Infection date and initial symptoms
The Last Week of April 2015.
Current issues and symptoms
It causes extreme lag which is annoying.
Steps taken in order to remove the infection
I tried different Anti-Virus like Malwarebytes and other else but they didn't fixed anything.

argus

Former MalwareTips Staff
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
 

argus

Former MalwareTips Staff
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
KillAll::

RegLockDel::
[HKEY_USERS\S-1-5-21-1933547834-1420827827-3990081825-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAArIQbsT9b/k+GLBrXXftiOgAAAAACAAAAAAAQZgAAAAEAACAAAAAcbY5BhDDIlrldUz3nY2XLEkRTsemQvtOC1VwFB4RiXAAAAAAOgAAAAAIAACAAAACqxiQ1UA8eMHL0l3RYlCvjEIGpL8FQh4H/Mn4QD9OmORAAAABhmHcMpLYjYvMk54oiS5riQAAAACIqxEYsVPxxrAYFjUjtQsTx4j2zU1O6EKMJiT9OhMPKW+Yid2Y2rDfmVN5XfU/KsCbsa3+0OY3o+uMvhn8g3Tc="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtRgPXe1v1EKGAqQj5b8hpgAAAAACAAAAAAAQZgAAAAEAACAAAADT2JGwvPqMceoWpens0wTEtjIQuz18ZT8C22jMVxrjEwAAAAAOgAAAAAIAACAAAABee9nRSd29klpoPZMsxcd0/C3xDcaM0JPOLIq954vNxCAAAACx8ZzKDeYXQos8ZdxqOGmP/cimDJ1aIMHGOEbHsfgfCEAAAABirUSmTTI+n69/S6/KZLaKaobp7ZMICrHnX7Py2NQPveDRRAaAucIW1JhUMJ1bdUJQIFL0gjNr+uOQs4K7xP1b"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAArIQbsT9b/k+GLBrXXftiOgAAAAACAAAAAAAQZgAAAAEAACAAAADY0Cmwu9PyVn6BiUg7WHo08jDh3cwsyaJJISgtSTFOlQAAAAAOgAAAAAIAACAAAACLY51uEbtQIHPTvHwX7mClaC9b4FqLZsogzQ+f331AyhAAAACoDNpicyqg0El7Kk1kVNP5QAAAAOyCcz2k1M55vVjWcIbliBWP2HXKtf8DJaKBk9SZVYHNP81xQWazqT5+DU1gupeD9IuHwDeHx9qGdUjw76qRnro="

File::
C:\mnwu.exe
c:\windows\SYSNATIVE\GameMon.des

Driver::
npggsvc

ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 

argus

Former MalwareTips Staff
Scan with McSield

Please download McShield by dr_bora and save it to your desktop.

  • Install it on your machine.
  • It will initially run a scan and show the result as a toaster by the system clock.
  • Start the Control Centre by clicking on the
    icon in your system tray.
  • Go to the Scanner tab and tick unhide items on flash drives.
  • Plug in the drive and McShield will start a scan.
  • A logfile of this scan may be found in the Logs tab of the main screen.

Please include that log in your next reply.
 

Jeriel1234

New Member
I tried to scan with MCShield the drive. But it said there's no drive there. I think I already removed it ages ago.
 

argus

Former MalwareTips Staff
Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.
 

argus

Former MalwareTips Staff
Try System Restore on 04-06-2015 18:26:50
The file is created 2015-06-05 07:43

Do not reboot the PC!