Windows 7 Virus Problem

[DrPerry]

Hey there, this post might be a bit long, but please read through it all! This is also my first post on this website, so pick me up on anything I have done wrong!

So I have a really annoying virus on my PC, which prevents me opening any .EXE program downloaded from the internet. It also prevents me from opening basic Windows programs, such as Paint, Notepad, and a lot more. The ones I cannot open have an icon of a small windows, as if the program is unknown or just has no icon at all. I also can't activate my Firewall which can get annoying due to the fact I like to host servers for multiple video games and with the Firewall not working this doesn't stop or allow any server to be activated through the router. Whenever I try and activate my Firewall, it doesn't do anything as if I had never pressed 'activate' at all.

Now that I have shared my problems, let me share what I have done. In the bottom right hand corner of my screen, where the clock display is, there is a small white image with a red circle and white cross in the middle. When I click on it, it tells me my important messages. Here's an image of it:

This is what happens when I click on each of the buttons:
'Virus Protection'

'Firewall'

'Windows Could Not Check For Updates'

'Set Up Backup'
It literally does nothing. Nothing at all.

Also here's an image of my Windows Program issue:

If I try and open any of those programs, nothing happens.

I have AVG and McAfee installed on my PC but they don't seem to detect this virus. Well, AVG doesn't, McAfee just tells me to turn on AVG protection, which just gives me a message saying some random crap. It goes the same for any .EXE file I open downloaded from the internet, which could get irritating considering I want to install multiple anti-virus protectors, but I can't. Here's an image of what happens when I try to install 'STOPZilla'. (Just another anti-virus)

Help would be much appreciated! If you have any questions, please don't hesitate to ask them, I will be watching this thread for a while.
Thanks in advance!

 

[johnb35]

Please follow these instructions carefully, you will need to run rkill.scr or rkill.com before you can download and install anything. Use a usb flashdrive to transfer the downloaded files to the infected machine and run them.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[DrPerry]

*sigh*

Right, I cannot open .EXE files downloaded from the internet, which includes Rkill. I have already been told to run Rkill, but I cannot in any shape or form, open it without getting a blue screen.

If I open it in Safe Mode, nothing changes. If I open it with a different name, nothing changes.

I cannot install Malware Bytes because you can't install anything in Safe Mode and I cannot open it in normal mode because that stupid error message appears.

Just to let you know, I have had previous help from another forum, but they decided to stop helping me. They got me to make various kinds of logs by opening different programs in Safe Mode. (That was the only way I could open them)
Here are the programs I was told to use to make logs;
- OTL
- RogueKiller
- ComboFix

I still have the logs for them, so if you need them, just ask.

 

[johnb35]

*sigh*

Right, I cannot open .EXE files downloaded from the internet, which includes Rkill. I have already been told to run Rkill, but I cannot in any shape or form, open it without getting a blue screen.

If I open it in Safe Mode, nothing changes. If I open it with a different name, nothing changes.

I cannot install Malware Bytes because you can't install anything in Safe Mode and I cannot open it in normal mode because that stupid error message appears.

Just to let you know, I have had previous help from another forum, but they decided to stop helping me. They got me to make various kinds of logs by opening different programs in Safe Mode. (That was the only way I could open them)
Here are the programs I was told to use to make logs;
- OTL
- RogueKiller
- ComboFix

I still have the logs for them, so if you need them, just ask.

I said that you needed to run rkill.scr or rkill.com. They are not .exe files and should run to temporarily kill the infection. Another thing I want you to try running is this.

http://www.raktor.net/exeHelper/exeHelper.com

This should restore you being able to run exe files.

Yes, I would like for you to post the combofix file for me please.

 

[DrPerry]

I still can't run Rkill. I have opened it in Safe Mode and made a report if you want that. Here is the Combo Fix log:

ComboFix 11-08-15.01 - Hayden 08/14/2011 16:50:11.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1985 [GMT 1:00]
Running from: c:\users\Hayden\Desktop\Combo-Fix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\Steam.exe
c:\users\Hayden\~DFD24F25E1FD98AB2C.TMP
c:\users\Hayden\jline_git-Bukkit-0_0_0-892-ga9ddbaa-b935jnks.dll
c:\users\Hayden\jvzc579n.vbt
c:\users\Hayden\MSI1.tmp
c:\users\Hayden\NGMDll.dll
c:\users\Hayden\NGMResource.dll
c:\users\Hayden\unicows.dll
c:\windows\system32\config\systemprofile\avg-02036467-355c-4b71-ad96-656c4c1d607c.tmp
c:\windows\system32\config\systemprofile\avg-0222c64b-80af-4a02-a7b3-335914402079.tmp
c:\windows\system32\config\systemprofile\avg-0341b873-42d5-4528-b2c7-aa2f463cac54.tmp
c:\windows\system32\config\systemprofile\avg-098fe61d-54e7-4a71-b199-a63f1305445c.tmp
c:\windows\system32\config\systemprofile\avg-09b11d5e-b6dd-4e15-9007-3950ac57e309.tmp
c:\windows\system32\config\systemprofile\avg-0bddec18-cf74-4b78-b9db-530c5a5ec941.tmp
c:\windows\system32\config\systemprofile\avg-0dc2282d-586b-4846-92de-c93693adb004.tmp
c:\windows\system32\config\systemprofile\avg-10a7ed5d-cb4d-4827-910e-cc1368694d0b.tmp
c:\windows\system32\config\systemprofile\avg-11033b27-d45f-4953-b2a6-5e79dcad5206.tmp
c:\windows\system32\config\systemprofile\avg-1199ee00-0be5-4e22-9c16-c901509b2713.tmp
c:\windows\system32\config\systemprofile\avg-1204ee24-5ee6-4c35-a4d2-652a51bee70f.tmp
c:\windows\system32\config\systemprofile\avg-1389ac40-893d-4542-81ad-7f1479e9602d.tmp
c:\windows\system32\config\systemprofile\avg-13b29b6f-f0b1-4633-8a53-f55c8efe5123.tmp
c:\windows\system32\config\systemprofile\avg-14b91709-4dc5-4a0f-9ca8-d5222caacf1e.tmp
c:\windows\system32\config\systemprofile\avg-1db88123-e9eb-4c14-95ab-a608fc71f728.tmp
c:\windows\system32\config\systemprofile\avg-1ea6df34-6d17-473f-a9ab-5b7f172fbd17.tmp
c:\windows\system32\config\systemprofile\avg-1eff5244-e06e-4870-bd17-206485e4401d.tmp
c:\windows\system32\config\systemprofile\avg-1ff06a74-a769-4178-94cd-3e3d9ec3ae0e.tmp
c:\windows\system32\config\systemprofile\avg-20a06f0d-c2ad-432b-a9e9-b02c81e8053e.tmp
c:\windows\system32\config\systemprofile\avg-22bfc30e-d671-4475-ad1e-b05501d05b2e.tmp
c:\windows\system32\config\systemprofile\avg-28f2e064-47ca-4276-b2d7-df4116767c3f.tmp
c:\windows\system32\config\systemprofile\avg-2989bb5b-430f-4366-9c71-6a1575ef762e.tmp
c:\windows\system32\config\systemprofile\avg-29cafc36-8e9e-4b01-bd5f-227cdf7e9064.tmp
c:\windows\system32\config\systemprofile\avg-2a4bd861-0250-4766-b424-5e11ffe45639.tmp
c:\windows\system32\config\systemprofile\avg-30c55912-fe7e-403c-a5a0-283d59163f76.tmp
c:\windows\system32\config\systemprofile\avg-31582d77-aefd-4b2c-8dcb-695bc38bdd7e.tmp
c:\windows\system32\config\systemprofile\avg-35c25c4c-ef4e-495b-9f15-be6a7456cc65.tmp
c:\windows\system32\config\systemprofile\avg-39caa029-28f8-4708-9ece-127a0ac4b66f.tmp
c:\windows\system32\config\systemprofile\avg-3ad6765d-14f9-4751-8e97-951baa7fad10.tmp
c:\windows\system32\config\systemprofile\avg-3b5a7a3b-2f7c-4f50-ac12-962dca935541.tmp
c:\windows\system32\config\systemprofile\avg-3b765162-540d-4852-93d0-c17d508bf378.tmp
c:\windows\system32\config\systemprofile\avg-3b9df519-80a9-490d-8912-b044fc28e935.tmp
c:\windows\system32\config\systemprofile\avg-3fc9be26-4ec1-4f7e-9b26-bf55ae121d05.tmp
c:\windows\system32\config\systemprofile\avg-402b8920-e2e8-4444-9f15-816a9de07f30.tmp
c:\windows\system32\config\systemprofile\avg-40640806-ed06-4b23-bdf9-d20be6b34642.tmp
c:\windows\system32\config\systemprofile\avg-4195f65f-61c8-423c-a8df-d5008c8a5f70.tmp
c:\windows\system32\config\systemprofile\avg-435de149-9a92-4c23-a5fd-262ccf30d722.tmp
c:\windows\system32\config\systemprofile\avg-43e41046-51ea-4c67-b0e0-4e253a584525.tmp
c:\windows\system32\config\systemprofile\avg-4414fe1e-4255-4c70-8847-01008e14292a.tmp
c:\windows\system32\config\systemprofile\avg-47be1974-6f1b-4d06-b45b-18190fcea411.tmp
c:\windows\system32\config\systemprofile\avg-4be34b3c-86a7-4d2a-848e-4f18e859387c.tmp
c:\windows\system32\config\systemprofile\avg-50da2042-f0da-4069-8da5-110e4c79c26d.tmp
c:\windows\system32\config\systemprofile\avg-519aa852-47c1-4950-82cc-58545fe0774f.tmp
c:\windows\system32\config\systemprofile\avg-543a811d-caea-480a-b963-d37ecb92f12b.tmp
c:\windows\system32\config\systemprofile\avg-5446d44f-7517-4309-8d51-9838ec4c3275.tmp
c:\windows\system32\config\systemprofile\avg-5459bb26-1ab4-4437-bab9-67127efd3872.tmp
c:\windows\system32\config\systemprofile\avg-54f1fa64-5995-444b-97b3-33039be43907.tmp
c:\windows\system32\config\systemprofile\avg-56d33c22-cfb9-4425-b7e7-65342aadce2b.tmp
c:\windows\system32\config\systemprofile\avg-57e6491f-6017-4e5d-9a42-d71bf8818c2a.tmp
c:\windows\system32\config\systemprofile\avg-5a3aa02b-f3d4-4406-942f-db10f74ade28.tmp
c:\windows\system32\config\systemprofile\avg-5c353114-45dc-4b4e-8087-50599361230c.tmp
c:\windows\system32\config\systemprofile\avg-5e4c7716-327d-4b71-a2d2-5b57d12b470b.tmp
c:\windows\system32\config\systemprofile\avg-5e6a241e-cbac-4152-8518-0a72e51c5b74.tmp
c:\windows\system32\config\systemprofile\avg-5f090d28-101f-4e43-a899-a43640ce3214.tmp
c:\windows\system32\config\systemprofile\avg-61551b3e-5ea5-4324-9fda-5d7ac71c551b.tmp
c:\windows\system32\config\systemprofile\avg-648e4c1c-1668-4746-af0d-4d1012a76d42.tmp
c:\windows\system32\config\systemprofile\avg-6759414b-2682-475c-839d-805151975a62.tmp
c:\windows\system32\config\systemprofile\avg-67675d1c-6c17-4b53-9785-ac7d040bf82b.tmp
c:\windows\system32\config\systemprofile\avg-72cf8b05-0cd4-4d22-8a0b-d815f7f97f7b.tmp
c:\windows\system32\config\systemprofile\avg-73ceb515-e859-4155-8fea-ed16cb902c4f.tmp
c:\windows\system32\config\systemprofile\avg-75eea24b-57f9-4907-8a54-1e5c44fc390c.tmp
c:\windows\system32\config\systemprofile\avg-793e9c21-e3b8-4d37-8d30-c6337561691e.tmp
c:\windows\system32\config\systemprofile\avg-86e0a136-bae4-437e-b6b7-af2820ae3a19.tmp
c:\windows\system32\config\systemprofile\avg-8a5e0230-b038-4706-bdcb-5d23db4f572f.tmp
c:\windows\system32\config\systemprofile\avg-8aa06f7f-ea9d-4d6b-863e-4c193bea9141.tmp
c:\windows\system32\config\systemprofile\avg-8ce49408-08b8-4251-87e7-143500b83636.tmp
c:\windows\system32\config\systemprofile\avg-9281a76e-6ac8-4b33-88e6-616d9d5cf525.tmp
c:\windows\system32\config\systemprofile\avg-94867b0e-877e-4e09-a8e3-ed5193661823.tmp
c:\windows\system32\config\systemprofile\avg-959d0e4f-1384-467e-9d13-981ac61ba10f.tmp
c:\windows\system32\config\systemprofile\avg-99b35a4d-48ca-4e42-9026-674ab463e454.tmp
c:\windows\system32\config\systemprofile\avg-9b7fb22c-899b-4a3a-b8a3-4e06c4cbd132.tmp
c:\windows\system32\config\systemprofile\avg-9bb5101e-3ddb-4063-ac7e-9517ed58a24f.tmp
c:\windows\system32\config\systemprofile\avg-9e243e18-1f4a-4c53-84f6-c84aa9c05e4b.tmp
c:\windows\system32\config\systemprofile\avg-9e4fde7c-3798-4312-b3a4-1a77372b3a25.tmp
c:\windows\system32\config\systemprofile\avg-9e7d8f60-7699-4755-a82c-d755a1ecdb56.tmp
c:\windows\system32\config\systemprofile\avg-9f50e07e-8b91-4978-8daf-4103b647d25e.tmp
c:\windows\system32\config\systemprofile\avg-9faf495c-96d6-4b11-ae7b-073251b60826.tmp
c:\windows\system32\config\systemprofile\avg-a27cb71a-7213-481c-a11c-8f218514874e.tmp
c:\windows\system32\config\systemprofile\avg-a96a9d78-36b6-4978-9c77-083d6d388021.tmp
c:\windows\system32\config\systemprofile\avg-ab380e0b-8ca0-486d-84c7-1044856cc724.tmp
c:\windows\system32\config\systemprofile\avg-ace4060f-f631-454b-b1a3-e2512f306172.tmp
c:\windows\system32\config\systemprofile\avg-acec1b05-adaa-4a5d-9cd8-2f61c2ee752d.tmp
c:\windows\system32\config\systemprofile\avg-af37ec02-ddf8-4337-8bc6-af2ec5f9ba03.tmp
c:\windows\system32\config\systemprofile\avg-af58de30-a1b3-4421-b055-f7713ef61261.tmp
c:\windows\system32\config\systemprofile\avg-b2be2352-c17f-4266-ba8e-730707e4c56f.tmp
c:\windows\system32\config\systemprofile\avg-b6553937-9532-4641-bbfc-4635dc32286b.tmp
c:\windows\system32\config\systemprofile\avg-b6cdda3f-e902-4b5a-bb00-9431195f857f.tmp
c:\windows\system32\config\systemprofile\avg-b85ceb28-9900-4143-bbf5-ed25ff988351.tmp
c:\windows\system32\config\systemprofile\avg-b9907849-de48-447e-a9ab-ff5b08ae5e16.tmp
c:\windows\system32\config\systemprofile\avg-bd3cc94b-44c7-4202-9eff-2b38f3815d35.tmp
c:\windows\system32\config\systemprofile\avg-c9b25726-64d3-4a2b-ac32-33742c3f6d10.tmp
c:\windows\system32\config\systemprofile\avg-ca226441-3027-476f-a73e-7a431dabff42.tmp
c:\windows\system32\config\systemprofile\avg-ca83194d-d78c-444e-9151-8a0838d9f67f.tmp
c:\windows\system32\config\systemprofile\avg-cb1d790d-b8af-4445-8650-4c29ea9f0830.tmp
c:\windows\system32\config\systemprofile\avg-ce54543f-56c4-4e55-9eac-46011214ed35.tmp
c:\windows\system32\config\systemprofile\avg-d0da156e-18ae-442b-9fab-2c07477ba776.tmp
c:\windows\system32\config\systemprofile\avg-d1cf6525-0132-4400-b5be-fe27aba22b14.tmp
c:\windows\system32\config\systemprofile\avg-d2e8ee1a-7e1e-414c-8565-8b4c16fdf562.tmp
c:\windows\system32\config\systemprofile\avg-d92e977c-6a7c-4327-adfd-bb72f930a579.tmp
c:\windows\system32\config\systemprofile\avg-dc01000c-306e-482a-a892-5a19aad6b946.tmp
c:\windows\system32\config\systemprofile\avg-dc6d771d-ced0-4b10-9985-ed03e806c82c.tmp
c:\windows\system32\config\systemprofile\avg-dd3cad44-530b-4e62-8fdf-8e7a575cce53.tmp
c:\windows\system32\config\systemprofile\avg-dd444266-8a91-4d69-a401-8d4252552a2f.tmp
c:\windows\system32\config\systemprofile\avg-df7b1d04-176d-4c2c-8be2-b959b7e40f1c.tmp
c:\windows\system32\config\systemprofile\avg-dfb2ba0e-7824-4e6b-9664-36382677607e.tmp
c:\windows\system32\config\systemprofile\avg-e02e267f-23a1-461b-aea6-0e0e96863110.tmp
c:\windows\system32\config\systemprofile\avg-e3e5af26-1be2-4f09-9c5c-5f7d71f53329.tmp
c:\windows\system32\config\systemprofile\avg-e7953738-5d8e-4020-b575-61583b833e11.tmp
c:\windows\system32\config\systemprofile\avg-eaaa1220-8317-4862-a260-cc64ab58af22.tmp
c:\windows\system32\config\systemprofile\avg-ece86d05-ddac-4e71-93f2-16222e315f5e.tmp
c:\windows\system32\config\systemprofile\avg-f1597024-358e-455c-a848-c273281b3d6e.tmp
c:\windows\system32\config\systemprofile\avg-f5abb03b-e9fb-4c75-adf6-c061dc4fa116.tmp
c:\windows\system32\config\systemprofile\avg-f767634b-0e64-4864-a759-2919bbb37b61.tmp
c:\windows\system32\config\systemprofile\avg-f815af4a-e497-4e2f-a8b8-7841232a2d58.tmp
c:\windows\system32\config\systemprofile\avg-f9e41e61-fb47-484c-a513-14103e92fa54.tmp
c:\windows\system32\config\systemprofile\avg-fb04417a-0aa7-497b-a67d-52287515bf09.tmp
c:\windows\system32\config\systemprofile\avg-feb6696f-7f69-4476-928c-7034de073106.tmp
c:\windows\system32\config\systemprofile\avg-ff09485b-d00c-4e78-8592-8d343f8fa90b.tmp
c:\windows\system32\config\systemprofile\avg-ff98c620-dd52-4a3a-9672-1a0899d29705.tmp
c:\windows\system32\server.log
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 15:46 . 2011-08-14 15:46 -------- d-----w- c:\users\Hayden\WPDNSE
2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir9533
2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir9484
2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir23407
2011-08-14 12:32 . 2011-08-14 12:32 -------- d-----w- c:\users\Hayden\AppData\Local\Paint.NET
2011-08-14 11:55 . 2011-08-14 11:56 -------- d-----w- c:\users\Hayden\RarSFX9
2011-08-14 11:47 . 2011-08-14 11:47 -------- d-----w- c:\users\Hayden\RarSFX8
2011-08-14 11:46 . 2011-08-14 11:47 -------- d-----w- c:\users\Hayden\RarSFX7
2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX6
2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX5
2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX4
2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX3
2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX2
2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX0
2011-08-14 11:35 . 2011-08-14 12:32 -------- d-----w- c:\users\Hayden\AppData\Local\CrashDumps
2011-08-14 11:34 . 2011-08-14 11:34 -------- d-----w- c:\users\Hayden\RarSFX1
2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir11650
2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir9517
2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir11604
2011-08-14 00:24 . 2011-08-14 00:24 -------- d-----w- c:\users\Hayden\TCDEC82.tmp
2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13888
2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13862
2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13031
2011-08-14 00:19 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E48E60E6-0F1A-4888-BC48-93C9F8B0CB97}\mpengine.dll
2011-08-14 00:17 . 2011-08-14 00:17 -------- d-----w- c:\users\Hayden\scoped_dir12977
2011-08-14 00:16 . 2011-08-14 00:16 -------- d-----w- c:\users\Hayden\scoped_dir29404
2011-08-14 00:16 . 2011-08-14 00:16 -------- d-----w- c:\users\Hayden\scoped_dir12941
2011-08-14 00:11 . 2011-08-14 00:11 -------- d-----w- c:\users\Hayden\scoped_dir4060
2011-08-14 00:11 . 2011-08-14 00:11 -------- d-----w- c:\users\Hayden\scoped_dir11779
2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir11406
2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir24971
2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir11387
2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir10332
2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir6715
2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir10296
2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir9568
2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir9539
2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir3453
2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir9016
2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir8980
2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir483
2011-08-13 23:12 . 2011-08-14 15:33 -------- d-----w- c:\users\Hayden\hsperfdata_Hayden
2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir281
2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir29549
2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir248
2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\users\Hayden\AppData\Roaming\NVIDIA
2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\users\Hayden\UCDebugger
2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir26766
2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir26720
2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir15997
2011-08-13 22:39 . 2011-08-13 22:39 -------- d-----w- c:\users\Hayden\AppData\Local\VirtualStore
2011-08-13 20:36 . 2011-08-13 22:24 -------- d-----w- c:\programdata\STOPzilla!
2011-08-13 20:01 . 2011-08-13 20:01 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 20:01 . 2011-08-14 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 12:17 . 2011-08-13 12:17 -------- d-----w- c:\programdata\Solidshield
2011-08-13 12:16 . 2011-08-14 08:09 -------- d-----w- c:\program files\McAfee Security Scan
2011-08-05 13:19 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\AppData\Roaming\uTorrent
2011-07-31 20:15 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\ir_ext_temp_0
2011-07-20 15:28 . 2011-08-14 00:19 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-20 15:23 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\7zSED6A.tmp
2011-07-20 15:10 . 2011-07-20 15:10 184 ----a-w- c:\windows\system32\repair.bat
2011-07-18 17:43 . 2011-07-18 17:43 -------- d-----w- c:\program files\Paint.NET
2011-07-17 12:07 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\{FD9F405E-A779-47F7-B79F-28B812CA5DEF}
2011-07-17 12:07 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\{03589E5E-3E9F-4B4D-8671-DCB8EF416636}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 15:39 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-13 15:38 . 2011-07-13 15:38 962860 ----a-w- c:\users\Hayden\defaultCache.reg
2011-07-07 14:48 . 2011-06-22 20:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-05 18:31 . 2011-07-05 18:32 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-07-05 18:31 . 2011-07-05 18:32 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-06-29 20:05 . 2011-06-29 20:05 2838528 ----a-w- c:\users\Hayden\SkypeToolbars.msi
2011-06-29 20:05 . 2011-06-29 20:04 16579584 ----a-w- c:\users\Hayden\Skype.msi
2011-06-24 06:11 . 2011-06-24 06:11 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-06-06 16:36 . 2011-06-23 06:49 4005936 ----a-w- c:\windows\system32\GameMon.des
2011-06-04 18:59 . 2011-06-04 16:21 13824 ----a-w- c:\windows\system32\slwga.dll
2011-06-04 18:59 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-06-04 18:59 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2011-06-04 16:42 . 2011-06-04 16:42 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-04 16:42 . 2011-06-04 16:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-04 16:42 . 2011-06-04 16:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-04 16:42 . 2011-06-04 16:42 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-04 16:42 . 2011-06-04 16:42 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-04 16:42 . 2011-06-04 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-04 16:42 . 2011-06-04 16:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-04 16:42 . 2011-06-04 16:42 367104 ----a-w- c:\windows\system32\html.iec
2011-06-04 16:42 . 2011-06-04 16:42 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-04 16:42 . 2011-06-04 16:42 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-04 16:42 . 2011-06-04 16:42 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-04 16:42 . 2011-06-04 16:42 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-04 16:42 . 2011-06-04 16:42 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-04 16:42 . 2011-06-04 16:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-04 16:42 . 2011-06-04 16:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-04 16:42 . 2011-06-04 16:42 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-04 16:42 . 2011-06-04 16:42 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-04 16:42 . 2011-06-04 16:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-04 16:42 . 2011-06-04 16:42 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-24 18:14 . 2011-06-04 16:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 arusb_lh;TP-LINK TL-WN821N 11n Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-01-14 415744]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-07-28 1559552]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 netr73;Askey RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-06 4005936]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7.sys [2010-02-23 612352]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263333183-3355947971-2896428383-1000Core.job
- c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 16:04]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263333183-3355947971-2896428383-1000UA.job
- c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-14 16:56:14
ComboFix-quarantined-files.txt 2011-08-14 15:56
.
Pre-Run: 400,750,481,408 bytes free
Post-Run: 400,437,555,200 bytes free
.
- - End Of File - - F8319A3AB5A843F07F3BC2CBA1D21F95

 

[DrPerry]

Oh yeah, just to let you know, I will not be able to reply for the next few days. So please continue watching this thread whilst I'm gone!

 

[johnb35]

Have you ran the exehelper file? Post the rkill log.