Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Processes - Safe List]
YY -> svchostdriver.exe -> C:\Windows\update.7.1\svchostdriver.exe
YY -> ufa.exe -> C:\Windows\ufa\ufa.exe
[Win32 Services - Safe List]
YY -> (ddservice) ddservice [Auto | Running] -> C:\Windows\update.7.1\svchostdriver.exe
[Registry - Safe List]
< HOSTS File > ([2011.08.24 16:17:28 | 000,202,984 | -H-- | M] - 100098 lines) -> C:\Windows\SysNative\Drivers\etc\hosts
YN -> Reset Hosts ->
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "1061364.exe" -> C:\Users\Lukas\AppData\Local\Temp\1061364.exe ["C:\Users\Lukas\AppData\Local\Temp\1061364.exe"]
YY -> "3573962.exe" -> C:\Windows\Temp\3573962.exe ["C:\Windows\Temp\3573962.exe"]
YY -> "5666469.exe" -> C:\Users\Lukas\AppData\Local\Temp\5666469.exe ["C:\Users\Lukas\AppData\Local\Temp\5666469.exe"]
YY -> "8336656.exe" -> C:\Windows\Temp\8336656.exe ["C:\Windows\Temp\8336656.exe"]
YY -> "8623443.exe" -> C:\Windows\Temp\8623443.exe ["C:\Windows\Temp\8623443.exe"]
YY -> "86495693-loader2.exe" -> C:\Windows\Temp\86495693-loader2.exe ["C:\Windows\Temp\86495693-loader2.exe"]
YY -> "l1rezerv.exe" -> C:\Windows\l1rezerv.exe ["C:\Windows\l1rezerv.exe"]
YY -> "sysdriver32.exe" -> C:\Windows\sysdriver32.exe ["C:\Windows\sysdriver32.exe" rezerv]
YN -> "sysdriver32_.exe" -> ["C:\Windows\sysdriver32_.exe" rezerv]
YY -> "systemup" -> C:\Windows\systemup.exe ["C:\Windows\systemup.exe" stand]
YN -> "tray_ico" -> []
YY -> "tray_ico0" -> C:\Windows\update.tray-7-0\svchost.exe [C:\Windows\update.tray-7-0\svchost.exe]
YN -> "tray_ico1" -> []
YN -> "tray_ico2" -> []
YN -> "tray_ico3" -> []
YN -> "tray_ico4" -> []
YY -> "wxpdrv" -> C:\Windows\services32.exe [C:\Windows\services32.exe]
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
YN -> "AlternateShell" -> services32.exe
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{8bbddd8f-b630-11e0-8d60-806e6f6e6963}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbddd8f-b630-11e0-8d60-806e6f6e6963}\shell\AutoRun\command ->
YY -> \{8bbddd8f-b630-11e0-8d60-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\run.exe [D:\Run.exe]
[Files/Folders - Created Within 30 Days]
NY -> av_ico -> C:\Windows\av_ico
NY -> update.tray-7-0-lnk -> C:\Windows\update.tray-7-0-lnk
NY -> update.tray-7-0 -> C:\Windows\update.tray-7-0
NY -> rpcminer -> C:\Windows\rpcminer
NY -> phoenix -> C:\Windows\phoenix
NY -> update.7.1 -> C:\Windows\update.7.1
NY -> update.5.0 -> C:\Windows\update.5.0
NY -> update.2 -> C:\Windows\update.2
NY -> THQ -> C:\Users\Lukas\AppData\Local\THQ
NY -> update.1 -> C:\Windows\update.1
[Files/Folders - Modified Within 30 Days]
NY -> hîsts -> C:\Windows\SysNative\drivers\etc\hîsts
NY -> info1 -> C:\Windows\info1
NY -> l1rezerv.exe -> C:\Windows\l1rezerv.exe
NY -> phoenix.rar -> C:\Windows\phoenix.rar
NY -> rpcminer.rar -> C:\Windows\rpcminer.rar
NY -> unrar.exe -> C:\Windows\unrar.exe
NY -> ufa.rar -> C:\Windows\ufa.rar
NY -> systemup.exe -> C:\Windows\systemup.exe
NY -> geoiplist.rar -> C:\Windows\geoiplist.rar
[Files - No Company Name]
NY -> l1rezerv.exe -> C:\Windows\l1rezerv.exe
NY -> phoenix.rar -> C:\Windows\phoenix.rar
NY -> rpcminer.rar -> C:\Windows\rpcminer.rar
NY -> ufa.rar -> C:\Windows\ufa.rar
NY -> systemup.exe -> C:\Windows\systemup.exe
NY -> geoiplist -> C:\Windows\geoiplist
NY -> geoiplist.rar -> C:\Windows\geoiplist.rar
NY -> unrar.exe -> C:\Windows\unrar.exe
NY -> info1 -> C:\Windows\info1
[Custom Scans]
YY -> svchost.exe : MD5=5DCDE53F902E7BBBE5171E6A9E6B5B90 -> C:\Windows\update.2\svchost.exe
YY -> svchost.exe : MD5=6C447372C1C601DCE714F7CDB354DAAD -> C:\Windows\update.5.0\svchost.exe
YY -> svchost.exe : MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -> C:\Windows\update.1\svchost.exe
YY -> svchost.exe : MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -> C:\Windows\update.tray-7-0\svchost.exe
YY -> svchost.exe : MD5=B8F3E2AEE9E0D7BCA1691165B5A2EBA1 -> C:\Windows\update.tray-7-0-lnk\svchost.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Custom Items]
:files
ipconfig /flushdns /c
:end
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
THEN
Please download Malwarebytes’ Anti-Malware
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish, so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.