WiredWX Hobby Weather ToolsLog in

 


VIRUS PrivitzeVPN.exe

2 posters

descriptionVIRUS PrivitzeVPN.exe EmptyVIRUS PrivitzeVPN.exe

more_horiz
I accidently installed a virus please help me remove it. It's called PrivitizeVPN.exe I tried right clicking uninstall Windows Installer ask's "Are you sure you want to uninstall this product?" I say Yes and it say's "This action is only vaild for product's that are currently installed. But theres something called PrivitzeVPN.exe in my hidden icons and it wasn't there before! Please!!!! HELP as soon as possible!!!

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************************
VIRUS PrivitzeVPN.exe Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
I got this virus at pirate's bay company I clicked anoyymous download for cube world ended up with a virus.

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Nikolay\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4031 octets] - [30/07/2013 12:50:00]
AdwCleaner[S2].txt - [993 octets] - [30/07/2013 15:31:38]
AdwCleaner[S3].txt - [1639 octets] - [01/08/2013 23:11:29]
AdwCleaner[S4].txt - [999 octets] - [02/08/2013 17:54:36]

########## EOF - C:\AdwCleaner[S4].txt - [1058 octets] ##########

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Nikolay :: NIKOLAY [administrator]

Protection: Enabled

2013-08-02 6:01:21 PM
mbam-log-2013-08-02 (18-01-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356265
Time elapsed: 40 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Windows 8 x64
Ran by Nikolay on 2013-08-02 at 18:43:21.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-08-02 at 18:46:44.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
Results of screen317's Security Check version 0.99.71
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

VIRUS PrivitzeVPN.exe NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

VIRUS PrivitzeVPN.exe NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

VIRUS PrivitzeVPN.exe RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

VIRUS PrivitzeVPN.exe Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
ComboFix 13-08-02.01 - Nikolay 2013-08-02 19:46:01.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.3912.2674 [GMT -2.5:30]
Running from: c:\users\Nikolay\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-08-02 19:57 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BF3316-BB6D-492A-B1C2-AC47F60A4794}\mpengine.dll
2013-08-02 17:09 . 2013-08-02 17:09 -------- d-----w- c:\users\Nikolay\AppData\Local\VS Revo Group
2013-08-02 17:09 . 2013-08-02 17:09 -------- d-----w- c:\programdata\VS Revo Group
2013-08-02 00:58 . 2013-08-02 00:58 -------- d-----w- c:\programdata\StarApp
2013-08-02 00:58 . 2013-08-02 01:00 -------- d-----w- c:\programdata\InstallMate
2013-08-02 00:01 . 2013-08-02 00:01 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-08-01 23:47 . 2013-08-01 23:49 -------- d-----w- c:\windows\system32\MRT
2013-08-01 19:46 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-01 19:44 . 2013-08-01 19:44 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-07-31 20:41 . 2013-08-02 22:13 -------- d-----w- c:\users\Nikolay\AppData\Roaming\.minecraft
2013-07-30 16:14 . 2013-07-30 16:14 -------- d-----w- c:\windows\ERUNT
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\users\Nikolay\AppData\Roaming\Malwarebytes
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\programdata\Malwarebytes
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-30 15:24 . 2013-04-04 17:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-30 15:24 . 2013-07-30 15:24 -------- d-----w- c:\users\Nikolay\AppData\Local\Programs
2013-07-30 15:20 . 2013-07-30 15:20 174 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-29 00:39 . 2013-07-30 16:44 -------- d-----w- c:\program files\McAfee
2013-07-29 00:29 . 2013-07-30 18:03 -------- d-----w- c:\programdata\McAfee
2013-07-29 00:13 . 2013-07-29 00:13 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-07-28 23:28 . 2013-07-28 23:28 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-28 23:28 . 2013-07-28 23:28 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-28 23:28 . 2013-07-28 23:28 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-28 23:28 . 2013-07-28 23:28 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-28 23:28 . 2013-07-28 23:28 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-28 23:28 . 2013-07-28 23:28 188840 ----a-w- c:\windows\system32\java.exe
2013-07-28 23:28 . 2013-07-28 23:28 -------- d-----w- c:\program files\Java
2013-07-25 19:12 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-07-25 17:07 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-23 22:30 . 2013-07-23 22:30 -------- d-----w- c:\program files\Classic Shell
2013-07-23 20:51 . 2013-07-23 21:44 -------- d-----w- C:\Fraps
2013-07-22 21:27 . 2013-07-23 22:39 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-22 21:27 . 2013-07-22 21:30 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-07-20 21:26 . 2013-07-23 22:39 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-20 21:22 . 2013-07-20 21:22 -------- d-----w- c:\users\Nikolay\AppData\Local\PunkBuster
2013-07-20 04:04 . 2013-07-23 14:54 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-07-20 03:21 . 2013-07-20 03:21 -------- d-----w- c:\program files (x86)\EA Games
2013-07-13 17:48 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
2013-07-13 17:48 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-13 17:48 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 17:48 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 17:47 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 17:47 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 17:47 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 17:47 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 17:47 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 17:46 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-13 17:46 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-07-13 17:46 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-07-13 17:45 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-13 17:45 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-13 17:43 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-07-13 17:43 . 2013-06-11 23:25 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-07-13 17:43 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-13 17:43 . 2013-06-11 23:42 235520 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-07-13 17:43 . 2013-06-11 23:26 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-07-13 17:43 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-13 17:43 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 17:12 . 2013-07-12 17:12 6129024 ----a-w- c:\program files (x86)\Mozilla Firefox\Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 17:12 . 2013-07-12 17:12 6129024 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-11 14:13 . 2013-07-11 14:13 -------- d-----w- c:\programdata\McAfee Security Scan
2013-07-11 14:13 . 2013-07-12 15:26 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-07-05 19:00 . 2013-07-05 19:00 -------- d-----w- c:\programdata\Nexon
2013-07-05 18:51 . 2013-07-05 19:56 -------- d-----w- C:\Nexon
2013-07-05 17:20 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 13:11 . 2013-07-03 13:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 13:11 . 2013-04-27 22:14 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 13:11 . 2013-04-27 22:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-24 03:27 . 2013-05-01 18:58 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-05-30 23:24 . 2013-06-15 17:07 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-28 13:05 . 2013-06-16 16:33 163328 ----a-w- c:\windows\SysWow64\FlashPlayerUpdateService.exe
2013-05-23 23:01 . 2013-06-15 17:07 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-15 17:07 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-15 22:37 . 2013-06-13 16:58 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-13 16:58 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 02:25 . 2013-06-15 17:07 888320 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-15 17:07 542208 ----a-w- c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-15 17:07 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-15 17:07 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-13 16:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-13 16:58 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-14 01:42 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 13:19 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Acer Backup Manager Tray.lnk - c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [2012-8-23 533568]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswKbd;aswKbd; [x]
S2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-29 13:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 13:20 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-07 440640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\
FF - ExtSQL: 2013-07-24 18:35; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-01 21:08; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-08-02 18:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Nikolay\AppData\Roaming\Mozilla\Firefox\Profiles\a9utle09.default-1375299559783\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-BtPreLoad - c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-08-02 19:51:42
ComboFix-quarantined-files.txt 2013-08-02 22:21
ComboFix2.txt 2013-07-30 20:25
.
Pre-Run: 441,535,152,128 bytes free
Post-Run: 441,550,209,024 bytes free
.
- - End Of File - - CB370D01ADF785E440D82F033717A8B7
D41D8CD98F00B204E9800998ECF8427E

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
Hello Dave, I am feeling pretty confident about this download link's. Please send me all the link's, and by tomorrow you will have all the log result's I can promise you that. Does that sound good to you?

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
But theres something called PrivitzeVPN.exe in my hidden icons and it wasn't there before!

Did you try deleting it? I didn't see the complete AdwCleaner log. Do you still see that file? Please run your task manager and see if that file is in the processes.

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
Hmm I checked the backround progresses and the window progresses not there... But, I researched this virus a little bit and it's a virus, I managed to remove the add-on's etc etc that came with it but its in my hidden icon's and that worrie's me a little bit.

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
nikolay2013 wrote:
Hmm I checked the backround progresses and the window progresses not there... But, I researched this virus a little bit and it's a virus, I managed to remove the add-on's etc etc that came with it but its in my hidden icon's and that worrie's me a little bit.

Please run AdwCleaner again and then try to delete that file.

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
I ran AdvCleaner again, the file isn't there so, does that mean it cannot harm my machine?

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
You stated that you could see the PrivitizeVPN.exe in your hidden icons. I don't understand what you mean by this. Can you still see that file?
That file should be found here:PrivitizeVPN.exe is usually located in the 'C:\Program Files (x86)\PrivitizeVPN\' folder. Do you have that program on your computer?

descriptionVIRUS PrivitzeVPN.exe EmptyRe: VIRUS PrivitzeVPN.exe

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum