Virus/Malware won't let me open certain programs.

Hi, at first I thought this problem was just with skype, but after finding a file that I wasn't sure about, I decided to download Avast Anit Virus software, Spybot Search and Destory and Malwarebytes, I ran A virus scan and nothing was found, although it has popped up a few times saying Malware found, but it doesn't do anything about it nor leave me an option to do anything about it. I cant execute Spybot or malware bytes, I tried to open them both in safemode but I have the same error there, whatever this is it's running all the time, even in safemode.

Ive found the virus/malware (.exe file) with a random name, in a random name folder. I cant remove it because its running, but i cant see it in taskmanager. I tried to enter regedit and remove it but it is instantly recreated and i guess thats because its currently running from appdata>random>.exe
I tried msconfig and to uncheck it on bootup but it instantly rechecks itself. Ive started to notice my pc slow down a little, not a great lot but enough to notice, Im completely out of ideas on how to remove it seeing as i cant shut it down in safemode or delete it from registry because its recreating itself due to it running.

I'll attach a picture below to show you it in msconfig, appdata and registry to see if you can make sense of it for me..



Help would be much appreciated. Basically all i can tell its doing is making it impossible to open certain things, skype for example and spybot S/D and malwarebytes, not tried to open anything else though things like orogin/steam do load up fine.

Thanks, luke.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

I ran ComboFix Skype and Malwarebytes along with Spybot are currently working. The .exe that was running has gone, not in appdata nor in registry or in msconfig!

ComboFix 12-04-16.04 - Luke 17/04/2012 19:51:00.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3326.1952 [GMT 1:00]
Running from: c:\users\Luke\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Luke\AppData\Local\assembly\tmp
c:\users\Luke\AppData\Local\fofpfife.log
c:\users\Luke\AppData\Local\glufdpfx.log
c:\users\Luke\AppData\Local\jhswoeoy.log
c:\users\Luke\AppData\Local\qnydgbgu.log
c:\users\Luke\AppData\Local\sjpapakx.log
c:\users\Luke\AppData\Local\uqgubjjr\dwukljpi.exe
c:\users\Luke\AppData\Local\wuipujkv.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\networkdlllsp.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 19:11 . 2012-04-17 19:11 -------- d-----w- c:\users\Luke\AppData\Roaming\Skype
2012-04-17 19:09 . 2012-04-17 19:11 -------- d-----w- c:\users\Luke\AppData\Local\temp
2012-04-17 19:09 . 2012-04-17 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 18:57 . 2012-04-17 18:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6846D8D3-4AB6-4DD0-888A-A48CE1AB1472}\offreg.dll
2012-04-17 17:06 . 2012-04-17 17:06 -------- d-----w- c:\program files\TeamViewer
2012-04-17 11:44 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6846D8D3-4AB6-4DD0-888A-A48CE1AB1472}\mpengine.dll
2012-04-17 05:43 . 2012-04-17 05:43 -------- d-----w- c:\program files\Common Files\Skype
2012-04-17 05:43 . 2012-04-17 05:43 -------- d-----r- c:\program files\Skype
2012-04-17 04:29 . 2012-04-17 04:29 -------- d--h--w- c:\windows\PIF
2012-04-17 03:29 . 2012-04-17 11:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-17 03:22 . 2012-04-17 19:11 -------- d-----w- c:\users\Luke\AppData\Local\uqgubjjr
2012-04-17 01:46 . 2012-04-17 01:46 -------- d-----w- c:\users\Luke\AppData\Roaming\Malwarebytes
2012-04-17 01:46 . 2012-04-17 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-17 01:46 . 2012-04-17 01:46 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 01:46 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-17 01:32 . 2012-04-17 02:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-17 01:32 . 2012-04-17 01:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-16 22:45 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-16 22:45 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-16 22:45 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-16 22:45 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-16 22:45 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-16 22:45 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-16 22:44 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-16 22:44 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-16 22:44 . 2012-04-16 22:44 -------- d-----w- c:\programdata\AVAST Software
2012-04-16 22:44 . 2012-04-16 22:44 -------- d-----w- c:\program files\AVAST Software
2012-04-16 14:03 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-16 14:03 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-04-16 14:03 . 2012-02-29 23:59 301376 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-04-16 14:03 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-04-16 14:03 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-04-16 14:03 . 2012-02-29 23:59 215360 ----a-w- c:\windows\system32\nvinit.dll
2012-04-16 14:03 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-04-16 14:03 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-04-16 14:03 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-04-15 18:18 . 2012-04-15 19:25 -------- d--h--w- c:\users\Luke\AppData\Local\ESN Sonar
2012-04-15 13:21 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-15 13:21 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\windows\system32\SPReview
2012-04-15 12:58 . 2012-04-15 12:58 -------- d-----w- c:\windows\system32\EventProviders
2012-04-15 12:41 . 2012-04-15 12:41 -------- d-----w- c:\program files\Microsoft.NET
2012-04-15 02:01 . 2012-04-15 02:01 -------- d-----w- c:\program files\Battlelog Web Plugins
2012-04-15 01:59 . 2012-04-15 01:59 -------- d-----w- c:\programdata\EA Core
2012-04-15 01:59 . 2012-04-15 14:41 -------- d-----w- c:\programdata\EA Logs
2012-04-15 01:48 . 2012-04-15 01:48 -------- d--h--w- c:\program files\Common Files\EAInstaller
2012-04-15 00:47 . 2012-04-15 00:51 -------- d-----w- c:\program files\Origin Games
2012-04-15 00:47 . 2012-04-15 01:59 -------- d-----w- c:\programdata\Origin
2012-04-15 00:47 . 2012-04-15 00:47 -------- d-----w- c:\users\Luke\AppData\Local\Origin
2012-04-15 00:46 . 2012-04-15 00:47 -------- d-----w- c:\users\Luke\AppData\Roaming\Origin
2012-04-15 00:46 . 2012-04-15 02:00 -------- d-----w- c:\programdata\Electronic Arts
2012-04-15 00:46 . 2012-04-15 00:47 -------- d-----w- c:\program files\Origin
2012-04-14 13:18 . 2012-04-14 13:18 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-12 09:20 . 2012-04-16 14:05 -------- d-----w- c:\users\UpdatusUser
2012-04-12 09:19 . 2012-02-29 20:58 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-04-12 09:19 . 2012-02-29 23:59 812352 ----a-w- c:\windows\system32\nvumdshim.dll
2012-04-12 09:19 . 2012-01-17 12:46 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-12 09:19 . 2012-01-17 12:45 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-12 09:19 . 2012-01-17 12:45 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-04-11 14:25 . 2012-04-11 14:25 -------- d-----w- c:\program files\Mumble
2012-04-11 10:01 . 2012-04-11 16:55 -------- d-----w- c:\program files\TERA
2012-04-11 02:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 02:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 23:20 . 2012-04-14 13:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 23:20 . 2012-04-14 13:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 11:00 . 2012-04-06 11:00 -------- d-----w- c:\programdata\TERA
2012-03-28 10:21 . 2012-04-15 11:46 -------- d--h--w- c:\users\Luke\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 17:46 . 2011-12-03 01:20 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-17 17:46 . 2011-12-03 01:21 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-17 17:46 . 2011-12-03 01:20 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-17 17:07 . 2011-12-03 00:35 283304 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-15 13:05 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-04-15 04:09 . 2011-12-03 01:20 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-29 23:59 . 2011-12-02 18:12 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2011-12-02 18:12 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2011-12-02 18:12 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-12-02 18:12 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2011-12-02 18:12 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56 . 2011-12-02 18:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-12-02 18:06 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-12-02 18:06 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-12-02 18:06 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-12-02 18:06 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-23 09:18 . 2011-12-02 18:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 23:47 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-13 23:47 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 23:47 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 23:47 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-13 23:47 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-13 23:47 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 01:30 . 2012-02-03 01:30 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-03 01:30 . 2011-12-05 19:29 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-25 05:27 . 2012-03-13 23:47 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 18:16 . 2011-12-02 18:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNA3100 Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-03-06 23:15 4241512 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-08 11:59 136176 ---hatw- c:\users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-12-14 05:53 9951848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-04-05 16:49 4011184 ----a-w- c:\users\Luke\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-15 23:54 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 12:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 apf001;apf001;c:\windows\system32\apf001.sys [2011-12-28 10872]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 LOWERP;LOWERP;c:\program files\LowerPing\LowerP.EXE [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-04-17 40776]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-12-04 464384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-02 1343400]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:18]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412972664-3711978797-3347141593-1000Core.job
- c:\users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 11:59]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412972664-3711978797-3347141593-1000UA.job
- c:\users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 11:59]
.
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\lp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\enym40gn.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKCU-Run-DwuKljpi - c:\users\Luke\AppData\Local\uqgubjjr\dwukljpi.exe
HKU-Default-Run-DwuKljpi - c:\users\Luke\AppData\Local\uqgubjjr\dwukljpi.exe
MSConfigStartUp-Akamai NetSession Interface - c:\users\Luke\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-DwuKljpi - c:\users\Luke\AppData\Local\uqgubjjr\dwukljpi.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe
MSConfigStartUp-Memory Cleaner - c:\users\Luke\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
MSConfigStartUp-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe
MSConfigStartUp-{B941E97D-28B6-844D-0C7A-B399DA633A64} - c:\users\Luke\AppData\Roaming\Uvatyz\ylpo.exe
AddRemove-NCsoft-AionEU - c:\program files\ncsoft\launcher\NCLauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-17 20:16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 19:16
.
Pre-Run: 792,116,469,760 bytes free
Post-Run: 792,020,746,240 bytes free
.
- - End Of File - - EEF0397A45A23F7442E092EB8B10CC5B

Good to hear!

Scan for malware

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Luke :: LUKE-PC [administrator]

Protection: Enabled

18/04/2012 02:58:59
mbam-log-2012-04-18 (02-58-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207173
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------

That is what you wanted, yes?

Good! This should be solved in a jiffy. Let me know how your computer is running...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Just got back and it was finished. Here you go mate.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=145c755d76bcdd4fabdb7044e8f96b4a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-18 09:43:30
# local_time=2012-04-18 10:43:30 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 87205435 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=208860
# found=3
# cleaned=3
# scan_time=3166
C:\Program Files\TERA\Client\Binaries\TERA.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Luke\Downloads\cnet_sreng2_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Luke\Downloads\installer_adobe_flash_player_English.exe Win32/Vittalia application (deleted - quarantined) 00000000000000000000000000000000 C

How is your computer running now?

Seems like everthing is fine

See this page for more info about malware and prevention.

Please feel free to get a good review of antivirus software here: http://www.cheetahmarket.us/antivirus-software.html

I will make sure to keep protected! Just as my mother always says haha P:

Thanks for the help mate!

You're welcome!

There is one thing i have noticed about my pc since i removed the problem though, my memory usage when on nothing but firefox and skype is sitting at 950 - 1.1 GB

This is really high compared to what it used to be and that was about 600-750.

How much memory (RAM) is on the PC?

How often do you leave Firefox open, and when do you close it?

How often do you restart your computer?

1x 4GB stick of Ram on my PC. Usually i close firefox when gaming, however bf3 requires to have firefox open, but even then it only uses roughly 100-140k. Usually when my memory usage gets high I restart my pc, but ive restarted it twice already and it's still sitting at about 940-1.1GB with just skype open.

Not sure whats changed, there isnt anything running really and from 5 days ago being at 600-750 idle and only ever going over 1GB when gaming to now being at or nearly at 1GB with nothing open or hardly anything open.. something doesnt seem right..

Any ideas?