[BitCoinMiner removing problem]

You can close the topic, tomorrow I will follow what you told me. I have to thank you for your help, you did it like if it was a job. Have a nice evening!

[BitCoinMiner removing problem]

I did another full system scan but no malwares were detected, very helpful! Thank you very much for all your help. A question: do you think someway that Trojan has damaged some application or service? For istance, svchost.exe, jusched.exe and so on. I mean, now all the malwares have been removed, should i do some other stuff? And another thing: My antivirus is Microsoft Security Essential, do you know a good one free, in terms of speed and efficiency. Send me a PM if it's a problem here in the forum. 

[BitCoinMiner removing problem]

Good evening and thank you for the reply.

 

OTM LOG

 

All processes killed

========== FILES ==========

C:\Program Files\Common Files\SpeedBit\SBUpdate folder moved successfully.

C:\Program Files\Common Files\SpeedBit folder moved successfully.

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\jusched[1].exe moved successfully.

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe moved successfully.

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ELDYM8B\SearchIndexer[1].exe moved successfully.

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\ssl[1].exe moved successfully.

C:\Users\Auron\Downloads\ccsetup404.exe moved successfully.

E:\Download\CrystalDiskInfo5_6_2-en.exe moved successfully.

E:\Download\disk-defrag-setup.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Auron

->Temp folder emptied: 2727 bytes

->Temporary Internet Files folder emptied: 81060539 bytes

->Java cache emptied: 121842 bytes

->FireFox cache emptied: 900661 bytes

->Google Chrome cache emptied: 392362107 bytes

->Flash cache emptied: 592 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5324 bytes

Session Manager Temp folder emptied: 5670 bytes

Session Manager Tmp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes

RecycleBin emptied: 10315 bytes

 

Total Files Cleaned = 453,00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 06092014_194427

 

Files moved on Reboot...

C:\Users\Auron\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

 

 

MALWAREBYTES LOG

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Data scansione: 09/06/2014

Ora scansione: 19:47:44

File di log: 

Amministratore: Si

 

Versione: 2.00.2.1012

Database malware: v2014.06.09.05

Database rootkit: v2014.06.02.01

Licenza: Free

Protezione da malware: Disattivata

Protezione da siti web nocivi: Disattivata

Self-protection: Disattivata

 

SO: Windows 7 Service Pack 1

CPU: x64

File system: NTFS

Utente: Auron

 

Tipo di scansione: Scansione personalizzata

Risultati: Completata

Elementi analizzati: 421489

Tempo impiegato: 41 min, 41 sec

 

Memoria: Attivata

Esecuzioni automatiche: Attivata

File system: Attivata

Archivi compressi: Attivata

Rootkit: Attivata

Heuristics: Attivata

PUP: Attivata

PUM: Attivata

 

Processi: 0

(No malicious items detected)

 

Moduli: 0

(No malicious items detected)

 

Chiavi di registro: 0

(No malicious items detected)

 

Valori di registro: 0

(No malicious items detected)

 

Dati di registro: 0

(No malicious items detected)

 

Cartelle: 0

(No malicious items detected)

 

File: 3

Trojan.Miner, C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll.vir, Spostato in quarantena, [efc30e65057647efa884ef38d52de21e], 

Trojan.BitCoinMiner, C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe.vir, Spostato in quarantena, [446e4d26fb8074c22cd24ebce61b43bd], 

Trojan.BitCoinMiner, C:\_OTM\MovedFiles\06092014_194427\C_Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe, Spostato in quarantena, [bef4581bc0bb92a430cebf4b25dc4bb5], 

 

Settori fisici: 0

(No malicious items detected)

 

 

(end)

 

 

It seems it discovered the Quarantine infected files of the previous utility, am i right? So the problem should be solved. What should I do now? I bet another scan with malwarebytes. Anyway at the moment the svchost.exe hasn't come up again. I'm waiting for instructions of how to proceed now

[BitCoinMiner removing problem]

ESET LOG

 

C:\FRST\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe.xBAD a variant of Win32/BitCoinMiner.BS potentially unsafe application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll probably a variant of Win32/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci64.dll a variant of MSIL/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll a variant of MSIL/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll probably a variant of Win32/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi64.dll a variant of MSIL/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi32.exe a variant of Win32/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi64.exe a variant of MSIL/SBWatchman.A potentially unwanted application

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe a variant of MSIL/SBWatchman.A potentially unwanted application

C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe.vir a variant of Win32/BitCoinMiner.BS potentially unsafe application

C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe.vir multiple threats

C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe.vir Win32/Autoit.NPY trojan

C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe.vir a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Qoobox\Quarantine\C\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe.vir Win32/TrojanDownloader.Autoit.NLZ trojan

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\jusched[1].exe a variant of Win32/BitCoinMiner.BS potentially unsafe application

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ELDYM8B\SearchIndexer[1].exe multiple threats

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\ssl[1].exe Win32/Autoit.NPY trojan

C:\Users\Auron\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

E:\Download\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe application

E:\Download\disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application

 

SECURITY CHECK

 

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

  (On Access scanning disabled!) 

 Error obtaining update status for antivirus!  

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Java 7 Update 55  

 Mozilla Firefox 23.0.1 Firefox out of Date!  

 Google Chrome 34.0.1847.137  

 Google Chrome 35.0.1916.114  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 

 

I did this scan with Windows Microsoft Essential disabled. Anyway, after the ESET scan, i founded 21 files infected. This malware doesn't want to leave me alone

[BitCoinMiner removing problem]

Here's the Log of ComboFix

 

ComboFix 14-06-04.01 - Auron 09/06/2014   0:02.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.8131.6093 [GMT 2:00]

Eseguito da: c:\users\Auron\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Other deleting   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Common Files\GW2SurferIcon.ico

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libeay32.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libidn-11.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\librtmp.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libssh2.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libusb-1.0.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libwinpthread-1.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\pthreadGC2.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssleay32.dll

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe

c:\users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\zlib1.dll

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Created files from 2014-05-08 to 2014-06-08  )))))))))))))))))))))))))))))))))))

.

.

2014-06-08 22:04 . 2014-06-08 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-06-08 10:11 . 2014-06-08 10:11 -------- d-----w- c:\program files (x86)\ERUNT

2014-06-08 10:02 . 2014-06-08 21:20 -------- d-----w- c:\users\Auron\AppData\Local\CrashDumps

2014-06-08 10:02 . 2014-06-08 10:02 -------- d-----w- c:\programdata\RogueKiller

2014-06-08 10:01 . 2014-06-08 10:01 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

2014-06-08 09:56 . 2014-06-08 10:00 -------- d-----w- c:\programdata\HitmanPro

2014-06-08 09:44 . 2014-06-08 09:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-06-07 12:46 . 2014-06-07 16:59 -------- d-----w- c:\users\Auron\AppData\Local\Spotify

2014-06-07 12:46 . 2014-06-08 22:00 -------- d-----w- c:\users\Auron\AppData\Roaming\Spotify

2014-06-06 17:20 . 2014-05-02 10:48 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{784D5A4B-891A-42C7-8C1C-DC2193160573}\gapaengine.dll

2014-06-06 17:20 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-06-04 22:26 . 2014-06-04 22:26 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2014-06-04 21:26 . 2014-06-08 16:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-06-04 21:25 . 2014-06-04 22:30 -------- d-----w- c:\users\Auron\AppData\Local\Adobe

2014-05-30 17:33 . 2014-05-30 17:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-05-30 17:33 . 2014-05-30 17:34 -------- d-----w- c:\program files\iTunes

2014-05-30 17:33 . 2014-05-30 17:33 -------- d-----w- c:\program files\iPod

2014-05-25 20:30 . 2014-06-02 12:45 -------- d-----w- c:\users\Auron\AppData\Roaming\.minecraft

2014-05-24 16:41 . 2014-05-24 16:41 -------- d-----w- c:\users\Auron\AppData\Local\Electronic Arts

2014-05-24 16:26 . 2014-05-24 16:27 -------- d-----w- c:\users\Auron\AppData\Local\WiFi Guard

2014-05-24 15:36 . 2010-03-25 09:05 46776 ----a-w- c:\windows\system32\drivers\NANMp50.sys

2014-05-24 15:36 . 2010-03-25 09:05 45752 ----a-w- c:\windows\system32\drivers\NANSp50.sys

2014-05-23 20:43 . 2014-05-23 20:43 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-05-14 21:54 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll

2014-05-14 21:54 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-14 21:54 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-05-14 21:54 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-06-08 21:18 . 2014-04-12 14:41 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-08 09:44 . 2014-04-12 14:41 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-05-14 21:53 . 2013-08-24 01:30 93223848 ----a-w- c:\windows\system32\MRT.exe

2014-05-12 05:26 . 2014-04-12 14:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-05-12 05:25 . 2013-08-24 00:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-05-02 10:48 . 2013-09-05 21:24 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll

2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2014-04-18 02:43 . 2013-03-29 02:37 143304 ----a-w- c:\windows\system32\atiuxp64.dll

2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll

2014-04-18 02:42 . 2013-03-29 02:37 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2014-04-18 02:42 . 2013-03-29 02:37 1343272 ----a-w- c:\windows\system32\aticfx64.dll

2014-04-18 02:42 . 2013-03-29 02:37 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll

2014-04-18 02:42 . 2013-03-29 02:36 10335208 ----a-w- c:\windows\system32\atidxx64.dll

2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll

2014-04-18 02:42 . 2013-03-29 02:36 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll

2014-04-18 02:42 . 2013-03-29 02:36 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll

2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll

2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll

2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys

2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe

2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll

2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll

2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll

2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll

2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll

2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll

2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll

2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll

2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll

2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll

2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll

2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll

2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll

2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe

2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll

2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll

2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll

2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll

2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll

2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll

2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll

2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll

2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe

2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll

2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll

2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll

2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll

2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll

2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll

2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll

2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2014-04-17 20:33 . 2014-04-17 20:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

2014-04-17 20:28 . 2014-04-17 20:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2014-04-14 18:13 . 2013-08-24 01:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-03-11 07:52 . 2013-06-18 19:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-08-27 11:32 . 2013-08-28 23:32 44 ---h--w- c:\program files (x86)\ca324b40.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Points loaded   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* Empty valors & legit/default aren't displayed. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Auron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-06-07 1176632]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]

"D-Link D-Link DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirNCFG.exe" [2011-06-10 1074496]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]

"Archos Sepang ModemListener"="e:\programmi\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2011-06-20 102400]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"iTunesHelper"="e:\programmi\iTunes\iTunesHelper.exe" [2014-05-26 152392]

.

c:\users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 Archos Sepang Modem Device Helper;Archos Sepang Modem Device Helper;e:\programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe;e:\programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]

R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x]

R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]

R3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]

R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S0 iusb3hcs;Driver dello switch Controller Host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 iusb3hub;Driver hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Driver Controller Host estendibile Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-21 17:31 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Directory's content 'Scheduled Tasks'

.

2014-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24 00:39]

.

2014-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-24 00:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

.

------- Scan supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm

IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm

IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm

TCP: DhcpNameServer = 192.168.1.254 62.101.93.101 83.103.25.250

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - 

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - 

FF - ProfilePath - c:\users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

BHO-{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files (x86)\DAP\LinkVerifier.dll

Wow6432Node-HKCU-Run-DownloadAccelerator - c:\program files (x86)\DAP\DAP.EXE

Notify-SDWinLogon - SDWinLogon.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-Download Accelerator Plus (DAP) - c:\progra~2\DAP\DAPREMOVE.EXE

AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

AddRemove-PunkBusterSvc - e:\program files (x86)\Origin Games\Battlefield 4 Beta\pbsvc.exe

.

.

.

--------------------- REGISTRY KEYS BLOCKED ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

End of scan: 2014-06-09  00:05:46

ComboFix-quarantined-files.txt  2014-06-08 22:05

.

Pre-Run: 60.323.680.256 byte disponibili

Post-Run: 60.130.721.792 byte disponibili

.

- - End Of File - - E836606D30C4353586CE697E59678FE4

 

 

 

After the scan, i didn't remove the items, it's the first time i use this utility and i think it did the work, am i right?

[BitCoinMiner removing problem]

ROGUEKILLER LOG

 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Auron [Admin rights]

Mode : Scan -- Date : 06/08/2014  23:49:14

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> Trovato

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> Trovato

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> Trovato

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3068055036-2407879928-2449727651-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> Trovato

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trovato

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trovato

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trovato

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trovato

 

¤¤¤ Le attività pianificate : 1 ¤¤¤

[suspicious.Path] \\Microsoft System Certificates -- C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe -> Trovato

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 ¤¤¤

 

¤¤¤ I browser Web : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Samsung SSD 840 Series +++++

--- User ---

[MBR] ba5346095d4947ec6e50af3d62cb5ff9

[bSP] 77250c8ba95989d5289a7c1f4e999dbc : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: ST500DM002-1BD142 +++++

--- User ---

[MBR] 33c45ea6aabf571cd1aee27ceb6dc8b1

[bSP] efb681f376bb0a9a020f2a26d6ac2c3e : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

RKreport_SCN_06082014_120512.log

[BitCoinMiner removing problem]

I did another scan with MalwareBytes after the system restart but it still found the same 4 malware in these directories

 

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\libcurl-4[1].dll

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe

 

 

 

[BitCoinMiner removing problem]

FRST Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014

Ran by Auron at 2014-06-08 22:05:01 Run:1

Running from C:\Users\Auron\Desktop\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\Program Files (x86)\DAP

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe

HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {88e8dbeb-5530-11e3-9ddb-10bf48e362f3} - F:\autorun.exe

HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {ce58ecca-0c53-11e3-9238-806e6f6e6963} - "D:\StarCraft II Setup.exe"

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.c...q={searchTerms}

SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}

C:\Users\Auron\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe

C:\Users\Auron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Auron\AppData\Local\Temp\Quarantine.exe

C:\Users\Auron\AppData\Local\Temp\raptrpatch.exe

C:\Users\Auron\AppData\Local\Temp\raptr_stub.exe

C:\Users\Auron\AppData\Local\Temp\SCC.dll

C:\Users\Auron\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Auron\AppData\Local\Temp\sonarinst.exe

C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary3548307430425438192.dll

C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary7241043097803026716.dll

C:\Users\Auron\AppData\Local\Temp\VCdControlTool.exe

C:\Users\Auron\AppData\Local\Temp\{2AB94ACA-DBF7-4DA1-A310-C1EC9AFC68CA}-GoogleUpdateSetup.exe

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

AlternateDataStreams: C:\ProgramData\TEMP:76650B61

End

*****************

 

C:\Program Files (x86)\DAP => Moved successfully.

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe => Moved successfully.

'HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88e8dbeb-5530-11e3-9ddb-10bf48e362f3}' => Key deleted successfully.

'HKCR\CLSID\{88e8dbeb-5530-11e3-9ddb-10bf48e362f3}'=> Key not found.

'HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce58ecca-0c53-11e3-9238-806e6f6e6963}' => Key deleted successfully.

'HKCR\CLSID\{ce58ecca-0c53-11e3-9238-806e6f6e6963}'=> Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}' => Key deleted successfully.

'HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}'=> Key not found.

C:\Users\Auron\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\raptrpatch.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\raptr_stub.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\SCC.dll => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\sonarinst.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary3548307430425438192.dll => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary7241043097803026716.dll => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\VCdControlTool.exe => Moved successfully.

C:\Users\Auron\AppData\Local\Temp\{2AB94ACA-DBF7-4DA1-A310-C1EC9AFC68CA}-GoogleUpdateSetup.exe => Moved successfully.

C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.

C:\ProgramData\TEMP => ":76650B61" ADS removed successfully.

 

==== End of Fixlog ====

 

MALWAREBYTES LOG

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Data scansione: 08/06/2014

Ora scansione: 22:08:01

File di log: 

Amministratore: Si

 

Versione: 2.00.2.1012

Database malware: v2014.06.08.07

Database rootkit: v2014.06.02.01

Licenza: Free

Protezione da malware: Disattivata

Protezione da siti web nocivi: Disattivata

Self-protection: Disattivata

 

SO: Windows 7 Service Pack 1

CPU: x64

File system: NTFS

Utente: Auron

 

Tipo di scansione: Scansione elementi nocivi

Risultati: Completata

Elementi analizzati: 273510

Tempo impiegato: 3 min, 48 sec

 

Memoria: Attivata

Esecuzioni automatiche: Attivata

File system: Attivata

Archivi compressi: Attivata

Rootkit: Attivata

Heuristics: Attivata

PUP: Avviso

PUM: Attivata

 

Processi: 0

(No malicious items detected)

 

Moduli: 1

Trojan.Miner, C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll, Elimina al riavvio, [07ab79fae7944ee8731ce343b94957a9], 

 

Chiavi di registro: 0

(No malicious items detected)

 

Valori di registro: 0

(No malicious items detected)

 

Dati di registro: 0

(No malicious items detected)

 

Cartelle: 0

(No malicious items detected)

 

File: 1

Trojan.Miner, C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll, Elimina al riavvio, [07ab79fae7944ee8731ce343b94957a9], 

 

Settori fisici: 0

(No malicious items detected)

 

 

(end)

 

ADW CLEANER LOG

 

# AdwCleaner v3.212 - Rapporto creato 08/06/2014 in 23:04:19

# Aggiornato 05/06/2014 di Xplode

# Sistema operativo : Windows 7 Ultimate Service Pack 1 (64 bits)

# Nome utente : Auron - FADETOSHADOW

# In esecuzione da : C:\Users\Auron\Downloads\AdwCleaner.exe

# Opzione : Pulisci

 

***** [ Servizi ] *****

 

 

***** [ File / Cartelle ] *****

 

File Eliminato : C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\searchplugins\speedbit.xml

 

***** [ Collegamenti ] *****

 

 

***** [ Registro ] *****

 

 

***** [ Browser ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

 

-\\ Mozilla Firefox v23.0.1 (it)

 

[ File : C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2339 octets] - [08/06/2014 12:39:21]

AdwCleaner[R1].txt - [1277 octets] - [08/06/2014 23:03:24]

AdwCleaner[s0].txt - [2351 octets] - [08/06/2014 12:42:14]

AdwCleaner[s1].txt - [1162 octets] - [08/06/2014 23:04:19]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1222 octets] ##########

 

JRT LOG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by Auron on 08/06/2014 at 23:06:50,41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08/06/2014 at 23:10:09,74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

After these steps, i still get the svchost.exe error (it stops working) a few seconds after the loading of the desktop

[BitCoinMiner removing problem]

Here instead, im going to post the TDSSKILLER .txt content

 

Edit: The forum system tell me the lenght of the message is excessive, im going to attach the file, is it a problem? There are too many rows, sorry.

TDSSKiller.txt

[BitCoinMiner removing problem]

Hi! Thank you for the reply.

 

This is the FRST.txt content from Farbar Recovery

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by Auron (administrator) on FADETOSHADOW on 08-06-2014 18:08:20

Running from C:\Users\Auron\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Italian Standard

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() E:\Programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe

(Spotify Ltd) C:\Users\Auron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe

() E:\Programmi\HSPA USB MODEM\BackgroundService\ModemListener.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) E:\Programmi\iTunes\iTunesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

() C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [Archos Sepang ModemListener] => E:\Programmi\HSPA USB MODEM\BackgroundService\ModemListener.exe [102400 2011-06-20] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => E:\Programmi\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [3865232 2013-08-24] (Speedbit Ltd.)

HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\Run: [spotify Web Helper] => C:\Users\Auron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-07] (Spotify Ltd)

HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {88e8dbeb-5530-11e3-9ddb-10bf48e362f3} - F:\autorun.exe

HKU\S-1-5-21-3068055036-2407879928-2449727651-1000\...\MountPoints2: {ce58ecca-0c53-11e3-9238-806e6f6e6963} - "D:\StarCraft II Setup.exe"

Startup: C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=D8Oaya1

SearchScopes: HKLM-x32 - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=D8Oaya1&q={searchTerms}

SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=D8Oaya1&q={searchTerms}

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

 

FireFox:

========

FF ProfilePath: C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\Programmi\VLC\npvlc.dll (VideoLAN)

FF SearchPlugin: C:\Users\Auron\AppData\Roaming\Mozilla\Firefox\Profiles\x2wa7owp.default\searchplugins\speedbit.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml

FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker

FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2013-08-24]

FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox

FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2013-08-24]

 

Chrome: 

=======

CHR HomePage: 

CHR StartupUrls: "hxxp://www.google.it/", "hxxp://www.facebook.it/", "hxxp://www.youtube.it/"

CHR Extension: (Documenti Google) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-08]

CHR Extension: (Google Drive) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-24]

CHR Extension: (YouTube) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-24]

CHR Extension: (Ricerca Google) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-08]

CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2013-08-24]

CHR Extension: (Google Wallet) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Gmail) - C:\Users\Auron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-24]

CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2013-08-24]

 

==================== Services (Whitelisted) =================

 

R2 Archos Sepang Modem Device Helper; E:\Programmi\HSPA USB MODEM\BackgroundService\ServiceManager.exe [49752 2011-06-20] ()

R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-04] ()

S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1097848 2013-02-27] (Speedbit Ltd.)

S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-08] ()

S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [46776 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))

S3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [45752 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))

R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()

S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [40856 2013-02-27] ()

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-08 18:08 - 2014-06-08 18:08 - 00012365 _____ () C:\Users\Auron\Downloads\FRST.txt

2014-06-08 18:06 - 2014-06-08 18:08 - 00000000 ____D () C:\FRST

2014-06-08 18:06 - 2014-06-08 18:06 - 02072576 _____ (Farbar) C:\Users\Auron\Downloads\FRST64.exe

2014-06-08 13:18 - 2014-06-08 13:18 - 00002956 _____ () C:\Users\Auron\Desktop\BitCoiner.txt

2014-06-08 12:44 - 2014-06-08 12:44 - 02347384 _____ (ESET) C:\Users\Auron\Downloads\esetsmartinstaller_enu.exe

2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-08 12:39 - 2014-06-08 12:42 - 00000000 ____D () C:\AdwCleaner

2014-06-08 12:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-06-08 12:38 - 2014-06-08 12:38 - 01333465 _____ () C:\Users\Auron\Downloads\AdwCleaner.exe

2014-06-08 12:24 - 2014-06-08 12:24 - 00000691 _____ () C:\Users\Auron\Desktop\JRT.txt

2014-06-08 12:20 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\Auron\Downloads\JRT.exe

2014-06-08 12:20 - 2014-06-08 12:20 - 00000000 ____D () C:\Windows\ERUNT

2014-06-08 12:14 - 2014-06-08 12:14 - 05245952 _____ () C:\Users\Auron\Downloads\RogueKillerX64.exe

2014-06-08 12:11 - 2014-06-08 12:11 - 00791393 _____ (Lars Hederer ) C:\Users\Auron\Downloads\erunt-setup.exe

2014-06-08 12:11 - 2014-06-08 12:11 - 00000928 _____ () C:\Users\Auron\Desktop\NTREGOPT.lnk

2014-06-08 12:11 - 2014-06-08 12:11 - 00000909 _____ () C:\Users\Auron\Desktop\ERUNT.lnk

2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Windows\ERDNT

2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-06-08 12:10 - 2014-06-08 12:10 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Auron\Downloads\rkill.exe

2014-06-08 12:10 - 2014-06-08 12:10 - 00002212 _____ () C:\Users\Auron\Desktop\Rkill.txt

2014-06-08 12:02 - 2014-06-08 18:02 - 00000000 ____D () C:\Users\Auron\AppData\Local\CrashDumps

2014-06-08 12:02 - 2014-06-08 12:02 - 04686336 _____ () C:\Users\Auron\Desktop\RogueKiller.exe

2014-06-08 12:02 - 2014-06-08 12:02 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-08 12:01 - 2014-06-08 12:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2014-06-08 12:00 - 2014-06-08 12:00 - 00002814 _____ () C:\Windows\system32\.crusader

2014-06-08 11:56 - 2014-06-08 12:00 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-06-08 11:52 - 2014-06-08 11:52 - 00000630 _____ () C:\Users\Auron\Desktop\Registro del 08.06.14.reg

2014-06-08 11:44 - 2014-06-08 11:48 - 00000000 ____D () C:\Users\Auron\Desktop\mbar

2014-06-08 11:44 - 2014-06-08 11:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-06-07 14:46 - 2014-06-08 10:43 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Spotify

2014-06-07 14:46 - 2014-06-07 18:59 - 00000000 ____D () C:\Users\Auron\AppData\Local\Spotify

2014-06-07 14:46 - 2014-06-07 14:46 - 00001809 _____ () C:\Users\Auron\Desktop\Spotify.lnk

2014-06-07 14:46 - 2014-06-07 14:46 - 00001795 _____ () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2014-06-05 00:43 - 2014-06-05 00:43 - 00000132 _____ () C:\Users\Auron\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-06-05 00:26 - 2014-06-05 00:26 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-06-05 00:11 - 2014-06-05 00:21 - 00003312 _____ () C:\Windows\System32\Tasks\Microsoft System Certificates

2014-06-04 23:38 - 2014-06-04 23:38 - 00000000 ____D () C:\Users\Auron\Documents\Adobe Scripts

2014-06-04 23:27 - 2014-06-08 18:06 - 00000000 ____D () C:\ProgramData\Adobe

2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-06-04 23:25 - 2014-06-05 00:30 - 00000000 ____D () C:\Users\Auron\AppData\Local\Adobe

2014-06-04 23:25 - 2014-06-04 23:25 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Macromedia

2014-06-04 19:21 - 2014-06-04 19:21 - 00000668 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-05-30 19:34 - 2014-05-30 19:34 - 00001544 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-05-30 19:34 - 2014-05-30 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-05-30 19:33 - 2014-05-30 19:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-05-30 19:33 - 2014-05-30 19:34 - 00000000 ____D () C:\Program Files\iTunes

2014-05-30 19:33 - 2014-05-30 19:33 - 00000000 ____D () C:\Program Files\iPod

2014-05-25 22:30 - 2014-06-02 14:45 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\.minecraft

2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\Documents\Electronic Arts

2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\AppData\Local\Electronic Arts

2014-05-24 18:26 - 2014-05-24 18:27 - 00000000 ____D () C:\Users\Auron\AppData\Local\WiFi Guard

2014-05-24 18:26 - 2014-05-24 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard

2014-05-24 17:36 - 2014-05-24 17:36 - 00000692 _____ () C:\Users\Auron\Desktop\NetSurveyor.lnk

2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NutsAboutNets

2014-05-24 17:36 - 2010-03-25 11:05 - 00046776 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\NANMp50.sys

2014-05-24 17:36 - 2010-03-25 11:05 - 00045752 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\NANSp50.sys

2014-05-14 23:54 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 23:54 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-14 23:54 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-14 23:54 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-14 23:54 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 23:54 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 23:45 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-14 23:45 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-14 23:45 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 23:45 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 23:45 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 23:45 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 23:45 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 23:45 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 23:45 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 23:45 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-05-14 23:45 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-05-14 23:45 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 23:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-14 23:45 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 23:45 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 23:45 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 23:45 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 23:45 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 23:45 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 23:45 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 23:45 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 23:45 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 23:45 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 23:45 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-05-14 23:45 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-05-14 23:45 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll

2014-05-14 23:45 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-05-14 23:45 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

 

==================== One Month Modified Files and Folders =======

 

2014-06-08 18:08 - 2014-06-08 18:08 - 00012365 _____ () C:\Users\Auron\Downloads\FRST.txt

2014-06-08 18:08 - 2014-06-08 18:06 - 00000000 ____D () C:\FRST

2014-06-08 18:08 - 2013-08-24 02:10 - 00000000 ____D () C:\Users\Auron\AppData\Local\Temp

2014-06-08 18:06 - 2014-06-08 18:06 - 02072576 _____ (Farbar) C:\Users\Auron\Downloads\FRST64.exe

2014-06-08 18:06 - 2014-06-04 23:27 - 00000000 ____D () C:\ProgramData\Adobe

2014-06-08 18:06 - 2013-08-24 02:51 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Adobe

2014-06-08 18:06 - 2011-04-12 12:49 - 00741386 _____ () C:\Windows\system32\perfh010.dat

2014-06-08 18:06 - 2011-04-12 12:49 - 00147440 _____ () C:\Windows\system32\perfc010.dat

2014-06-08 18:06 - 2009-07-14 07:13 - 01661180 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-08 18:04 - 2013-08-24 02:11 - 02062374 _____ () C:\Windows\WindowsUpdate.log

2014-06-08 18:02 - 2014-06-08 12:02 - 00000000 ____D () C:\Users\Auron\AppData\Local\CrashDumps

2014-06-08 18:01 - 2013-09-28 03:57 - 00179956 _____ () C:\Windows\PFRO.log

2014-06-08 18:01 - 2013-09-28 03:57 - 00019131 _____ () C:\Windows\setupact.log

2014-06-08 18:01 - 2013-08-24 02:52 - 00000000 ____D () C:\ProgramData\TEMP

2014-06-08 18:01 - 2013-08-24 02:39 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-08 18:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-08 13:31 - 2013-08-24 02:39 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-08 13:18 - 2014-06-08 13:18 - 00002956 _____ () C:\Users\Auron\Desktop\BitCoiner.txt

2014-06-08 12:50 - 2009-07-14 06:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-08 12:50 - 2009-07-14 06:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-08 12:44 - 2014-06-08 12:44 - 02347384 _____ (ESET) C:\Users\Auron\Downloads\esetsmartinstaller_enu.exe

2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-08 12:43 - 2013-08-24 02:10 - 00000000 ____D () C:\Users\Auron\AppData\Local\VirtualStore

2014-06-08 12:42 - 2014-06-08 12:39 - 00000000 ____D () C:\AdwCleaner

2014-06-08 12:38 - 2014-06-08 12:38 - 01333465 _____ () C:\Users\Auron\Downloads\AdwCleaner.exe

2014-06-08 12:24 - 2014-06-08 12:24 - 00000691 _____ () C:\Users\Auron\Desktop\JRT.txt

2014-06-08 12:20 - 2014-06-08 12:20 - 01016261 _____ (Thisisu) C:\Users\Auron\Downloads\JRT.exe

2014-06-08 12:20 - 2014-06-08 12:20 - 00000000 ____D () C:\Windows\ERUNT

2014-06-08 12:14 - 2014-06-08 12:14 - 05245952 _____ () C:\Users\Auron\Downloads\RogueKillerX64.exe

2014-06-08 12:14 - 2014-04-12 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-08 12:11 - 2014-06-08 12:11 - 00791393 _____ (Lars Hederer ) C:\Users\Auron\Downloads\erunt-setup.exe

2014-06-08 12:11 - 2014-06-08 12:11 - 00000928 _____ () C:\Users\Auron\Desktop\NTREGOPT.lnk

2014-06-08 12:11 - 2014-06-08 12:11 - 00000909 _____ () C:\Users\Auron\Desktop\ERUNT.lnk

2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Windows\ERDNT

2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-06-08 12:11 - 2014-06-08 12:11 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-06-08 12:11 - 2013-08-24 02:11 - 00000000 ___RD () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-06-08 12:10 - 2014-06-08 12:10 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Auron\Downloads\rkill.exe

2014-06-08 12:10 - 2014-06-08 12:10 - 00002212 _____ () C:\Users\Auron\Desktop\Rkill.txt

2014-06-08 12:02 - 2014-06-08 12:02 - 04686336 _____ () C:\Users\Auron\Desktop\RogueKiller.exe

2014-06-08 12:02 - 2014-06-08 12:02 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-06-08 12:01 - 2014-06-08 12:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2014-06-08 12:00 - 2014-06-08 12:00 - 00002814 _____ () C:\Windows\system32\.crusader

2014-06-08 12:00 - 2014-06-08 11:56 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-06-08 11:52 - 2014-06-08 11:52 - 00000630 _____ () C:\Users\Auron\Desktop\Registro del 08.06.14.reg

2014-06-08 11:48 - 2014-06-08 11:44 - 00000000 ____D () C:\Users\Auron\Desktop\mbar

2014-06-08 11:48 - 2014-06-08 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-06-08 11:44 - 2014-04-12 16:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-08 11:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-06-08 10:57 - 2013-08-24 11:15 - 00000000 ____D () C:\Windows\pss

2014-06-08 10:43 - 2014-06-07 14:46 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Spotify

2014-06-08 10:43 - 2013-08-24 02:16 - 00000000 ____D () C:\Windows\Chipset

2014-06-08 10:39 - 2014-04-12 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-08 10:39 - 2014-04-12 16:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-08 10:39 - 2013-08-24 02:55 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-08 03:50 - 2014-04-12 16:47 - 00000000 ____D () C:\Users\Auron\AppData\Local\Songr

2014-06-08 03:14 - 2014-04-21 22:15 - 00000000 ____D () C:\ProgramData\Origin

2014-06-08 01:25 - 2013-08-24 13:52 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Skype

2014-06-07 18:59 - 2014-06-07 14:46 - 00000000 ____D () C:\Users\Auron\AppData\Local\Spotify

2014-06-07 14:46 - 2014-06-07 14:46 - 00001809 _____ () C:\Users\Auron\Desktop\Spotify.lnk

2014-06-07 14:46 - 2014-06-07 14:46 - 00001795 _____ () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2014-06-06 19:09 - 2009-07-14 06:45 - 04946240 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-06-05 00:43 - 2014-06-05 00:43 - 00000132 _____ () C:\Users\Auron\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-06-05 00:31 - 2013-08-24 02:27 - 00070744 _____ () C:\Users\Auron\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-05 00:30 - 2014-06-04 23:25 - 00000000 ____D () C:\Users\Auron\AppData\Local\Adobe

2014-06-05 00:26 - 2014-06-05 00:26 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-06-05 00:21 - 2014-06-05 00:11 - 00003312 _____ () C:\Windows\System32\Tasks\Microsoft System Certificates

2014-06-04 23:38 - 2014-06-04 23:38 - 00000000 ____D () C:\Users\Auron\Documents\Adobe Scripts

2014-06-04 23:37 - 2013-08-24 02:10 - 00000000 ____D () C:\Users\Auron

2014-06-04 23:31 - 2013-08-24 02:54 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\EQATEC Analytics

2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-06-04 23:27 - 2014-06-04 23:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-06-04 23:25 - 2014-06-04 23:25 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Macromedia

2014-06-04 19:21 - 2014-06-04 19:21 - 00000668 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-06-02 14:45 - 2014-05-25 22:30 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\.minecraft

2014-06-01 23:19 - 2013-08-24 03:47 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner

2014-06-01 22:15 - 2013-08-24 03:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-05-30 19:34 - 2014-05-30 19:34 - 00001544 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-05-30 19:34 - 2014-05-30 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-05-30 19:34 - 2014-05-30 19:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-05-30 19:34 - 2014-05-30 19:33 - 00000000 ____D () C:\Program Files\iTunes

2014-05-30 19:33 - 2014-05-30 19:33 - 00000000 ____D () C:\Program Files\iPod

2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\Documents\Electronic Arts

2014-05-24 18:41 - 2014-05-24 18:41 - 00000000 ____D () C:\Users\Auron\AppData\Local\Electronic Arts

2014-05-24 18:27 - 2014-05-24 18:26 - 00000000 ____D () C:\Users\Auron\AppData\Local\WiFi Guard

2014-05-24 18:26 - 2014-05-24 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard

2014-05-24 17:36 - 2014-05-24 17:36 - 00000692 _____ () C:\Users\Auron\Desktop\NetSurveyor.lnk

2014-05-24 17:36 - 2014-05-24 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NutsAboutNets

2014-05-24 16:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-05-24 13:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-05-23 22:43 - 2014-03-23 22:58 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-05-23 22:43 - 2013-08-24 13:52 - 00000000 ____D () C:\ProgramData\Skype

2014-05-21 19:35 - 2013-08-24 02:41 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-19 19:41 - 2014-01-12 22:56 - 00000000 ____D () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-05-16 19:11 - 2013-10-01 02:58 - 00152125 _____ () C:\Windows\DirectX.log

2014-05-16 18:48 - 2013-08-24 02:11 - 00000000 ___RD () C:\Users\Auron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-16 18:47 - 2014-05-07 19:59 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-16 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-14 23:54 - 2013-08-24 03:30 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 23:53 - 2013-08-24 03:30 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-12 07:26 - 2014-04-12 16:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2013-08-24 02:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-10 17:26 - 2013-08-24 02:39 - 00004144 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-10 17:26 - 2013-08-24 02:39 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-09 08:14 - 2014-05-14 23:45 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-09 08:11 - 2014-05-14 23:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

 

Some content of TEMP:

====================

C:\Users\Auron\AppData\Local\Temp\13-9_win7_win8_64_dd_ccc_whql.exe

C:\Users\Auron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Auron\AppData\Local\Temp\Quarantine.exe

C:\Users\Auron\AppData\Local\Temp\raptrpatch.exe

C:\Users\Auron\AppData\Local\Temp\raptr_stub.exe

C:\Users\Auron\AppData\Local\Temp\SCC.dll

C:\Users\Auron\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Auron\AppData\Local\Temp\sonarinst.exe

C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary3548307430425438192.dll

C:\Users\Auron\AppData\Local\Temp\SRLDetectionLibrary7241043097803026716.dll

C:\Users\Auron\AppData\Local\Temp\VCdControlTool.exe

C:\Users\Auron\AppData\Local\Temp\{2AB94ACA-DBF7-4DA1-A310-C1EC9AFC68CA}-GoogleUpdateSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-06-02 22:01

 

==================== End Of Log ============================

 

 

Im going to post another reply since the message lenght is too much.

Addition.txt

[BitCoinMiner removing problem]

Hi! Since it's been almost 1 week I get a svchost.exe error after the start up, reading on Internet i discovered that a malware could be the issue i'm looking for; i ran MalwareByte updated to the latest version and i discovered that i have to deal with W23/BitCoinMiner malware. I thought a simple scan and removal action have would fix the problem but the malware always come back after a restart.

 

It also disabled somehow the Windows safe mode so when i press F8 i can only select the Boot device (Asus motherboard) and to get into the safe mode i have to active it using the command "msconfig"

I tryed to do a scan on safe mode then but nothing, the problem always come back and sometimes it slows my boot Windows start up (it takes a while to load during Windows logo screen)

 

I tryed to scan with ESET Online and im going to copy here what i've founded:

 

C:\$Recycle.Bin\S-1-5-21-3068055036-2407879928-2449727651-1000\$R4CKAUH.exe Win32/DownWare.L potentially unwanted application

 

C:\$Recycle.Bin\S-1-5-21-3068055036-2407879928-2449727651-1000\$RQSZ66D.exe Win32/DownWare.L potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll probably a variant of Win32/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci64.dll a variant of MSIL/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll a variant of MSIL/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi32.dll probably a variant of Win32/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbfi64.dll a variant of MSIL/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi32.exe a variant of Win32/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbi64.exe a variant of MSIL/SBWatchman.A potentially unwanted application

 

C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe a variant of MSIL/SBWatchman.A potentially unwanted application

 

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\jusched[1].exe a variant of Win32/BitCoinMiner.BS potentially unsafe application

 

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FP8BPMG\svchost[1].exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

 

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ELDYM8B\SearchIndexer[1].exe multiple threats

 

C:\Users\Auron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SFO49C\ssl[1].exe Win32/Autoit.NPY trojan

 

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe a variant of Win32/BitCoinMiner.BS potentially unsafe application

 

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe multiple threats

 

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe Win32/Autoit.NPY trojan

 

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe a variant of Win32/BitCoinMiner.AF potentially unsafe application

 

C:\Users\Auron\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe Win32/TrojanDownloader.Autoit.NLZ trojan

 

C:\Users\Auron\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

E:\Download\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe application

 

E:\Download\disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application

 

E:\Photoshop2\Adobe CS6\Autorun.exe Win32/TrojanDownloader.Autoit.NLZ trojan

Operating memory a variant of Win32/BitCoinMiner.BS potentially unsafe application

 

 

I didn't delete the files founded, can you please help me with this stubborn malware?