO: mbamgui.exe - nqij.exe
IFEO: mbampt.exe - nqij.exe
IFEO: mbamscheduler.exe - nqij.exe
IFEO: mbamservice.exe - nqij.exe
IFEO: MpCmdRun.exe - nqij.exe
IFEO: MSASCui.exe - nqij.exe
IFEO: MsMpEng.exe - nqij.exe
IFEO: msseces.exe - nqij.exe
IFEO: rstrui.exe - nqij.exe
IFEO: SDFiles.exe - nqij.exe
IFEO: SDMain.exe - nqij.exe
IFEO: SDWinSec.exe - nqij.exe
IFEO: spybotsd.exe - nqij.exe
IFEO: wireshark.exe - nqij.exe
IFEO: zlclient.exe - nqij.exe
.
==== Installed Programs ======================
.
'Borderlands' (v.1.4.1)
ABL 2.9.1
ABLPro 1.5.0
ADM 1.2.1
Adobe AIR
Adobe Audition CS6
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.1
AmpliTube 3 version 3.11.0
Analog Factory SE 1.2
Antares Auto-Tune Evo VST
Antares Avox 1.06
ARP2600 V
ARP2600 V2 2.0
Art Vista Virtual Grand Piano
ASIO4ALL
Atmosphere
µTorrent
AudioEase Altiverb VST RTAS v6.12
AudioEase Speakersphone VST RTAS v1.03
avast! Antivirus
Best Service Chris Hein Horns
bl
Blade Runner
Broomstick Bass 1.0.0
Canon MG3100 series MP Drivers
Canon MP Navigator EX 5.0
CDDRV_Installer
CDisplayEx 1.9.16
Compatibility Pack for the 2007 Office system
Creative Audio Control Panel
Creative Sound Blaster Properties
CS-80V 1.6
CSR
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Music Converter
Dimension Pro
DreamStation DXi2
Drumazon
Drumtracker
ElastikVst
EZdrummer
EZkeys Classic Electrics
EZkeys Grand Piano
EZkeys Player 32-bit
EZkeys Retro Electrics
EZkeys Upright Piano
EZmix 32-bit
EZplayer pro
EZXAmericana
EZXClaustrophobic
EZXCocktail
EZXDfh
EZXElectronic
EZXFunkmasters
EZXJazz
EZXMetalHeads
EZXMetalMachine
EZXNashville
EZXPercussion
EZXPop
EZXTheClassic part1
EZXTheClassic part2
EZXTwisted
EZXVintage
FL Studio 11
FMRTE 14.2.2.29
Free AVI Video Converter version 5.0.32.1230
Free YouTube Download version 3.2.20.1230
FXpansion Tremor
GForce - Minimonsta
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL Download Manager
IL Shared Libraries
iZotope RX
iZotope Trash 2
iZotope Vinyl
JamVOX
Java 7 Update 25
Java Auto Updater
Java SE Development Kit 7 Update 25
Jun's Factory JM-1
KhalInstallWrapper
Library of the Extreme
LibreOffice 3.6
Line 6 Uninstaller
LinPlug RMV
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.2.1300
Mark Studio 1 1.1
Metal EZmix pack
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.0
Microsoft Office Professional Edition 2003
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual F# 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Miroslav Philharmonik
Miroslav Philharmonik Instruments
Monster MIDI Fills Pack
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Native Instruments Absynth 4
Native Instruments Absynth 5
Native Instruments B4 II
Native Instruments Controller Editor
Native Instruments Elektrik Piano
Native Instruments Elektrik Piano 1.5
Native Instruments Enhanced EQ
Native Instruments FM8
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig Mobile I/O
Native Instruments Guitar Rig Session I/O
Native Instruments Kontakt 4
Native Instruments Maschine
Native Instruments Maschine Controller
Native Instruments Maschine Mikro
Native Instruments Massive
Native Instruments Passive EQ
Native Instruments Pro-53
Native Instruments Reaktor 5
Native Instruments Rig Kontrol 3
Native Instruments Service Center
Native Instruments Transient Master FX
Native Instruments True School
Native Instruments Vari Comp
Native Instruments Vokator
Nepheton
New York Studio Legacy Vol1 MIDI
NVIDIA Control Panel 334.89
NVIDIA Graphics Driver 334.89
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
O&O Defrag Professional
Odd Monster MIDI Fills Pack
ODF Add-in for Microsoft Office
ph
Pianoteq v2.3.0
PoiZone
Prophet V 1.2
PSP VintageWarmer2 2.5.0 32bit
Ravernator V5.8.4 VSTi
reFX Nexus VSTi RTAS v2.2.0
RegSupreme Pro
ReValver Mk IIIdotV
Rock EZmix pack
SampleMoog
SampleTank 2
SampleTron
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype™ 6.3
SMPlayer 0.7.1
SONAR X1 Producer
Songwriters Pack
Songwriters Pack 2
Sonic RecordNow! Deluxe
Sonic Update Manager
Sonik Synth 2
Sound Blaster X-Fi
SoundToys Native Effects VST RTAS v4.1.0
Spark 1.7.1
Spybot - Search & Destroy
Steam
Sugar Bytes Cyclop 1.0.1
Sun ODF Plugin for Microsoft Office 3.1
Superior Drummer Installer
Sylenth1 v2.20
T-RackS 3 Deluxe
The Elder Scrolls V Skyrim - High Resolution Texture Pack
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1
Toontrack solo
Tracks Eraser Pro v8.0 build 1000
Trilogy
TruePianos 1.4.1
TruePianos: Amber Module 1.4.0
TruePianos: Diamond Module 1.4.0
TruePianos: Emerald Module 1.4.0
TruePianos: Sapphire Module 1.4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Virtual Midi Controller 3 LE
Waldorf Edition
WaveMachine Labs Drumagog Platinum VST.RTAS.v5.0.3b
Windows Live ID Sign-in Assistant
WinRAR archiver
Z3TA+ 2
.
==== Event Viewer Messages From Past Week ========
.
05/03/2014 17:15:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswSP DfsC NetBIOS netbt nsiproxy RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
05/03/2014 17:15:22, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
05/03/2014 17:15:22, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
05/03/2014 17:14:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
05/03/2014 17:14:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/03/2014 17:13:22, Error: sptd [4] - Driver detected an internal error in its data structures for .
05/03/2014 16:20:45, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
blahman
Active Member
 
Posts: 1
Joined: March 5th, 2014, 1:17 pm
Advertisement
Register to Remove

Re: Need help with malware.

Unread postby Gary R » March 5th, 2014, 4:57 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with malware.

Unread postby Gary R » March 5th, 2014, 5:02 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi blahman

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next ...

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: (don't include Code: Select all)
Code: Select all
:filefind
nqij.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need help with malware.

Unread postby Gary R » March 12th, 2014, 1:58 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware