HELP! Unknown virus exiting all virus protection

View previous topic View next topic Go down

HELP! Unknown virus exiting all virus protection

Post by jj190994 on Sat Jul 16, 2011 4:08 pm

Ok I'm going to admit that I can deal with computers relatively well (for a teenager) - I am the most techsavy in my family. When our computer last got a virus (from Click Potato website) I managed to locate it and get rid of it, using a combination of Avast, Malwarebytes and FileAssassin.

But the computor has a new virus (I think). (Normally we run Avast Free on our PC). This is what i have tried to locate the virus / malware:
    Avast Free - Shows red cross in bottom bar icon, and says it is not active and requires fixing. When the Fix Now button is pressed nothing happens

    MalwareBytes free version begins scan, lasts for about 2 to 14 seconds, before crashing (having scanned no items). When reopening the program it says I do not have permission, so I have to unlock the program with something called Instil (found on your forum somewhere) and then I go back to the start, where it crashes again etc.

    Stopzilla scanned and found virus's, I think it removed them, but Avast still wouldn't start. After doing a boot scan with Avast, Stopzilla no longer works and I was forced to uninstall it.

    Both SuperAntiSpyware and HijackThis crash also when told to scan

    OTL won't scan my files, It just crashes


aswMBR:

aswMBR version 0.9.7.750 Copyright(c) 2011 AVAST Software
Run date: 2011-07-16 14:36:31
-----------------------------
14:36:31.365 OS Version: Windows 6.1.7601 Service Pack 1
14:36:31.365 Number of processors: 4 586 0x502
14:36:31.367 ComputerName: HOME-PC UserName: Home
14:36:34.111 Initialize success
14:36:34.452 AVAST engine defs: 11070401
14:36:42.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
14:36:42.052 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 11
14:36:44.066 Disk 0 MBR read successfully
14:36:44.073 Disk 0 MBR scan
14:36:44.492 Disk 0 unknown MBR code
14:36:46.501 Disk 0 scanning sectors +1953523120
14:36:46.943 Disk 0 scanning C:\Windows\system32\drivers
14:37:00.026 Service scanning
14:37:01.048 Disk 0 trace - called modules:
14:37:01.076 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86bd4390]<<
14:37:01.087 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869bd600]
14:37:01.098 3 CLASSPNP.SYS[8b59659e] -> nt!IofCallDriver -> [0x869e4028]
14:37:01.104 \Driver\00000621[0x86b9cf38] -> IRP_MJ_CREATE -> 0x86bd4390
14:37:02.759 AVAST engine scan C:\Windows
14:45:47.875 File: C:\Windows\System32\atieclxx.exe **INFECTED** Win32:Patched-WQ [Trj]
14:45:47.927 File: C:\Windows\System32\atiesrxx.exe **INFECTED** Win32:Patched-WQ [Trj]
14:45:57.786 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
14:45:57.793 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
14:50:41.886 File: C:\Windows\System32\msreepl40.dll **INFECTED** Win32:Malware-gen
14:51:55.644 File: C:\Windows\System32\vdds.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:51:59.648 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
14:51:59.667 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
15:15:56.107 AVAST engine scan C:\Users\Home
17:08:56.688 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
17:08:56.763 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"

Security Check:

Results of screen317's Security Check version 0.99.17
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
MuseScore 0.9.6.3 MuseScore score typesetter
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java(TM) 6 Update 26
Adobe Flash Player 9 (Out of date Flash Player installed!)
Flash Player Out of Date!
Adobe Flash Player 10.1.53.64
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

jj190994
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2011-07-16
OS : Windows 7

View user profile

Back to top Go down

Re: HELP! Unknown virus exiting all virus protection

Post by Pancake on Sat Jul 16, 2011 11:32 pm

Run this in safe mode......


Download Combofix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: HELP! Unknown virus exiting all virus protection

Post by jj190994 on Sun Jul 17, 2011 10:14 am

ComboFix 11-07-17.01 - Home 17/07/2011 10:57:14.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2814.1347 [GMT 1:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\Help\hp1100.hlp
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\1264788552.sys
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1264788552
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-17 10:05 . 2011-07-17 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 13:29 . 2011-07-16 13:29 -------- d-----w- c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com
2011-07-16 13:29 . 2011-07-16 13:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-16 13:27 . 2011-07-16 13:27 -------- d-----w- c:\program files\Trend Micro
2011-07-16 08:59 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-16 08:59 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-16 08:59 . 2011-07-16 08:59 -------- d-----w- c:\programdata\AVAST Software
2011-07-16 08:59 . 2011-07-16 08:59 -------- d-----w- c:\program files\AVAST Software
2011-07-16 08:29 . 2011-07-16 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-16 08:10 . 2011-07-16 08:10 -------- d-----w- c:\programdata\XoftSpySE
2011-07-16 08:04 . 2011-07-16 08:04 -------- d-----w- c:\users\Home\AppData\Roaming\QuickScan
2011-07-15 20:57 . 2011-07-16 13:27 -------- d-----w- c:\programdata\STOPzilla!
2011-07-15 20:57 . 2011-07-15 20:57 -------- d-----w- c:\program files\Common Files\iS3
2011-07-15 20:40 . 2011-07-15 20:40 -------- d-----w- c:\users\Home\AppData\Roaming\ParetoLogic
2011-07-15 20:40 . 2011-07-15 20:40 -------- d-----w- c:\users\Home\AppData\Roaming\DriverCure
2011-07-15 20:39 . 2011-07-16 08:18 -------- d-----w- c:\programdata\ParetoLogic
2011-07-15 20:02 . 2011-07-15 20:02 -------- d-----w- c:\windows\system32\3004
2011-07-15 19:58 . 2011-07-15 21:07 -------- d-----w- c:\program files\VstPlugins
2011-07-15 19:58 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-07-15 19:58 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-07-15 19:57 . 2011-07-15 19:57 -------- d-----w- c:\program files\Outsim
2011-07-15 19:55 . 2011-07-16 10:21 -------- d-----w- c:\users\Home\AppData\Local\WMTools Downloaded Files
2011-07-15 19:52 . 2011-07-15 21:07 -------- d-----w- c:\program files\Image-Line
2011-07-15 08:26 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745BF05F-BFD7-4655-9FBD-EF101CEFB458}\mpengine.dll
2011-07-11 06:16 . 2011-07-11 06:16 -------- d-----w- c:\users\Home\KooBits4
2011-07-08 17:30 . 2011-07-08 17:30 -------- d-----w- c:\windows\system32\SPReview
2011-07-08 17:29 . 2011-07-08 17:29 -------- d-----w- c:\windows\system32\EventProviders
2011-07-08 17:12 . 2011-07-08 17:12 -------- d-----w- c:\program files\MusicRoom Server
2011-07-03 11:21 . 2011-07-03 11:21 -------- d-----w- c:\users\Home\AppData\Local\Macroplant,_LLC
2011-07-02 02:05 . 2010-11-20 12:21 458752 ----a-w- c:\windows\system32\WSDApi.dll
2011-07-02 02:02 . 2010-11-20 12:20 175104 ----a-w- c:\windows\system32\wbem\ntevt.dll
2011-07-02 02:01 . 2010-11-20 12:21 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2011-07-02 02:00 . 2010-11-20 12:21 318976 ----a-w- c:\windows\system32\raschap.dll
2011-07-02 01:59 . 2010-11-20 12:21 507392 ----a-w- c:\windows\system32\wmdrmdev.dll
2011-07-02 01:58 . 2010-11-20 12:00 6144 ----a-w- c:\windows\system32\KBDUS.DLL
2011-07-02 01:57 . 2010-11-20 12:20 1160192 ----a-w- c:\windows\system32\OpcServices.dll
2011-06-29 02:33 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 02:33 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-29 02:33 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 02:33 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 02:33 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 02:33 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 02:33 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 02:33 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 02:33 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 02:33 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 02:33 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-23 07:57 . 2011-07-03 10:39 -------- d-----w- c:\program files\DigiDNA
2011-06-23 07:42 . 2011-06-23 07:42 -------- d-----w- c:\users\Home\AppData\Roaming\Thinstall
2011-06-17 13:23 . 2011-06-17 13:33 -------- d-----w- c:\users\Home\lmms
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 10:23 . 2010-11-06 15:57 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-08 17:41 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-24 13:03 . 2010-10-06 11:56 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-24 13:03 . 2010-10-06 11:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-16 13:10 . 2011-06-16 13:10 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-16 13:10 . 2011-06-16 13:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-06-11 13:46 . 2010-05-31 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 23:00 . 2011-05-29 23:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-29 23:00 . 2011-05-29 23:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-29 23:00 . 2011-05-29 23:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-29 23:00 . 2011-05-29 23:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-29 23:00 . 2011-05-29 23:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-29 23:00 . 2011-05-29 23:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-29 23:00 . 2011-05-29 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-29 23:00 . 2011-05-29 23:00 367104 ----a-w- c:\windows\system32\html.iec
2011-05-29 23:00 . 2011-05-29 23:00 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-29 23:00 . 2011-05-29 23:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-29 23:00 . 2011-05-29 23:00 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-29 23:00 . 2011-05-29 23:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-29 23:00 . 2011-05-29 23:00 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-29 23:00 . 2011-05-29 23:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-29 23:00 . 2011-05-29 23:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-29 23:00 . 2011-05-29 23:00 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-29 23:00 . 2011-05-29 23:00 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-29 23:00 . 2011-05-29 23:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-29 23:00 . 2011-05-29 23:00 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-24 18:14 . 2010-02-16 10:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 22:13 . 2011-05-03 22:13 0 ---ha-w- c:\users\Home\AppData\Local\BITB598.tmp
2011-05-03 04:30 . 2011-06-16 21:35 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 12:27 . 2010-10-06 11:55 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-29 02:46 . 2011-06-16 21:35 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-16 21:35 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-16 21:35 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-16 21:35 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-16 21:35 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-16 21:35 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31 . 2011-06-16 21:35 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18 . 2011-06-16 21:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 23:35 . 2011-06-17 02:03 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-17 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 19:14 . 2011-05-25 04:27 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07E32091-0886-2A8F-7B23-3607567F052D}]
2009-07-14 01:15 200192 ----a-w- c:\windows\System32\msreepl40.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\users\Home\Documents\home\joe\Music\Itunes\iTunes Children\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSP;aswSP; [x]
R1 ennmhfrw;ennmhfrw;c:\windows\system32\drivers\ennmhfrw.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-14 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-14 25704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 172032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 5550592]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 176128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 379904]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-15 c:\windows\Tasks\At2.job
- c:\windows\system32\vdds.exe [2011-07-02 12:17]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 21:56]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 21:56]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2590648061-1933017316-3864761139-1001Core.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 08:43]
.
2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2590648061-1933017316-3864761139-1001UA.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 08:43]
.
2011-07-14 c:\windows\Tasks\Quark Updater.job
- c:\program files\Quark\Quark Update\AutoUpdate.exe [2010-10-22 15:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Home\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [You must be registered and logged in to see this link.]
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SafeBoot-BsScanner
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2590648061-1933017316-3864761139-1001\Software\SecuROM\License information*]
"datasecu"=hex:c5,76,3e,92,bb,f4,6a,b5,5c,8f,0a,43,8e,3c,fa,58,f5,bf,54,35,4f,
b8,31,9a,f8,61,0d,66,63,58,4e,2b,16,f3,ad,07,67,4f,db,5a,cf,e2,08,23,47,6b,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-07-17 11:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-17 10:12
.
Pre-Run: 551,715,229,696 bytes free
Post-Run: 551,472,115,712 bytes free
.
- - End Of File - - 8609C2B279E3DEF20DE772F941D0F500

jj190994
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2011-07-16
OS : Windows 7

View user profile

Back to top Go down

Re: HELP! Unknown virus exiting all virus protection

Post by Pancake on Sun Jul 17, 2011 11:58 am

Please download Malwarebytes' Anti-Malware from one of these places:

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.








[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: HELP! Unknown virus exiting all virus protection

Post by jj190994 on Sun Jul 17, 2011 1:27 pm

So I downloaded Malwarebytes from the source I hadn't downloaded it from before, and Installed it. So whilst I was using the PC, photoshop froze over so much that I had to end the process 'photoshop.exe' in order to shut it down. Now I know a fair bit to do with the processes, enough to recognise one we didn't have before. I noticed it, and it wouldn't let me end it, wouldn't tell me anything about it, and wouldn't let open its location. So I attempted to end it a few times. However ending 'photoshop.exe' hadn't closed my frozen photoshop, and the system lagged so much I had to restart. Upon restarting I noticed avast was running normally (which it hasn't been doing since we got the virus) so I ran malwarebytes, it scanned without crashing (again hasnt done that since we got the virus) and gave me this report:



Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7173

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

17/07/2011 14:21:58
mbam-log-2011-07-17 (14-21-58).txt

Scan type: Quick scan
Objects scanned: 177108
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{07E32091-0886-2A8F-7B23-3607567F052D} (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07E32091-0886-2A8F-7B23-3607567F052D} (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07E32091-0886-2A8F-7B23-3607567F052D} (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E32091-0886-2A8F-7B23-3607567F052D} (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)





However one thing I have noticed is that although malwarebytes isn't picking up any viruses, when I google search and click a link, it redirects me to another webpage, which avast now detects as a 'bad' webpage. We've had this google redirect virus before, but I can't remember how to get rid of, and malwarebytes isn't bringing up anything bad

jj190994
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2011-07-16
OS : Windows 7

View user profile

Back to top Go down

Re: HELP! Unknown virus exiting all virus protection

Post by Pancake on Sun Jul 17, 2011 10:37 pm

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Please post the Dr.Web report in your next reply.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum