VIRUS PrivitzeVPN.exe

View previous topic View next topic Go down

VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 1:11 am

I accidently installed a virus please help me remove it. It's called PrivitizeVPN.exe I tried right clicking uninstall Windows Installer ask's "Are you sure you want to uninstall this product?" I say Yes and it say's "This action is only vaild for product's that are currently installed. But theres something called PrivitzeVPN.exe in my hidden icons and it wasn't there before! Please!!!! HELP as soon as possible!!!

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 2nd August 2013, 7:21 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 8:29 pm

I got this virus at pirate's bay company I clicked anoyymous download for cube world ended up with a virus.

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 8:30 pm

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Nikolay\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4031 octets] - [30/07/2013 12:50:00]
AdwCleaner[S2].txt - [993 octets] - [30/07/2013 15:31:38]
AdwCleaner[S3].txt - [1639 octets] - [01/08/2013 23:11:29]
AdwCleaner[S4].txt - [999 octets] - [02/08/2013 17:54:36]

########## EOF - C:\AdwCleaner[S4].txt - [1058 octets] ##########

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 9:12 pm

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.08.02.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Nikolay :: NIKOLAY [administrator]

Protection: Enabled

2013-08-02 6:01:21 PM
mbam-log-2013-08-02 (18-01-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356265
Time elapsed: 40 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 9:17 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Windows 8 x64
Ran by Nikolay on 2013-08-02 at 18:43:21.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-08-02 at 18:46:44.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 9:18 pm

Results of screen317's Security Check version 0.99.71
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 2nd August 2013, 9:48 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 10:22 pm

ComboFix 13-08-02.01 - Nikolay 2013-08-02 19:46:01.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.3912.2674 [GMT -2.5:30]
Running from: c:\users\Nikolay\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-08-02 19:57 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BF3316-BB6D-492A-B1C2-AC47F60A4794}\mpengine.dll
2013-08-02 17:09 . 2013-08-02 17:09 -------- d-----w- c:\users\Nikolay\AppData\Local\VS Revo Group
2013-08-02 17:09 . 2013-08-02 17:09 -------- d-----w- c:\programdata\VS Revo Group
2013-08-02 00:58 . 2013-08-02 00:58 -------- d-----w- c:\programdata\StarApp
2013-08-02 00:58 . 2013-08-02 01:00 -------- d-----w- c:\programdata\InstallMate
2013-08-02 00:01 . 2013-08-02 00:01 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-08-01 23:47 . 2013-08-01 23:49 -------- d-----w- c:\windows\system32\MRT
2013-08-01 19:46 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-01 19:44 . 2013-08-01 19:44 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-07-31 20:41 . 2013-08-02 22:13 -------- d-----w- c:\users\Nikolay\AppData\Roaming\.minecraft
2013-07-30 16:14 . 2013-07-30 16:14 -------- d-----w- c:\windows\ERUNT
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\users\Nikolay\AppData\Roaming\Malwarebytes
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\programdata\Malwarebytes
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-30 15:24 . 2013-04-04 17:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\users\Nikolay\AppData\Local\Programs
2013-07-30 15:20 . 2013-07-30 15:20 174 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-29 00:39 . 2013-07-30 16:44 -------- d-----w- c:\program files\McAfee
2013-07-29 00:29 . 2013-07-30 18:03 -------- d-----w- c:\programdata\McAfee
2013-07-29 00:13 . 2013-07-29 00:13 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-07-28 23:28 . 2013-07-28 23:28 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-28 23:28 . 2013-07-28 23:28 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-28 23:28 . 2013-07-28 23:28 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-28 23:28 . 2013-07-28 23:28 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-28 23:28 . 2013-07-28 23:28 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-28 23:28 . 2013-07-28 23:28 188840 ----a-w- c:\windows\system32\java.exe
2013-07-28 23:28 . 2013-07-28 23:28 -------- d-----w- c:\program files\Java
2013-07-25 19:12 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-07-25 17:07 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-23 22:30 . 2013-07-23 22:30 -------- d-----w- c:\program files\Classic Shell
2013-07-23 20:51 . 2013-07-23 21:44 -------- d-----w- C:\Fraps
2013-07-22 21:27 . 2013-07-23 22:39 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-22 21:27 . 2013-07-22 21:30 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-07-20 21:26 . 2013-07-23 22:39 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-20 21:22 . 2013-07-20 21:22 -------- d-----w- c:\users\Nikolay\AppData\Local\PunkBuster
2013-07-20 04:04 . 2013-07-23 14:54 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-07-20 03:21 . 2013-07-20 03:21 -------- d-----w- c:\program files (x86)\EA Games
2013-07-13 17:48 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
2013-07-13 17:48 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-13 17:48 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 17:48 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 17:47 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 17:47 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 17:47 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 17:47 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 17:47 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 17:46 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-13 17:46 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-07-13 17:46 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-07-13 17:45 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-13 17:45 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-13 17:43 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-13 17:43 . 2013-06-11 23:25 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-07-13 17:43 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-13 17:43 . 2013-06-11 23:42 235520 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-07-13 17:43 . 2013-06-11 23:26 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-07-13 17:43 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-13 17:43 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 17:12 . 2013-07-12 17:12 6129024 ----a-w- c:\program files (x86)\Mozilla Firefox\Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 17:12 . 2013-07-12 17:12 6129024 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-11 14:13 . 2013-07-11 14:13 -------- d-----w- c:\programdata\McAfee Security Scan
2013-07-11 14:13 . 2013-07-12 15:26 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-07-05 19:00 . 2013-07-05 19:00 -------- d-----w- c:\programdata\Nexon
2013-07-05 18:51 . 2013-07-05 19:56 -------- d-----w- C:\Nexon
2013-07-05 17:20 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 13:11 . 2013-07-03 13:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 13:11 . 2013-04-27 22:14 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 13:11 . 2013-04-27 22:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-24 03:27 . 2013-05-01 18:58 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-05-30 23:24 . 2013-06-15 17:07 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-28 13:05 . 2013-06-16 16:33 163328 ----a-w- c:\windows\SysWow64\FlashPlayerUpdateService.exe
2013-05-23 23:01 . 2013-06-15 17:07 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-15 17:07 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-15 22:37 . 2013-06-13 16:58 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-13 16:58 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 02:25 . 2013-06-15 17:07 888320 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-15 17:07 542208 ----a-w- c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-15 17:07 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-15 17:07 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-13 16:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-13 16:58 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-14 01:42 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 13:19 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Acer Backup Manager Tray.lnk - c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [2012-8-23 533568]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswKbd;aswKbd; [x]
S2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-29 13:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 13:20 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-07 440640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\
FF - ExtSQL: 2013-07-24 18:35; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-01 21:08; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-08-02 18:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-BtPreLoad - c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-08-02 19:51:42
ComboFix-quarantined-files.txt 2013-08-02 22:21
ComboFix2.txt 2013-07-30 20:25
.
Pre-Run: 441,535,152,128 bytes free
Post-Run: 441,550,209,024 bytes free
.
- - End Of File - - CB370D01ADF785E440D82F033717A8B7
D41D8CD98F00B204E9800998ECF8427E

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 10:24 pm

Hello Dave, I am feeling pretty confident about this download link's. Please send me all the link's, and by tomorrow you will have all the log result's I can promise you that. Does that sound good to you?

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 2nd August 2013, 11:15 pm

But theres something called PrivitzeVPN.exe in my hidden icons and it wasn't there before!
Did you try deleting it? I didn't see the complete AdwCleaner log. Do you still see that file? Please run your task manager and see if that file is in the processes.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 11:28 pm

Hmm I checked the backround progresses and the window progresses not there... But, I researched this virus a little bit and it's a virus, I managed to remove the add-on's etc etc that came with it but its in my hidden icon's and that worrie's me a little bit.

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 2nd August 2013, 11:35 pm

[You must be registered and logged in to see this link.] wrote:Hmm I checked the backround progresses and the window progresses not there... But, I researched this virus a little bit and it's a virus, I managed to remove the add-on's etc etc that came with it but its in my hidden icon's and that worrie's me a little bit.
Please run AdwCleaner again and then try to delete that file.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 2nd August 2013, 11:43 pm

I ran AdvCleaner again, the file isn't there so, does that mean it cannot harm my machine?

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 3rd August 2013, 12:13 am

You stated that you could see the PrivitizeVPN.exe in your hidden icons. I don't understand what you mean by this. Can you still see that file?
That file should be found here:PrivitizeVPN.exe is usually located in the 'C:\Program Files (x86)\PrivitizeVPN\' folder. Do you have that program on your computer?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 3rd August 2013, 12:18 am

No sir, I looked up that program folder you sent me, it seems I do not have that folder thank you for your help now I don't have to worry about catching a nasty virus

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 3rd August 2013, 12:55 am

Let's run ESET just to be sure and we'll be finished.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 3rd August 2013, 3:15 am

I finished the scan it was one hour long but I didn't get any threat's and I didn't get a log file I checked "Uninstall when you close" after that I clicked "finish" because that's the only option's I had.

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 3rd August 2013, 6:36 pm

Ok, if there are no other issues, we can do some cleanup.

Download this program and run it [You must be registered and logged in to see this link.] .It will remove ComboFix for you.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by nikolay2013 on 4th August 2013, 12:25 am

Thanks this helped alot.

nikolay2013
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2013-07-29
Gender Gender : Male
OS OS : Windows 8 x64
Protection Protection : Windows Defender
Points Points : 13219
# Likes # Likes : 0

View user profile

Back to top Go down

Re: VIRUS PrivitzeVPN.exe

Post by Superdave on 4th August 2013, 12:43 am

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum