Jump to content

Drakath

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I think it will be best if I reinstall my OS. But is it safe to do banking after I reinstall it ?
  2. Strange, the logs doesn't show up. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.3.8 (08.07.2013:4)OS: Windows 8 Enterprise x64Ran by Gabrielius on Thu 08/08/2013 at 20:27:07.89~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== tsiVideo REG_SZ C:\Windows\SysWOW64\rundll32.exe C:\Users\GABRIE~1\AppData\Local\Temp\\tsiVi132.dll,start ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownloadSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolutionSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\biFailed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngrFailed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcoreSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltechSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeincSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecauseSuccessfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1609100127-955032454-4246939457-1001\Software\SweetIM"Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylonFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngrSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngrSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4FB83DB-39D0-42C3-AF08-18BA28F624CC} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\Gabrielius\AppData\Roaming\babylon"Successfully deleted: [Folder] "C:\Program Files (x86)\adventurequest worlds toolbar"Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\freecause" ~~~ FireFox Successfully deleted: [File] C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\user.jsSuccessfully deleted: [File] C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\invalidprefs.jsSuccessfully deleted: [File] C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\searchplugins\babylon.xmlSuccessfully deleted: [File] C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\searchplugins\delta.xmlSuccessfully deleted: [Folder] C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\fctbSuccessfully deleted the following from C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\prefs.js user_pref("extensions.delta.admin", false);user_pref("extensions.delta.aflt", "babsst");user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");user_pref("extensions.delta.autoRvrt", "false");user_pref("extensions.delta.dfltLng", "en");user_pref("extensions.delta.excTlbr", false);user_pref("extensions.delta.ffxUnstlRst", true);user_pref("extensions.delta.id", "102573bb00000000000094de802b2c74");user_pref("extensions.delta.instlDay", "15866");user_pref("extensions.delta.instlRef", "sst");user_pref("extensions.delta.newTab", false);user_pref("extensions.delta.prdct", "delta");user_pref("extensions.delta.prtnrId", "delta");user_pref("extensions.delta.rvrt", "false");user_pref("extensions.delta.smplGrp", "none");user_pref("extensions.delta.tlbrId", "base");user_pref("extensions.delta.tlbrSrchUrl", "");user_pref("extensions.delta.vrsn", "1.8.21.5");user_pref("extensions.delta.vrsnTs", "1.8.21.519:02:58");user_pref("extensions.delta.vrsni", "1.8.21.5");user_pref("extensions.delta_i.babExt", "");user_pref("extensions.delta_i.babTrack", "affID=44444");user_pref("extensions.delta_i.srcExt", "ss");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.2797317.KeywordHistory", "my%2520ip%7C");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.AutoSearchEventData", "auto%20search");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.ClearCacheDate", 7);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.DisplayEULA", false);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.DnsCatchEventData", "dns%20catch");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.EnableDCA", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.FirstLaunchShown", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.LoadLayoutDate.59925", 7);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.NewTabSearchEventData", "tab%20search");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.ShowRecommendedOptions", false);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.StateReportDate", "1375867824291");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.TopRightSearchEventData", "top%20right%20search");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.Uninstall", false);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeInstallSaved", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.beforeinstall.search", "Google");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.comp.search.2797317.width", "263");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.customNewTab", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.CaptureType", 2);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingDisabled", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130806.connection_error", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130806.invalid_cert", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130806.server_error", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130806.success", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130807.connection_error", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130807.invalid_cert", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130807.server_error", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.clickSendingStats.20130807.success", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.dcaConfigInterval", "2880");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.enableVoicebox", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.epochTimeInterval", "1440");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.eulaVersion", 20110301);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaConfigTime", "1375907297798");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastDcaStatus", 1);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEpochTime", "1375907297140");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastEventSendAttemptDate", "20130807");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.lastPingTime", "1375811248678");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.panelID", "FCZ3AGLfox");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.pingInterval", "1440");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.privacyFailures", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.probationLength", 0);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.userID", "FCZ3AGL84219440");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.dca.version", "1.7.0.9411");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.installDate", "07122013");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.dca.version", "1.300.434");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.helpUsImprove", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.hideOthers", false);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.processAddrBar", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.restoreSearch", false);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.searchHistory", true);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.session", "64160F31B854C3F923CCFB483E25060DE13EB84992691F44CB25432DFABE2BF3EFABDABF22ADF8A4F87C8518AF233F30291D219203CEF3Duser_pref("freecause88c4479d35154ca3a80527b920c3bf6d.showFirstLaunchOptions", false);user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.tb_lang", "en");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.tool_id", "59925");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_id", "84219440");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_key", "f204b3a7600585c892968f91c5b8aff256f1e4a6");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_layouts", "59925");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.user_lnames", "AdventureQuest%20Worlds%20Toolbar");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63");user_pref("freecause88c4479d35154ca3a80527b920c3bf6d.yahooSearch", true);Emptied folder: C:\Users\Gabrielius\AppData\Roaming\mozilla\firefox\profiles\rijiyuj7.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/08/2013 at 20:29:09.28End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/08/2013 at 21:15:53# Updated 19/07/2013 by Xplode# Operating system : Windows 8 Enterprise (64 bits)# User : Gabrielius - GAMING-LAND# Boot Mode : Normal# Running from : C:\Users\Gabrielius\Downloads\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Gabrielius\AppData\Local\Bundled software uninstaller ***** [Registry] ***** Key Deleted : HKCU\Software\CompeteIncKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Wow6432Node\5a6dcdcb33fbe13Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstallerKey Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Gabrielius\AppData\Roaming\Mozilla\Firefox\Profiles\rijiyuj7.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "Search the Web");Deleted : user_pref("browser.search.selectedEngine", "Search the Web"); -\\ Google Chrome v28.0.1500.95 File : C:\Users\Gabrielius\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[s1].txt - [1920 octets] - [08/08/2013 21:15:53] ########## EOF - C:\AdwCleaner[s1].txt - [1980 octets] ##########
  3. Sorry, something went wrong. Here are the JRT and AdwCleaner logs:
  4. I guess its just a coincidence, but when I was about to click "Remove Selected" my screen went black and I had to restart the pc. I did the quick scan again and removed it successfully, here is the log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.08.06Windows 8 x64 NTFSInternet Explorer 10.0.9200.16635Gabrielius :: GAMING-LAND [administrator]8/8/2013 9:38:08 PMmbam-log-2013-08-08 (21-38-08).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 244122Time elapsed: 4 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Data: "C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\nircmd.exe" exec hide "C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\start.bat" -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 22C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\svchost.exe (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Desktop\cheat.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\drivers.zip (Trojan.BitCoinMiner) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\FreeMouseAutoClickerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\PCPerformerSetup.exe (PUP.Optional.InstallBrain) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\WinUpdate.zip (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\19C26F33-BAB0-7891-B991-8D83AC94A98F\Latest\ccp.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\19C26F33-BAB0-7891-B991-8D83AC94A98F\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\19C26F33-BAB0-7891-B991-8D83AC94A98F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\iswizard\dwm.exe (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\iswizard\iswizard.7z (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Local\Temp\iswizard\wuaudit.exe (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Downloads\CheatEngine62.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Downloads\SoftonicDownloader_for_auto-clicker.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Downloads\SoftonicDownloader_for_scite.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Downloads\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Local Settings\Temporary Internet Files\Content.IE5\DQ2MC4FH\pack[1].7z (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.C:\Users\Gabrielius\Local Settings\Temporary Internet Files\Content.IE5\JGCMSQ07\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> Quarantined and deleted successfully.C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\nircmd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.(end)
  5. Is it necessary to uninstall uTorrent ? Can I just end its process ?
  6. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2 Run by Gabrielius at 22:04:09 on 2013-08-07 „Microsoft“ Windows 8 Enterprise 6.2.9200.0.1252.1.1033.18.16345.13431 [GMT 3:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\dashost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Games\MTA San Andreas 1.3\server\MTA Server.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\dwm.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uURLSearchHooks: FCToolbarURLSearchHook Class: {61420c5c-7f3e-4f29-9987-e7e31687ab75} - C:\Program Files (x86)\AdventureQuest Worlds Toolbar\Helper.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll BHO: AdventureQuest Worlds Toolbar BHO: {745A6D3B-4DB0-4246-B596-9189787D4ED5} - C:\Program Files (x86)\AdventureQuest Worlds Toolbar\Toolbar.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - <orphaned> BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: AdventureQuest Worlds Toolbar: {3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C} - C:\Program Files (x86)\AdventureQuest Worlds Toolbar\Toolbar.dll TB: AdventureQuest Worlds Toolbar: {3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C} - C:\Program Files (x86)\AdventureQuest Worlds Toolbar\Toolbar.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [uTorrent] "C:\Users\Gabrielius\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED uRun: [NvidiaHostStart] C:\Users\Gabrielius\AppData\Local\NVIDIA Corporation\nvsync.exe uRun: [AdobeBridge] <no file> mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.11.1 TCP: Interfaces\{5FD1F44E-EE10-4CEB-A62E-A15BFE29DB55} : DHCPNameServer = 192.168.11.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Gabrielius\AppData\Roaming\Mozilla\Firefox\Profiles\rijiyuj7.default\ FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.ftp - 218.93.53.116 FF - prefs.js: network.proxy.ftp_port - 8888 FF - prefs.js: network.proxy.http - 218.93.53.116 FF - prefs.js: network.proxy.http_port - 8888 FF - prefs.js: network.proxy.socks - 218.93.53.116 FF - prefs.js: network.proxy.socks_port - 8888 FF - prefs.js: network.proxy.ssl - 218.93.53.116 FF - prefs.js: network.proxy.ssl_port - 8888 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Users\Gabrielius\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-25 19:56; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; C:\Users\Gabrielius\AppData\Roaming\Mozilla\Firefox\Profiles\rijiyuj7.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} FF - ExtSQL: 2013-07-12 15:39; {88c4479d-3515-4ca3-a805-27b920c3bf6d}; C:\Users\Gabrielius\AppData\Roaming\Mozilla\Firefox\Profiles\rijiyuj7.default\extensions\{88c4479d-3515-4ca3-a805-27b920c3bf6d}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 102573bb00000000000094de802b2c74 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15866 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:02:58 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=44444 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false); . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-4-27 283200] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-27 4150112] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-2 178824] S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\Drivers\UsbFltr.sys [2007-4-9 12288] S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== File Associations =============== . FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2013-08-07 13:22:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-08-07 13:22:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-07 11:01:36 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBCC43D7-5153-4CFE-81C0-C32E1997B3ED}\mpengine.dll 2013-08-06 10:03:42 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-08-05 13:48:47 -------- d-----w- C:\Program Files (x86)\Resource Hacker 2013-08-05 13:37:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-08-05 13:26:03 -------- d-----w- C:\Program Files (x86)\MyPC Backup 2013-08-05 13:25:14 -------- d-----w- C:\Program Files (x86)\OApps 2013-08-05 13:25:12 -------- d-----w- C:\ProgramData\Tarma Installer 2013-08-01 09:35:44 262832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10212.bin 2013-07-24 21:04:32 -------- d-----w- C:\Program Files (x86)\Shivinder Singh Narr 2013-07-23 17:54:19 -------- d-----r- C:\Program Files (x86)\Skype 2013-07-22 15:32:03 -------- d-----w- C:\Users\Gabrielius\AppData\Roaming\Kalypso Media 2013-07-22 15:32:03 -------- d-----w- C:\Users\Gabrielius\AppData\Local\FLT 2013-07-14 18:36:12 -------- d-----w- C:\ProgramData\SystemRequirementsLab 2013-07-12 12:50:32 -------- d-----w- C:\Program Files (x86)\Common Files\FreeCause 2013-07-12 12:50:28 -------- d-----w- C:\Program Files (x86)\AdventureQuest Worlds Toolbar 2013-07-12 12:39:18 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-10 11:46:23 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll 2013-07-10 11:46:23 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-10 11:46:23 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-10 11:46:23 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-10 11:46:23 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 11:46:22 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll 2013-07-10 11:46:22 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll 2013-07-10 11:39:51 4036096 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2013-07-01 10:40:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-01 10:40:57 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-07-01 10:40:57 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-23 18:23:59 5856 ----a-w- C:\ProgramData\NanoRepository.bin 2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll 2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll 2013-06-21 02:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-04 06:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2013-06-04 06:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe 2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS 2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe 2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll 2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll 2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll 2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll 2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe 2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe 2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll 2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll 2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll 2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll 2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll 2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll 2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll 2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll 2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll 2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-05-27 22:03:52 146 ----a-w- C:\virus.reg 2013-05-27 22:02:42 53 ----a-w- C:\start.bat 2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi 2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe 2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi 2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe 2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll 2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-05-15 22:35:47 144384 ----a-w- C:\Windows\System32\tssdisai.dll 2013-05-15 02:25:59 888320 ----a-w- C:\Windows\System32\autochk.exe 2013-05-15 02:25:44 542208 ----a-w- C:\Windows\System32\untfs.dll 2013-05-15 02:24:10 793088 ----a-w- C:\Windows\SysWow64\autochk.exe 2013-05-15 02:24:01 482816 ----a-w- C:\Windows\SysWow64\untfs.dll 2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll 2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll . ============= FINISH: 22:04:22.84 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . „Microsoft“ Windows 8 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 4/27/2013 1:37:05 PM System Uptime: 8/7/2013 4:16:34 PM (6 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H77-DS3H Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | 3901/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 465 GiB total, 213.338 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP17: 7/16/2013 9:03:36 PM - Installed Assassin's Creed(R) III v1.06 RP18: 7/22/2013 6:28:04 PM - Installed DirectX RP19: 7/23/2013 6:56:24 PM - Installed Skype™ 6.6 RP20: 7/25/2013 12:03:58 AM - Installed Ultimate Auto Typer Ver. 3.0 RP21: 8/2/2013 2:41:18 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 Plugin Adobe Photoshop CS6 AdventureQuest Worlds Toolbar Assassin's Creed(R) III v1.06 Astroburn Lite Bandicam Bandisoft MPEG-1 Decoder Bundled software uninstaller Cheat Engine 6.2 Company of Heroes 2 Counter-Strike Global Offensive DAEMON Tools Lite Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition FileZilla Client 3.7.1 Fraps v3.5.99 Build 15618 Google Chrome Google Earth Google Update Helper GTA San Andreas Java 7 Update 25 Java Auto Updater K-Lite Codec Pack 6.0.4 (Basic) Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Español Microsoft Office Shared 32-bit MUI (English) 2013 Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Word MUI (English) 2013 Microsoft_VC100_CRT_x86 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Minecraft1.5.1 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MTA:SA v1.3.3 Notepad++ NVIDIA 3D Vision Controller Driver 320.49 NVIDIA 3D Vision Driver 320.49 NVIDIA Control Panel 320.49 NVIDIA GeForce Experience 1.5.1 NVIDIA Graphics Driver 320.49 NVIDIA HD Audio Driver 1.3.24.2 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.13.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 6.4.23 NVIDIA Update Components Outils de vérification linguistique 2013 de Microsoft Office - Français PDF Settings CS6 PunkBuster Services PuTTY version 0.62 Resource Hacker Version 3.6.0 Security Update for Microsoft Lync 2013 (KB2817465) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2817491) 64-Bit Edition Skype™ 6.6 System Requirements Lab CYRI TeamViewer 8 Tomb Raider Ultimate Auto Typer Ver. 3.0 Unity Web Player Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition Update for Microsoft Office 2013 (KB2817482) 64-Bit Edition Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition Update for Microsoft Office 2013 (KB2817492) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition Update for Microsoft Outlook 2013 (KB2817468) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2817469) 64-Bit Edition Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Update for Microsoft Word 2013 (KB2767863) 64-Bit Edition Update for Microsoft Word 2013 (KB2810086) 64-Bit Edition Uplay WinRAR 4.20 (64-bit) YouTube Song Downloader . ==== Event Viewer Messages From Past Week ======== . 8/5/2013 4:29:41 PM, Error: Service Control Manager [7031] - WebCakeUpdater tarnybos skirtas laikas netiketai baigesi. Tai buvo atlikta 1 karta (-us). Šis koregavimo veiksmas užims 5000 milisek.: Restart the service. 8/5/2013 4:25:28 PM, Error: Service Control Manager [7030] - DefaultTabSearch tarnyba pažymeta kaip interaktyvioji tarnyba. Taciau sistema sukonfiguruota neleisti interaktyviuju tarnybu. Ši tarnyba gali tinkamai neveikti. . ==== End Of File ===========================
  7. Hello, I have a huge problem with viruses and other junk. I didn't have any Antivirus program for about 2 months. Few days ago my video card started acting weird, it randomly freezes and outputs this image: http://postimg.org/image/mtcywdbp3/ It was okay until today I got black screen and had to restart the pc. Mostly it happens when I leave the pc for about 10 mins (AFK) (Sleep mode is disabled). So today I did a scan with Malwarebytes and got a long list of viruses and other junk. It also had this trojan called "Bitcoin" which I heard is really bad. Please help me to remove all that malware. Here is the log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.07.05Windows 8 x64 NTFSInternet Explorer 10.0.9200.16635Gabrielius :: GAMING-LAND [administrator]8/7/2013 4:22:53 PMMBAM-log-2013-08-07 (16-59-50).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 454290Time elapsed: 36 minute(s), 19 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Data: "C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\nircmd.exe" exec hide "C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\start.bat" -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 4C:\Users\Gabrielius\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.Files Detected: 33C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:\Users\Gabrielius\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQ2MC4FH\pack[1].7z (PUP.Browser.Defender.A) -> No action taken.C:\Users\Gabrielius\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGCMSQ07\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.Babylon.A) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\drivers.zip (Trojan.BitCoinMiner) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\FreeMouseAutoClickerSetup.exe (PUP.Optional.Somoto) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\PCPerformerSetup.exe (PUP.Optional.InstallBrain) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\WinUpdate.zip (Trojan.BitcoinMiner) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\19C26F33-BAB0-7891-B991-8D83AC94A98F\Latest\ccp.exe (PUP.Babylon.A) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\19C26F33-BAB0-7891-B991-8D83AC94A98F\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\19C26F33-BAB0-7891-B991-8D83AC94A98F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\iswizard\dwm.exe (Trojan.BitcoinMiner) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\iswizard\iswizard.7z (Trojan.BitcoinMiner) -> No action taken.C:\Users\Gabrielius\AppData\Local\Temp\iswizard\wuaudit.exe (Trojan.BitcoinMiner) -> No action taken.C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\svchost.exe (Trojan.BitCoinMiner) -> No action taken.C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\cpu\LiveComm.exe (Trojan.BitcoinMiner) -> No action taken.C:\Users\Gabrielius\Desktop\cheat.exe (Malware.Packer.Gen) -> No action taken.C:\Users\Gabrielius\Desktop\Artix Games and Hacks\AQp00n3d (LH) 4.1 (Test) 3.zip (Malware.Gen) -> No action taken.C:\Users\Gabrielius\Desktop\Stuff\Dark+10Tr-LNG_v1.0.exe (VirTool.Obfuscator) -> No action taken.C:\Users\Gabrielius\Downloads\CheatEngine62.exe (PUP.Optional.Somoto) -> No action taken.C:\Users\Gabrielius\Downloads\SoftonicDownloader_for_auto-clicker.exe (PUP.Optional.Softonic) -> No action taken.C:\Users\Gabrielius\Downloads\SoftonicDownloader_for_scite.exe (PUP.Optional.Softonic) -> No action taken.C:\Users\Gabrielius\Downloads\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> No action taken.C:\Users\Gabrielius\Downloads\WINDOWS 7 Ultimate SP1 x64 September 2012 [ThumperDC]\Windows Loader 2.1.7 By Daz.rar (PUP.HackTool.H) -> No action taken.C:\Users\Gabrielius\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.C:\Users\Gabrielius\AppData\Roaming\Microsoft\WinUpdate\nircmd.exe (Backdoor.Bot) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.(end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.