Dhruv525

yeh i do. hopefully nothing bad will happen again

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014 Ran by dhruv at 2014-04-29 23:00:38 Run:2 Running from C:\Users\dhruv\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** start Folder: C:\Users\dhruv\AppData\Roaming\Origin end ***************** ========================= Folder: C:\Users\dhruv\AppData\Roaming\Origin ======================== ====== End of Folder: ====== ==== End of Fixlog ====

i currently cant operate combofix because it says its unable to as quoted> BleepingComputer Review:ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program. Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper. This program does not work on Windows 8.1 at this time! For those who wish to help finance the author's work, he is accepting contributions via Paypal. You can contribute by clicking on the following image:

sorry the scan went over night and i have to go tot school but i have eset scan and i think it found it. ----------------------------------------------------------------------------------------------------------------------------------- C:\FRST\Quarantine\C\Users\dhruv\AppData\Roaming\Origin\update.vbe.xBAD VBS/CoinMiner.AD trojan cleaned by deleting - quarantined

# AdwCleaner v3.204 - Report created 28/04/2014 at 00:38:08 # Updated 26/04/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : dhruv - SOUL # Running from : C:\Users\dhruv\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\dhruv\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [894 octets] - [25/04/2014 22:13:47] AdwCleaner[R1].txt - [852 octets] - [28/04/2014 00:31:48] AdwCleaner[R2].txt - [911 octets] - [28/04/2014 00:36:35] AdwCleaner[s0].txt - [917 octets] - [25/04/2014 22:16:58] AdwCleaner[s1].txt - [833 octets] - [28/04/2014 00:38:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [892 octets] ##########

my bad i didnt read about the attach part heres the fixlog again ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014Ran by dhruv at 2014-04-28 00:28:24 Run:1Running from C:\Users\dhruv\DownloadsBoot Mode: Normal============================================== Content of fixlist:*****************start SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =C:\ProgramData\SetStretch.exeC:\ProgramData\SetStretch.VBSC:\Users\dhruv\AppData\Roaming\Origin\update.vbeC:\Users\dhruv\AppData\Local\Temp\Quarantine.exeAlternateDataStreams: C:\Windows:nlsPreferencesAlternateDataStreams: C:\Users\dhruv\Local Settings:OxjcYOW7XwO720LyuGJKUXs9AlternateDataStreams: C:\Users\dhruv\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\dhruv\AppData\Local:OxjcYOW7XwO720LyuGJKUXs9AlternateDataStreams: C:\Users\dhruv\AppData\Local\Application Data:OxjcYOW7XwO720LyuGJKUXs9AlternateDataStreams: C:\Users\dhruv\AppData\Local\Temp:d8athmjs03V69CuHbXzAlternateDataStreams: C:\Users\dhruv\AppData\Local\Temp:j995bnd0fUf9E6DMrPOoXHhpjAlternateDataStreams: C:\Users\dhruv\AppData\Local\Temp:SiOn268klR3MGhq2LXhtpM2gjnMPs end***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.C:\ProgramData\SetStretch.exe => Moved successfully.C:\ProgramData\SetStretch.VBS => Moved successfully.C:\Users\dhruv\AppData\Roaming\Origin\update.vbe => Moved successfully.C:\Users\dhruv\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Windows => ":nlsPreferences" ADS removed successfully."C:\Users\dhruv\Local Settings" => ":OxjcYOW7XwO720LyuGJKUXs9" ADS not found."C:\Users\dhruv\OneDrive" => ":ms-properties" ADS not found.C:\Users\dhruv\AppData\Local => ":OxjcYOW7XwO720LyuGJKUXs9" ADS removed successfully."C:\Users\dhruv\AppData\Local\Application Data" => ":OxjcYOW7XwO720LyuGJKUXs9" ADS not found.C:\Users\dhruv\AppData\Local\Temp => ":d8athmjs03V69CuHbXz" ADS removed successfully.C:\Users\dhruv\AppData\Local\Temp => ":j995bnd0fUf9E6DMrPOoXHhpj" ADS removed successfully.C:\Users\dhruv\AppData\Local\Temp => ":SiOn268klR3MGhq2LXhtpM2gjnMPs" ADS removed successfully. ==== End of Fixlog ====

yeh heres the fixlog, and sorry about the bittorent. Fixlog.txt

this is the last one the checkup file checkup.txt

this the second one i will follow up with the security check Addition.txt

This is the FRST.txt the other one will be in the next replyFRST.txt

alright thanks Experts

i apperciate any help on this topic, please and thanks

Hey this is my first time here, i just got a new pc and downloaded some software on my computer however i may be affected. every time i open my computer i get a trojancoin miner.ALI. i've uploaded the pic. I recently thought i caught it with malware bytes because it found a fake trojan agent and the computer seemed good and no pop ups. however after a avg identity protection update from the OFFICIAL program it restarted and i got the pop up again. note that i don't have seem to have any malicious software nor notice any slowness in my laptop ( pc