Jump to content

HeavyModd

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by HeavyModd

  1. Thanks again. Anyways, here's the log: C:\$RECYCLE.BIN\S-1-5-21-2367360674-256435155-1887465987-1000\$RGDYGE9\uninstall.exe.vir Win32/SProtector.B applicationC:\Users\Juho\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy applicationC:\Users\Juho\Downloads\installer_ccleaner_English.exe Win32/Toolbar.Babylon application
  2. And here's Malwarebytes log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.31.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Juho :: JUHO-PC [administrator] 31.10.2013 18:34:40mbam-log-2013-10-31 (18-34-40).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 519794Time elapsed: 1 hour(s), 9 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Qoobox\Quarantine\C\Program Files (x86)\SafeSaver\sprotector.dll.vir (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully. (end)
  3. Here's CFScript report: ComboFix 13-10-29.02 - Juho 31.10.2013 18:18:22.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.8141.6375 [GMT 2:00]Sijainti: c:\users\Juho\Desktop\ComboFix.exeKäytetyt komentorivivalitsimet :: c:\users\Juho\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\SysWOW64\Drivers\X6va012"..(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_X6VA012-------\Service_X6va012..((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2013-09-28 to 2013-10-31 )))))))))))))))))..2013-10-31 16:24 . 2013-10-31 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-31 16:10 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0090B54-EA9C-4685-833B-74CF55272B72}\mpengine.dll2013-10-31 15:55 . 2013-10-31 16:25 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp2013-10-29 19:20 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-28 16:32 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-10-28 16:32 . 2013-10-28 16:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-10-18 06:08 . 2013-10-18 06:07 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A93730F-4A71-4E6B-96B6-EB8486189C28}\gapaengine.dll2013-10-11 13:17 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll2013-10-04 17:26 . 2013-10-04 17:26 -------- d-----w- c:\users\Juho\AppData\Roaming\Awesomium2013-10-04 17:25 . 2013-10-04 17:25 -------- d-----w- c:\programdata\Hi-Rez Studios2013-10-04 17:25 . 2013-10-04 17:25 -------- d-----w- c:\program files (x86)\Hi-Rez Studios...(((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-31 16:25 . 2012-10-17 12:06 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys2013-10-11 18:53 . 2012-08-22 10:33 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-06 12:00 . 2013-08-23 13:22 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-29 01:48 . 2013-10-11 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-05 02:25 . 2013-09-12 11:07 155584 ----a-w- c:\windows\system32\drivers\ataport.sys..(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))..*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-11-09 438272]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-07 133400]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-15 2254768]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576].c:\users\Juho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 -näyttöleikkeet ja Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)"SynchronousMachineGroupPolicy"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller -kytkimen ohjain;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 iusb3hub;Intel® USB 3.0 -keskitinohjain;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller -ohjain;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-17 06:00 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.'Ajoitetut tehtävät'-kansion sisältö.2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 07:48].2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 07:48].2013-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2367360674-256435155-1887465987-1000Core.job- c:\users\Juho\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 10:19].2013-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2367360674-256435155-1887465987-1000UA.job- c:\users\Juho\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 10:19].2013-10-31 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41].2013-10-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41].2013-10-26 c:\windows\Tasks\Norton Security Scan for Juho.job- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-10-20 09:45].2013-10-31 c:\windows\Tasks\RMAutoUpdate.job- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27 13:03].2013-10-29 c:\windows\Tasks\RMSchedule.job- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-11-27 13:03]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240].------- Täydentävä tarkistus -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.com.- - - - POISTETUT JÄMÄRIVIT - - - -.AddRemove-SP_f5d3e0aa - c:\program files (x86)\SafeSaver\uninstall.exe...--------------------- LUKITUT REKISTERIAVAIMET ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Muut prosessit ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Valmistumisajankohta: 2013-10-31 18:29:10 - kone käynnistettiin uudelleenComboFix-quarantined-files.txt 2013-10-31 16:29ComboFix2.txt 2013-10-29 17:52.Ennen ajoa: 725 872 902 144 tavua vapaanaAjon jälkeen: 725 319 356 416 tavua vapaana.- - End Of File - - 154ACBE950CA1854C88CF896F9FD965B
  4. Attach or post? Sorry for asking so many questions. I'm viewing this from my phone so I have enough info when I get to my computer.
  5. So should I post only the log from Malwarebytes or do I also post the combofix log? If so, which one should I do first? Malwarebytes scan or Combofix log?
  6. Just typing something so that the thread doesn't close. Haven't been on the computer very much. Good luck and thanks for your time. i I'll wait till your next guidance!
  7. Maybe I'm heating up a bit. I checked the dates on them and they have been modified last time on August. Also checked with MSE, no threats seem to exist in them.
  8. Never mind, found it and put it into my Desktop. ALSO FOUND SOME NEW FILES THAT HAVE A LOCK MARK AT THE BOTTOM LEFT CORNER. NEVER SEEN THEM BEFORE. The names are: -MSOCache -Recovery Recovery -file is empty. MSOCache has another file in it that is named "All Users" Inside this file there are 8 other files. All of them start with "{90120000-00" The files then have several letters and numbers after this. They seem very suspicious. What should I do to them?
  9. Thank you again. I couldn't download the file to my desktop, but I ran it anyway. I turned off WSE Real-Time Protection for the time ComboFix was checking the computer. It took a bit less than 10 minutes and I saw files about Bitcoin Mining being deleted. I think that might not be all of it, but that was pretty good job though. Please tell me if I did anything wrong. Sorry, it seems to be in Finnish. Do not hesitate to ask if you need help with translating. Anyways, here's the report: ComboFix 13-10-29.02 - Juho 29.10.2013 19:43:53.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.8141.5977 [GMT 2:00]Sijainti: c:\users\Juho\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))..C:\Install.exec:\program files (x86)\SafeSaverc:\program files (x86)\SafeSaver\sprotector.dllc:\program files (x86)\SafeSaver\uninstall.exec:\windows\SysWow64\dfrgc:\windows\SysWow64\dfrg\bitcoinminercuda_10.cubinc:\windows\SysWow64\dfrg\bitcoinminercuda_11.cubinc:\windows\SysWow64\dfrg\bitcoinminercuda_20.cubinc:\windows\SysWow64\dfrg\bitcoinminercuda_30.cubinc:\windows\SysWow64\dfrg\bitcoinmineropencl.clc:\windows\SysWow64\X86..((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2013-09-28 to 2013-10-29 )))))))))))))))))..2013-10-29 17:50 . 2013-10-29 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-29 17:31 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C1334D2-42B7-4B8F-A932-6179D84D9629}\mpengine.dll2013-10-29 06:18 . 2013-10-29 17:20 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp2013-10-28 16:32 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-10-28 16:32 . 2013-10-28 16:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-10-28 15:08 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-10-18 06:08 . 2013-10-18 06:07 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A93730F-4A71-4E6B-96B6-EB8486189C28}\gapaengine.dll2013-10-11 13:17 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll2013-10-04 17:26 . 2013-10-04 17:26 -------- d-----w- c:\users\Juho\AppData\Roaming\Awesomium2013-10-04 17:25 . 2013-10-04 17:25 -------- d-----w- c:\programdata\Hi-Rez Studios2013-10-04 17:25 . 2013-10-04 17:25 -------- d-----w- c:\program files (x86)\Hi-Rez Studios...(((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-29 17:20 . 2012-10-17 12:06 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys2013-10-11 18:53 . 2012-08-22 10:33 80541720 ----a-w- c:\windows\system32\MRT.exe2013-09-06 12:00 . 2013-08-23 13:22 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-29 01:48 . 2013-10-11 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-05 02:25 . 2013-09-12 11:07 155584 ----a-w- c:\windows\system32\drivers\ataport.sys2013-08-02 02:14 . 2013-09-12 11:06 215040 ----a-w- c:\windows\system32\winsrv.dll2013-08-02 02:13 . 2013-09-12 11:07 424448 ----a-w- c:\windows\system32\KernelBase.dll2013-08-02 02:13 . 2013-09-12 11:06 1161216 ----a-w- c:\windows\system32\kernel32.dll2013-08-02 02:12 . 2013-09-12 11:06 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-08-02 02:12 . 2013-09-12 11:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 6656 ----a-w- c:\windows\system32\apisetschema.dll2013-08-02 02:12 . 2013-09-12 11:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2013-08-02 02:12 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2013-08-02 01:50 . 2013-09-12 11:06 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2013-08-02 01:48 . 2013-09-12 11:06 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-08-02 01:48 . 2013-09-12 11:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll2013-08-02 01:48 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll2013-08-02 01:09 . 2013-09-12 11:06 338432 ----a-w- c:\windows\system32\conhost.exe2013-08-02 00:59 . 2013-09-12 11:06 112640 ----a-w- c:\windows\system32\smss.exe2013-08-02 00:43 . 2013-09-12 11:06 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43 . 2013-09-12 11:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43 . 2013-09-12 11:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43 . 2013-09-12 11:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll..(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))..*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-28 1820584]"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-11-09 438272]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-07 133400]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-15 2254768]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576].c:\users\Juho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 -näyttöleikkeet ja Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)"SynchronousMachineGroupPolicy"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller -kytkimen ohjain;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 iusb3hub;Intel® USB 3.0 -keskitinohjain;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller -ohjain;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-17 06:00 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.'Ajoitetut tehtävät'-kansion sisältö.2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 07:48].2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23 07:48].2013-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2367360674-256435155-1887465987-1000Core.job- c:\users\Juho\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 10:19].2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2367360674-256435155-1887465987-1000UA.job- c:\users\Juho\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 10:19].2013-10-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41].2013-10-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41].2013-10-26 c:\windows\Tasks\Norton Security Scan for Juho.job- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-10-20 09:45].2013-10-29 c:\windows\Tasks\RMAutoUpdate.job- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-11-27 13:03].2013-10-29 c:\windows\Tasks\RMSchedule.job- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-11-27 13:03]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240].------- Täydentävä tarkistus -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.100.1.- - - - POISTETUT JÄMÄRIVIT - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-SP_f5d3e0aa - c:\program files (x86)\SafeSaver\uninstall.exeAddRemove-PlanetSide 2 PSG - c:\sony online entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012".--------------------- LUKITUT REKISTERIAVAIMET ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Valmistumisajankohta: 2013-10-29 19:52:28ComboFix-quarantined-files.txt 2013-10-29 17:52.Ennen ajoa: 723 825 532 928 tavua vapaanaAjon jälkeen: 723 614 351 360 tavua vapaana.- - End Of File - - 1FDB07144A06617E5DE4E7ABABC31A21
  10. I need a little help with this one. How can I be sure that I have all of my antivirus programs and other protection disabled? Also, can I put them back on straight after CF has created the file to C drive?
  11. Hi, and thanks. Here is the DDS: rsDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 Run by Juho at 8:31:49 on 2013-10-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.8141.5796 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Tor\tor.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: <No Name>: - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe, uRun: [Google Update] "C:\Users\Juho\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Juho\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:181 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SynchronousUserGroupPolicy = dword:0 mPolicies-System: SynchronousMachineGroupPolicy = dword:0 mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 192.168.100.1 TCP: Interfaces\{F0DE305E-DCA2-471C-A28E-C6B8EAC61550} : DHCPNameServer = 192.168.100.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\browse~2\261339~1.144\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760] R0 iusb3hcs;Intel® USB 3.0 Host Controller -kytkimen ohjain;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-22 16152] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-8-24 18232] R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-8-22 17192] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 236544] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-10-4 9216] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-22 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-8-22 128280] R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-22 161560] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-10-21 794272] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-8-23 3233806] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-22 363800] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760] R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536] R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536] R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992] R3 iusb3hub;Intel® USB 3.0 -keskitinohjain;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-22 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller -ohjain;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-22 787736] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-8-22 32344] R3 NisSrv;Microsoftin verkon tarkastus;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-22 565352] R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-10-17 34752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-22 1255736] . =============== Created Last 30 ================ . 2013-10-29 06:18:36 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp 2013-10-28 16:32:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-10-28 16:32:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-28 15:08:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FBF35287-2569-48EC-82CD-2E8251733BAE}\mpengine.dll 2013-10-27 12:52:48 10280728 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-10-18 06:08:11 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A93730F-4A71-4E6B-96B6-EB8486189C28}\gapaengine.dll 2013-10-11 13:17:49 633856 ----a-w- C:\Windows\System32\comctl32.dll 2013-10-04 17:26:56 -------- d-----w- C:\Users\Juho\AppData\Roaming\Awesomium 2013-10-04 17:25:46 -------- d-----w- C:\ProgramData\Hi-Rez Studios 2013-10-04 17:25:36 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios . ==================== Find3M ==================== . 2013-10-29 06:18:36 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys . ============= FINISH: 8:32:19,25 ===============
  12. First of all, I'm not too good with computer stuff and English isn't my national language. However, I'll do my best to be co-operating and to understand everything the helpful and respectful staff has to say. Thank you. My computer is considerably new. I've had it for about 1 year now. Not too sure. Anyways, when I leave it alone for a moment, it, of course, turns its screen off to save some energy. But when I open the screen, nothing happens. The only light that's there is the message that says something about a missing video input. I check that my computer is on and it is. I check if my keyboard is on, and press Caps Lock. No light indicating over the 'Caps Lock' -text at the top right of the keyboard. I then, as usual, manually restart my computer. This is not the only thing that's happened. My Internet connection is fast. Yet, my computer sometimes seems very slow, even though it's a good computer. I've cleaned it up many times, and it's gotten better. It still feels like something is wrong. I was a bit surprised when a few months ago I had this error message that said: btc-miner.exe has stopped working. -Strange, I thought. Never heard of anything like that. Made some research this week and realized it is a program used to create Bitcoins, which are experimental(Yet, somewhat accepted) "Cyber-Money". Apparently, these "Miners" create Bitcoins by solving complex calculations, or, in other words, exchanging the electricity that the computer uses up into Bitcoins. The funny thing is that I have never downloaded such program. In fact, I found some more information about Bitcoins. I read about trojans that control a computer to mine Bitcoins for the creator of the virus. That information led me to Botnet. Basically, I could lose control over my computer any time if this is about it. I'm not too sure, since Botnet is pretty new in the Internet, and no antivirus has been created for it(I think). I'm assuming that there is somebody who is mining Bitcoins with my computer and using up extra electricity + slowing down my computer(And possibly taking control of it, when I can't open the screen) I might be a little paranoid about this, but I'm highly concerned. It might be just a normal virus, or it might be a lot worse, so I'm hoping to get some help here as soon as possible. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.