Member Avatar for Cheda

Ok, I have a Windows 7 Ultimate 64 Bits system, so in the beginning, I couldn't use the Microsoft® Windows® Malicious Software Removal Tool because it says that it is not compatible with my system.
Then I used the ATF-Cleaner and it was OK.
Then I downloaded GMER and the tabs System, Sections, IAT/EAT, Devices, Modules, Processes, Threads and Libraries were unable to check. this way, when the first scan was comopleted, I saved the log as GMER One, as it was said to, and the file was blank. Then I used the "SCAN" button, and the GMER Two log was only this:


----------------------------------------------------
GMER Two Log
----------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 19:50:49
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\869648534\Groups@Zomis \xac\xac .. 1

---- EOF - GMER 1.0.15 ----


Then I used the (MBA-M)and the DDS after the system reboot of the MBA-M, and the logs were:

----------------------------------------------------
MBA-M Log
----------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8393

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

18/12/2011 20:56:38
mbam-log-2011-12-18 (20-56-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 536895
Time elapsed: 48 minuto(s), 22 segundo(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 1724 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svflooje (Trojan.PWS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\Description (Trojan.Agent) -> Value: Description -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Local\promo.exe (PUP.Soge) -> Quarantined and deleted successfully.
c:\Users\User\downloads\frostwiresetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\User\downloads\skyrim+english+patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svflooje.exe529 (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svflooje.exe529 (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupdate.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.


----------------------------------------
dds.txt
----------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by User at 21:09:39 on 2011-12-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.8183.6416 [GMT -2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Eduardo\Programas\3DS Max 2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Genius\ioTablet\TabletService.exe
C:\Eduardo\Jogos\Tunngle\TnglCtrl.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Genius\ioTablet\gTabletTask.exe
C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Eduardo\Programas\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Genius\ioTablet\gTabTaskBar.exe
C:\Genius\ioTablet\gIoTabletFunMgm.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.speedbit.com/?aff=205
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Eduardo\Programas\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ioTablet] "C:\Genius\ioTablet\gTabTaskBar.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe /app 87042F734744418B3BBAA80F106682C0
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - C:\Eduardo\Programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Eduardo\Programas\DAP\dapextie.htm
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Download &all with DAP - C:\Eduardo\Programas\DAP\dapextie2.htm
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{03061D9C-D371-4D71-8E27-4BA0A3DA7F40} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0EB984EE-445D-439F-B324-B5BB1472BDA7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EFC1D3CA-9AAB-4941-8665-AC9B9E9C2253} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Eduardo\PROGRA~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Eduardo\PROGRA~1\DAP\dapie.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ioTablet] "C:\Genius\ioTablet\gTabTaskBar.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Eduardo\Programas\3DS Max 2012\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 TunngleService;TunngleService;C:\Eduardo\Jogos\Tunngle\TnglCtrl.exe [2011-11-22 741224]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ioFakDrv;ioVirtual Device;C:\Windows\system32\DRIVERS\ioFakDrv.sys --> C:\Windows\system32\DRIVERS\ioFakDrv.sys [?]
R3 ioFakMap;MiniHid Driver Service for ioFakeDrv Interface layer;C:\Windows\system32\DRIVERS\ioFakMap.sys --> C:\Windows\system32\DRIVERS\ioFakMap.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-9 8192]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-6 1431888]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-10-6 130976]
S3 ioTablet;Tablet Minidriver for ioTablet;C:\Windows\system32\DRIVERS\ioTablet.sys --> C:\Windows\system32\DRIVERS\ioTablet.sys [?]
S3 ioTblMap;Mini Mapper for ioCentre;C:\Windows\system32\DRIVERS\ioTblMap.sys --> C:\Windows\system32\DRIVERS\ioTblMap.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
SUnknown pqudhvly;pqudhvly; [x]
.
=============== Created Last 30 ================
.
2011-12-18 23:02:55 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{772ECAC1-F7B9-4E69-AE9C-20A21255CC29}\offreg.dll
2011-12-18 22:31:35 -------- d-----w- C:\Users\User\AppData\Local\ATI
2011-12-18 21:52:52 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2011-12-18 21:52:48 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-18 21:52:45 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-18 21:49:01 -------- d-----w- C:\Users\User\AppData\Local\Adobe
2011-12-18 21:21:45 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{772ECAC1-F7B9-4E69-AE9C-20A21255CC29}\mpengine.dll
2011-12-18 03:04:11 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-18 03:04:11 -------- d-----w- C:\Program Files\AVAST Software
2011-12-15 21:38:31 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 21:37:14 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 21:36:49 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 21:36:48 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 21:36:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 21:36:06 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 21:21:01 -------- d-----w- C:\avrescue
2011-12-15 18:34:33 -------- d-----w- C:\Users\User\AppData\Roaming\Avira
2011-12-15 18:34:10 -------- d-----w- C:\ProgramData\Avira
2011-12-15 18:34:10 -------- d-----w- C:\Program Files (x86)\Avira
2011-12-15 02:16:43 -------- d-----w- C:\Program Files (x86)\DownVision
2011-12-15 02:16:10 2161160 ----a-w- C:\Users\User\AppData\Local\setup.exe
2011-12-15 00:51:45 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-15 00:48:53 -------- d-----w- C:\ATI
2011-12-14 19:35:57 -------- d-----w- C:\Users\User\AppData\Roaming\Day 1 Studios
2011-12-14 07:05:10 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-12-14 07:05:10 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-12-14 07:05:10 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-12-14 07:05:09 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-12-13 03:46:29 -------- d-----w- C:\ProgramData\SpeedBit
2011-12-13 03:46:27 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2011-12-13 03:46:27 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2011-12-13 03:46:27 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2011-12-13 03:46:27 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2011-12-12 05:33:10 -------- d-----w- C:\Program Files (x86)\Common Files\ChaosGroup
2011-12-12 03:33:28 -------- d-----w- C:\Users\User\AppData\Local\Skyrim
2011-12-12 03:19:33 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-12 03:19:12 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-12 03:19:08 -------- d-----w- C:\Users\User\AppData\Local\PunkBuster
2011-12-12 03:19:05 -------- d-----w- C:\Users\User\AppData\Roaming\Ubisoft
2011-12-12 03:09:18 -------- d-----w- C:\Users\User\AppData\Local\Ubisoft Game Launcher
2011-12-12 03:08:00 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-12 03:07:59 -------- d-----w- C:\Users\User\AppData\Roaming\PunkBuster
2011-12-12 03:01:16 -------- d-----we C:\Windows\system64
2011-12-12 02:31:35 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-12-12 01:32:08 -------- d-----w- C:\Users\User\.thumbnails
2011-12-12 01:25:55 -------- d-----w- C:\Users\User\AppData\Local\SKIDROW
2011-12-12 00:57:15 -------- d-----w- C:\Users\User\AppData\Roaming\e-on software
2011-12-12 00:47:32 72 ----a-w- C:\Windows\Vue 7.5 xStream.reg
2011-12-12 00:47:32 70 ----a-w- C:\Windows\Vue 7 xStream.reg
2011-12-12 00:47:32 70 ----a-w- C:\Windows\Vue 6 xStream.reg
2011-12-12 00:36:56 -------- d-----w- C:\ProgramData\e-onsoftware
2011-12-08 05:42:43 -------- d-----w- C:\Users\User\AppData\Local\SecondLife
2011-11-28 05:57:28 -------- d-----w- C:\Users\User\AppData\Roaming\AnvSoft
2011-11-22 23:52:25 -------- d-----w- C:\Users\User\AppData\Roaming\Tunngle
2011-11-22 23:52:25 -------- d-----w- C:\ProgramData\Tunngle
2011-11-22 23:52:23 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2011-11-22 23:37:40 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
==================== Find3M ====================
.
2011-12-04 17:05:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-12 18:45:33 88 --sh--r- C:\Windows\SysWow64\41B94C32CB.sys
2011-11-12 18:45:33 1056 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll
2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll
2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe
2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll
2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll
2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-10 00:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-11-10 00:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-11-10 00:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-11-10 00:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-11-10 00:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll
2011-11-10 00:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-11-10 00:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-10 00:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-05 00:21:16 230920 ----a-w- C:\Windows\SysWow64\EPWZCmnCtrl.dll
2011-10-21 22:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-10-21 22:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
2011-10-21 22:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-10-21 22:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-10-17 17:40:50 93712 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2011-10-15 04:19:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-15 04:19:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-04 12:31:43 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-04 12:31:42 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:10:04,56 ===============


--------------------------------------------------
Attach.txt
--------------------------------------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05/09/2011 22:36:17
System Uptime: 18/12/2011 20:59:45 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | LGA1366 | 2515/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 632,361 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9 (Tunngle)
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Name: TAP-Win32 Adapter V9 (Tunngle)
PNP Device ID: ROOT\NET\0000
Service: tap0901t
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Driver de Autorização do Firewall do Windows
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Driver de Autorização do Firewall do Windows
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP99: 16/12/2011 - Ponto de Verificação Agendado
RP100: 16/12/2011 03:00:13 - Windows Update
RP102: 16/12/2011 13:00:51 - Windows Defender Checkpoint
RP103: 18/12/2011 01:03:56 - avast! Pro Antivirus Setup
RP104: 18/12/2011 02:10:10 - avast! Pro Antivirus Setup
RP106: 18/12/2011 19:41:30 - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
3DMark 11
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1) - Português
Adobe Soundbooth CS5 Codecs
Adobe Soundbooth CS5 Royalty Codecs
Any Video Converter 3.3.0
Assassin's Creed Revelations
Assistente de Conexão do Windows Live
Autodesk Backburner 2012.0.0
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Battlefield 3™
BS.Player FREE
Call of Duty: Black Ops
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Corel Graphics - Windows Shell Extension
Corel Painter X
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
DAEMON Tools Lite
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Accelerator Plus (DAP)
F.E.A.R. 3
Ferramenta de Carregamento do Windows Live
FormatFactory 2.70
Futuremark SystemInfo
Google Chrome
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HydraVision
ioTablet
JMicron JMB36X Driver
Malwarebytes' Anti-Malware versão 1.51.2.1300
marvell 91xx driver
Messenger Plus! 5
Microsoft Choice Guard
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MuHeLLFire
Origin
PDF Settings CS5
PunkBuster Services
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
SimCity4 Hora do Rush
Steam
TESV Skyrim v1.3 1.3
The Sims Complete Collection
The Sims™ 3
The Sims™ 3 Ambições
The Sims™ 3 Caindo na Noite
The Sims™ 3 Gerações
The Sims™ 3 Pets
The Sims™ 3 Vida em Alto Estilo Coleção de Objetos
The Sims™ 3 Volta ao Mundo
Tunngle beta
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
V-Ray for 3dsmax 2012 for x86
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Vue 10 xStream 64bit
Vue 9.5 xStream PLE 64bit
WEBZEN Browser Extension
Webzen Game Starter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
ZBrush 4
.
==== End Of File ===========================

  • 3 Contributors
  • 24 Replies
  • 441 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by jholland1964
Member Avatar for jholland1964

May I ask, are you running legal copies of Windows 7 and Microsoft Office?

Member Avatar for Cheda

Oh yes, I Am. At least I Think. It was an uncle of myne that gave me the computer, and it was already done with everything installed. He works with computers so I thought everything was in the right place, since nothing answered wrong.

Member Avatar for jholland1964

Ok, just checking. You don't appear to be running any anti-virus program but your log shows entries of file creations for both Avira and Avast.
An anti-virus program is a MUST, along with a firewall. The only security program showing is Windows Defender, which really isn't worth much and is not an anti-virus program.

Please run this online scan, have it remove everything found and post back here with the log it produces:

ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Member Avatar for Cheda

Ok, aparently the PING.exe simply desappeared after running the Malwarebytes. I am logged on since I posted the logs and no sign of this or anything using all of my CPU. But I'm going to continue the process just for precaution. I'm going to activate avast and use the EST Online Scanner right now and post the log here. Is there anything I have to do to a better protection of my computer?

Member Avatar for jholland1964

Run ESET first.
Avast does not show as installed it would have to be installed first. But wait until we see if any more is found before installing other programs, even an anti-virus program.

Member Avatar for Cheda

So, all ESET informed as Log:

----------------------------------------------------
ESET Log.txt
----------------------------------------------------

C:\$Recycle.Bin\S-1-5-21-2492158278-591734674-2175858800-1000\$RC5XDSG.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\ICReinstall\cnet2_rt60ln90_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.E trojan cleaned by deleting - quarantined

Member Avatar for jholland1964

Still finding infections. Do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Post back with the log.

Member Avatar for Cheda

There is this problem that happened, when I used the ESET I couldn't rebot my computer, one of this corrupted files must be a important file or really a windows file or anything, but the thing is, after I finished it all and turned off the computer, as soon as I turned it on, the windows couldn't be inicialized. There was a error message saying that it was needed to do a system restore, and the backup was done to the last time I used it, without the Ping thing but before the ESET been used, I didn't even had the chance to try the Combofix. Do I try it anyway or use the computer like this, since there is no error in it apparently, and just instal an antivirus?

Member Avatar for Cheda

Hmmm, the thing is worse that I thought. The PING reappeared ):

Member Avatar for jholland1964

One reason I asked if this was a legal copy of Windows 7. One of the files noted by MBA-M could indicate a pirated system.
Try to boot to Safe Mode and let me know.

Member Avatar for Cheda

I already made the system restore, but entered in safe mode, and it is working there.

Member Avatar for jholland1964

It is working in Safe mode because whatever that missing file is probably isn't needed in safe mode.
Can you use Safe Mode with networking? Meaning you can be online in Safe mode.

Member Avatar for Cheda

Yes, I can. Now?

Member Avatar for jholland1964

Download and run this program TDSSKiller

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

When the program opens, click the Start scan button. The scan time is very short (less than a minute). If the scan completes with nothing found, click Close to exit. If malicious objects are found, the default action will be Cure. Click on Continue. If suspicious objects are found, the default action will be Skip. Click on Continue. It may ask you to reboot the computer to complete the disinfection. If so, please do so. Normal mode if possible.

Post back here with the log.

Member Avatar for Cheda

Duration: 00:00:11
Processed: 267 objects
Found: 0 threats
Neutralized: 0 threats
Quarentined: 0 objects

Member Avatar for jholland1964

Run combofix as instructed earlier.

Member Avatar for Cheda

If my windows isn't original, isn't it going to have any trouble with the Combofix?

Member Avatar for jholland1964

If you have concerns, then of course do not run Combofix and you need to actually find out IF the system is legal. If it is not legal then you are going to continue having problems until it IS legal.

I suggest that you go to and read all the necessary information on these pages.

http://windows.microsoft.com/en-US/windows7/How-can-I-tell-if-Windows-7-is-activated


http://windows.microsoft.com/en-US/windows7/Activating-Windows-7-frequently-asked-questions

Edited by jholland1964 because: n/a
Member Avatar for Cheda

Just foud out, my softuare isn't original. It is a copy my uncle had at work mhe used because the originals weren't there.

Now, I just passed again the Malwarebytes, and the log was:

----------------------------------------------------
MBA-M Log
----------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8393

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

19/12/2011 20:13:11
mbam-log-2011-12-19 (20-13-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 536895
Time elapsed: 50 minute(s), 1 second(s)

Memory Processes Infected: o
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

But the PING thing that makes my CPU work at 100% continues there

Member Avatar for jholland1964

Just foud out, my softuare isn't original. It is a copy my uncle had at work mhe used because the originals weren't there.

Well then I am sorry, but I cannot continue to assist. You need to get a legal,activated operating system installed for us to continue. The problem with having a "copy" of the operating system and one that is not legal is you will not be able to obtain needed critical and security update for the system. Running a copy of the system from someplace else means that your system does not have it's own product key, which it needs to have.

This may be, though I cannot say for sure, but may be the reason for your infections, the system is out of date. You need to get this system it's own product code from Microsoft for it to be legal. If it is not the reason it will likely be the reason in the future.

Eventually other programs may also not be able to either be installed or updated because they require and up to date legal operating system and do check this before installs.

Edited by jholland1964 because: n/a
Member Avatar for Cheda

Yeah, maybe that is the problem. But I wanted to take it of here because I need to save my files withou the risk of bringing the virus together, so I can format e instal a legal software. Isn't there a way I can do that? My system is updated and answering as if it was original. It appears that the registry and the keys were originals.

Member Avatar for jholland1964

You can try to save your files to a cd/dvd if you wish, an external hard drive, flash drive. But before they would be put onto and new, clean and legal system each file must be scanned with an av program and MBA-M to be sure they are not infected.

Member Avatar for jreck

I am seeing the same problem. While I don't yet know how to remove the damn thing, I have at least temporarily removed the 100%CPU part of the problem by excuting "del c:\windows\system32\ping.exe & copy c:\windows\system32\mshearts.exe c:\windows\system32\ping.exe" from a cmd shell.

You have to do this in a script (I used a cygwin bash shell but a DOS .bat file should work too) as the virus program watches to see if ping.exe is deleted and creates a new copy fairly quickly - faster than I was able to match just with the file explorer.

Anyways, the result for now is that the virus program now starts mshearts (hearts) rather than ping which doesn't swamp my CPU and allows faster running of other stuff. BTW, running GMER right now which has detected a hidden/no-name module which I hope will be a big step towards getting rid of this problem.

Member Avatar for jholland1964

I am seeing the same problem. While I don't yet know how to remove the damn thing, I have at least temporarily removed the 100%CPU part of the problem by excuting "del c:\windows\system32\ping.exe & copy c:\windows\system32\mshearts.exe c:\windows\system32\ping.exe" from a cmd shell.

You have to do this in a script (I used a cygwin bash shell but a DOS .bat file should work too) as the virus program watches to see if ping.exe is deleted and creates a new copy fairly quickly - faster than I was able to match just with the file explorer.

Anyways, the result for now is that the virus program now starts mshearts (hearts) rather than ping which doesn't swamp my CPU and allows faster running of other stuff. BTW, running GMER right now which has detected a hidden/no-name module which I hope will be a big step towards getting rid of this problem.

You need to create your own thread. Help is not given to more than one person per thread.
You must begin by followin our Read Me First sticky and post back in your own thread with those logs.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.