Вирус game total domination


Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others. If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed. All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen. If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to. Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.




Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE : IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Let's get started.

FIRST
Tech Support Guy asks that you supply the scan from this post; the TSG SysInfo utility (Everyone MUST read this BEFORE posting for help in this forum).

SECOND
Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator. " (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Tether\TBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\. \Run: [] => [X]
HKLM\. \Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\. \Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\. \Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\. \Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\. \Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3358529588-1858457421-2119217295-1000\. \Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-18\. \RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-28] (Microsoft Corporation)
AppInit_DLLs: C:/PROGRA

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Tether; C:\Program Files\Tether\TBService.exe [49080 2010-03-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 11:27 - 2014-12-20 14:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 20:21 - 2009-07-13 20:34 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:21 - 2009-07-13 20:34 - 00020576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:13 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 09:16 - 2014-06-24 09:38 - 00000000 ____D () C:\Users\dp\AppData\Local\Windows Live
2015-01-18 19:49 - 2014-03-08 11:26 - 00000000 ____D () C:\Program Files\Google
2015-01-18 19:02 - 2014-03-08 11:26 - 00000000 ____D () C:\Users\dp\AppData\Local\Google
2015-01-18 18:47 - 2011-01-28 09:17 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-18 18:47 - 2010-03-09 20:17 - 00000000 ____D () C:\Users\dp\AppData\Roaming\Apple Computer
2015-01-18 18:47 - 2010-03-09 20:17 - 00000000 ____D () C:\Users\dp\AppData\Local\Apple Computer
2015-01-18 18:43 - 2010-12-25 10:09 - 00000000 ____D () C:\Users\dp\AppData\Roaming\DVDVideoSoft
2015-01-18 18:42 - 2010-12-25 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-18 18:38 - 2010-03-10 17:48 - 00000000 ____D () C:\Program Files\Research In Motion
2015-01-18 18:37 - 2010-03-10 17:48 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2015-01-18 17:59 - 2014-03-28 20:37 - 00000000 ____D () C:\Users\dp\AppData\Roaming\Spotify
2015-01-18 17:55 - 2010-12-25 10:09 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-18 17:55 - 2009-07-13 18:04 - 00000615 _____ () C:\Windows\win.ini
2015-01-18 13:45 - 2010-06-04 20:12 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-18 13:45 - 2010-06-04 20:01 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-01-18 13:38 - 2011-04-04 16:00 - 00000000 ____D () C:\Users\dp\AppData\Local\Adobe
2015-01-18 13:27 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Resources
2015-01-18 13:19 - 2010-03-09 20:09 - 00000000 ____D () C:\Users\dp
2015-01-18 03:05 - 2014-06-15 15:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 03:01 - 2014-06-15 15:51 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 10:27 - 2014-02-26 11:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-17 10:27 - 2014-02-26 11:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-17 08:58 - 2014-03-28 20:37 - 00000000 ____D () C:\Users\dp\AppData\Local\Spotify
2015-01-13 08:15 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 03:13 - 2010-03-09 20:34 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2010-09-04 14:03 - 2011-03-28 19:43 - 0000231 _____ () C:\Users\dp\AppData\Roaming\Rim.Desktop.Exception.log
2010-08-28 23:16 - 2014-05-26 07:36 - 0002810 _____ () C:\Users\dp\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-01-18 13:35 - 2015-01-18 13:35 - 0000046 _____ () C:\Users\dp\AppData\Roaming\WB.CFG
2015-01-18 12:44 - 2015-01-18 12:44 - 0000064 _____ () C:\Users\dp\AppData\Local\00b8c1270aa3f44e5fb958ea63648b0a
2010-04-24 12:00 - 2010-10-22 13:35 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-02-28 12:57 - 2014-07-27 19:35 - 0021308 _____ () C:\ProgramData\hpzinstall.log

(There is no automatic fix for files that do not pass verification.)

Читайте также:

Пожалуйста, не занимайтесь самолечением!
При симпотмах заболевания - обратитесь к врачу.

Copyright © Иммунитет и инфекции