Jump to content

Search the Community

Showing results for tags 'coinMiner'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. Windows Defender detected: Used software which did not remove the threat so far: Malwarebytes Kaspersky Free Trial Windows Defender - Windows Defender REMOVE/Quarantine actions do not have any effect if pressed Comments: It changed my proxy setting before and I manually disabled that proxy so far, but kept the configurations for this screenshot. Shortcut.txt Addition.txt FRST.txt Malwarebytes Scan Report.txt
  2. Hi! Last week my Bitdefender started to detect a CoinMiner thread. It blocks it and then deletes it every time, but it keeps happening every day when I turn on my computer. I have seen that there are other people in this forum with the same problem but I am not sure how to proceed. I am scared of deleting something that I shouldn't and ruin my PC. Any kind of help would be very much appreciated.
  3. Help Please i cant get rid of this Trojan:Win32/CoinMiner I have tried Malwarebytes installed it tried to run it and as Admin as well but it kept saying not able to connect to server I tried the work around by renaming and all the other ones still it will not work any help would be great to get rid of this Trojan:Win32/CoinMiner Kind Regards Primaxuk
  4. Hi there I found this thread on google. I am another customer of cloudsouth and I had similar issues in past, So I hope my information may help you in fixing the problem. Two times my server has been infected by this virus. Both time I had to format all hard drives and re-install windows. both times I sent passwords in ticket to support and I believe the hacker stole the password from ticketing system. In event viewer I saw IP address from Russia logged to my server, The IP belonged to a VPN service provider. Probably the hacker hiding behind a VPN. on Nov-2017 the hacker logged into my server and installed the below malware. I believe this is the same hacker that install on OP server as well. He download the virus from below link http://baterky-noze.sk/cache/work.exe https://www.virustotal.com/#/file/2f41840b1780ab42d1b20036a7b6b04ea84e655013d67b98c215c24a4d4223cb/detection on May-2018 he logged into my server again and he installed this malware. He executed this application on my server but he forgot to fully remove it. I uploaded it to virus total. https://www.virustotal.com/#/file/d5e28c675d4f467cb1e917818480396e992ffd1515399b4eadd3adec4031d92e/detection I tried Avast, McAfee and AVG, All of them find and remove the virus but the virus will return the next day.
  5. Hello, for a while now I have problems with some miners . Idk if its worldwide or they are targeting just https://www.cloudsouth.com/ I have 20+ servers from them and most of them are with miners. I reinstalled the OS a few times and soon after the servers will become infected again. I think they are bruteforcing them. I started using 24 characters for passwords on newly reinstalled servers. Here's a report from malwarebytes. (attached below) Even if malwarebytes cleaned the system, and a new check will result in a "clean" pc, the virus is still there and its not being detected. If I open Task Manager , the virus will instantly pause itself and the pc/server will start working normally. A few minutes later the virus will close the task manager and it will start itself. The pc/server will start to lag hard as the virus is using 90% of cpu when its running. Doing a virus scan without opening task manager is impossible. It won't even start. the pc is lagging that hard. Updated windows defender won't pick it up either. In task manager is using some of the following names SHELLEXPERIENCEHOST1.EXE Windowsshellexperiencehost.exe Windowsshellexperiencehoste.exe Windowsshellexperiencehostp.exe Any idea how can I remove these pesky miners? I can provider access via RDP to some infected servers. NP Bitcoin miners report.txt
  6. Please help me i have a coinminer virus located at C:\Users\Gregor\AppData\Roaming\Dllhost . It has been there for weeks and whenever it runs i uses 100% of my cpu. Whenever I try and delete it the virus always comes back a day or so later. Please help, Gregor Christie
  7. Hi, I've tried running malwarebytes a couple times but the virus keeps coming back. Im not sure if its related but i cant use system restore either, it says rstrui.exe is not found. Please help! Thanks so much in advance for your time. The following is attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/1/2010 12:29:51 PM System Uptime: 10/6/2013 6:11:00 PM (0 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | P55-GD65 (MS-7583) Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 89.428 GiB free. D: is CDROM () E: is CDROM () F: is CDROM () G: is FIXED (NTFS) - 1863 GiB total, 256.441 GiB free. I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP663: 8/6/2013 1:49:43 PM - Scheduled Checkpoint RP664: 8/6/2013 8:11:57 PM - Installed Windows Live ID Sign-in Assistant RP665: 8/6/2013 9:51:52 PM - Windows Backup RP666: 9/6/2013 8:56:47 PM - Windows Backup RP667: 10/6/2013 6:22:45 PM - Windows Update . ==== Image File Execution Options ============= . IFEO: hijackthis.exe - zhudzl_.exe IFEO: housecalllauncher.exe - cmznff_.exe IFEO: rstrui.exe - qpqpdn_.exe IFEO: spybotsd.exe - cdoazt_.exe x64-IFEO: hijackthis.exe - zhudzl_.exe x64-IFEO: housecalllauncher.exe - cmznff_.exe x64-IFEO: rstrui.exe - qpqpdn_.exe x64-IFEO: spybotsd.exe - cdoazt_.exe . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 7-Zip 4.65 (x64 edition) Adobe After Effects CS5.5 Adobe AIR Adobe Anchor Service CS4 Adobe Anchor Service x64 CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CMaps x64 CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe CSI CS4 x64 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Download Assistant Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Drive CS4 x64 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Fonts All x64 Adobe Help Manager Adobe Linguistics CS4 Adobe Linguistics CS4 x64 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe PDF Library Files x64 CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 (64 Bit) Adobe Photoshop CS4 Support Adobe Premiere Pro CS6 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Story Adobe Type Support CS4 Adobe Type Support x64 CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe WinSoft Linguistics Plugin x64 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Apple Mobile Device Support Apple Software Update ASUS Xonar DX Audio Driver Audacity 1.3.13 (Unicode) Awesomenauts Battlefield 3™ Battlelog Web Plugins Beat Hazard Belvedere 0.7.1 BF3 Settings Editor bl BlackBerry App World Browser Plugin BlackBerry Desktop Software 7.1 BlackBerry Device Software Updater BlackBerry Device Software v6.0.0 for the BlackBerry 9780 smartphone BlueStacks Bonjour Borderlands 2 Breakaway for Windows calibre Call of Duty® - World at War™ 1.2 Patch Call of Duty® - World at War™ 1.4 Patch Call of Duty® 4 - Modern Warfare™ 1.6 Patch Call of Duty® 4 - Modern Warfare™ 1.7 Patch CamStudio OSS Desktop Recorder Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MG3100 series MP Drivers CCleaner CD Art Display 2.0.1 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Combined Community Codec Pack 2011-11-11 Connect Corel Painter 12 Corel Painter 12 - IPM Creative System Information Creative ZEN V Series D3DX10 DebugBar v5.3 for Internet Explorer (remove only) Defraggler Delete Duplicate Files 3.9 Delete Duplicate Music Diablo III DiskAnalyzer Pro 3.4 Dota 2 Dropbox EnGenius 11n Wireless USB Adapter eReg ESN Sonar Extensions for Windows F.lux Febooti fileTweak Hash and CRC FileZilla Client 3.4.0 Fraps (remove only) FreeArc 0.666 GameSpy Comrade Garena Garena Plus GenieSoft Overture v4.0.2 Google Chrome Google Talk Plugin Grand Theft Auto IV Graphmatica Grooveshark Guild Wars 2 IconHandler 64 bit iEnvato IETester v0.4.2 (remove only) internet download manager 5.19 IrfanView (remove only) Java 7 Update 17 Java Auto Updater Java™ 6 Update 16 Killing Floor kuler LAME v3.99.3 (for Windows) Left 4 Dead 2 Left 4 Dead 2 Add-on Support LogMeIn Hamachi Magic Bullet Suite 64-bit Magic MP3 Tagger 2.2.6 Malwarebytes Anti-Malware version 1.75.0.1300 Mass Effect™ 3 Metro 2033 MFC RunTime files x64 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft AppLocale Microsoft Chart Controls for Microsoft .NET Framework 3.5 Microsoft Expression Web 3 SuperPreview for Internet Explorer Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Windows Application Compatibility Database Microsoft XNA Framework Redistributable 3.1 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird (7.0.1) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Note ID 3.1 NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 314.22 NVIDIA 3D Vision Driver 314.22 NVIDIA Control Panel 314.22 NVIDIA Display Control Panel NVIDIA Graphics Driver 314.22 NVIDIA HD Audio Driver 1.3.23.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.12.12 NVIDIA Update Components NZB Completion Checker OpenAL Opera 10.10 Orcs Must Die! 2 Origin Painter 12 - Content Painter 12 - Core Painter 12 - Corex64 Painter 12 - EN Painter 12 - Setup Files Path of Exile PDF-XChange Viewer PDF Settings CS4 PdfMasher PeerBlock 1.1 (r518) ph Photoshop Camera Raw Photoshop Camera Raw_x64 PitchPerfect Musical Instrument Tuner Portal 2 PowerISO PrimoPDF -- by Nitro PDF Software PunkBuster Services PutLockerDownloader QuickPar 0.9 QuickTime RaidCall Revo Uninstaller 1.94 Rockstar Games Social Club SABnzbd 0.7.11 Safari Saints Row: The Third Seagate Manager Installer SeaTools for Windows Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Sid Meier's Civilization V Sigil 0.5.2 SimCity™ Skype Click to Call Skype™ 6.3 Songbird 2.1.0 (Build 2419) Source SDK Speccy Steam Suite Shared Configuration CS4 Super Meat Boy SyncBack System Requirements Lab Team Fortress 2 TeraCopy 2.27 Ticket to Ride TL-WN821N Wireless Utility TotalAudioConverter Ubisoft Game Launcher Unity Web Player Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition Vtune 7.20 Wacom Tablet WD SmartWare WebTablet IE Plugin WebTablet Netscape Plugin Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin XAMPP 1.8.0 Zwei-Stein Video Compositor 3.01 (Beta 2). . ==== Event Viewer Messages From Past Week ======== . 9/6/2013 6:52:47 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.101. The computer with the IP address 192.168.0.106 did not allow the name to be claimed by this computer. 9/6/2013 6:39:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2013 6:29:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 9/6/2013 6:29:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/6/2013 6:29:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/6/2013 6:29:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/6/2013 6:29:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/6/2013 6:29:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SCDEmu spldr Wanarpv6 9/6/2013 6:06:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 9/6/2013 6:06:05 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/6/2013 6:06:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/6/2013 6:06:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 9/6/2013 6:06:00 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 9/6/2013 12:52:39 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f3fe450d-e059-11de-904f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0EDC30E6-AD52-4CCE-80A3-4514152B945E}' was corrupted and it has been recovered. Some data might have been lost. 9/6/2013 11:36:41 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet. 9/6/2013 11:36:41 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1. 8/6/2013 9:21:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/6/2013 9:21:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/6/2013 9:21:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/6/2013 9:21:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx VWiFiFlt Wanarpv6 WfpLwf ws2ifsl 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Apache2.4 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:21:29 PM, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/6/2013 9:11:45 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 8/6/2013 9:11:45 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 8/6/2013 9:11:45 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 8/6/2013 9:11:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 8/6/2013 9:05:06 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 8/6/2013 9:05:05 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 8/6/2013 9:04:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 8/6/2013 1:50:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f3fe450d-e059-11de-904f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D4D69ECE-7B39-4D82-A9E3-1164812477E6}' was corrupted and it has been recovered. Some data might have been lost. 8/6/2013 1:15:42 AM, Error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s). 8/6/2013 1:01:33 AM, Error: Service Control Manager [7034] - The FileZilla Server FTP server service terminated unexpectedly. It has done this 1 time(s). 7/6/2013 4:37:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 7/6/2013 3:38:04 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f3fe450d-e059-11de-904f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{068DDCE9-85B1-44F3-88D7-D4311103239F}' was corrupted and it has been recovered. Some data might have been lost. 10/6/2013 6:14:57 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 10/6/2013 6:14:57 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 10/6/2013 6:12:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect. 10/6/2013 6:12:44 PM, Error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/6/2013 6:11:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Delete Duplicate Files Scan on Schedule Service service to connect. 10/6/2013 6:11:30 PM, Error: Service Control Manager [7000] - The Delete Duplicate Files Scan on Schedule Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/6/2013 6:11:28 PM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function.. . ==== End Of File =========================== The following is DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2 Run by user at 18:29:22 on 2013-06-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8008 [GMT 8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe c:\xampp\apache\bin\httpd.exe C:\Users\user\Desktop\Brandedbagweb\material\xampp-win32-1.7.7-VC9\xampp\filezillaftp\filezillaserver.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\user\Local Settings\Apps\F.lux\flux.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe c:\xampp\mysql\bin\mysqld.exe C:\Windows\SysWOW64\PnkBstrA.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\xampp\apache\bin\httpd.exe C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Wacom_Tablet.exe C:\Program Files (x86)\SABnzbd\SABnzbd.exe C:\Program Files\Sick-Beard\SickBeard.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe C:\Windows\system32\WTablet\Wacom_TabletUser.exe C:\Windows\system32\Wacom_Tablet.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\wscript.exe C:\Users\user\AppData\Roaming\WindowsLogon\shell.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskmgr.exe C:\Windows\System32\perfmon.exe C:\Windows\SysWOW64\WerFault.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k swprv C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uProxyServer = 127.0.0.1:8118 uProxyOverride = localhost;127.0.0.1;<local> BHO: DebugBar BHO: {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll TB: DebugBar: {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll TB: DebugBar: {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll EB: DebugBar: {947E34E9-1D85-43CB-9CBF-5C492118FDD5} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll uRun: [AdobeBridge] <no file> mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [Adobe Flash Updater] "C:\ProgramData\svsupdates0\xsytzecrn.exe" StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SICKBE~1.LNK - C:\Program Files\Sick-Beard\SickBeard.exe StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Users\user\AppData\Roaming\WindowsLogon\usft_ext.exe.vbs StartupFolder: C:\Users\HOFAI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SyncBack.lnk - C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: Interfaces\{0D56A870-AB1E-4DCD-9121-62764544AE9B} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\2375942554132313 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\2375942554839393 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\2377962756132313 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{20CC54E2-B31B-41C2-A555-C519488903AE}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4F2E8FFE-D2CA-4668-ADD4-C86BB12FA968} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{76C990F6-DA12-434C-B61C-5817226E4BFE} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{C903B681-F112-4A6A-8A1B-F6356BDB3614} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{F392D40B-FEFA-436C-86F9-5B611EE9AD85} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll IFEO: hijackthis.exe - zhudzl_.exe IFEO: housecalllauncher.exe - cmznff_.exe IFEO: rstrui.exe - qpqpdn_.exe IFEO: spybotsd.exe - cdoazt_.exe x64-BHO: Extensions Menu Handler: {3C29D918-10E4-47D8-B2CE-90B0B59481EC} - C:\Program Files\Extensions for Windows\Extensions\Explorer\ExplorerHandler\BandsHelper.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-IFEO: hijackthis.exe - zhudzl_.exe x64-IFEO: housecalllauncher.exe - cmznff_.exe x64-IFEO: rstrui.exe - qpqpdn_.exe x64-IFEO: spybotsd.exe - cdoazt_.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP30DF&PC=UP30&q= FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1qnep19s.default\extensions\StrataBuddy@ReduxTeam\components\dwmxpcom.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . . . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-3-20 203888] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-15 56208] R2 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-6-6 22016] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-8-16 74616] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-18 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-22 701512] R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824] R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe [2013-3-9 185632] R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe [2013-3-9 212256] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264] R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-1-8 5521192] R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256] R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752] R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;C:\Windows\System32\drivers\arusb_lhx.sys [2009-12-3 539136] R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2009-12-3 1257472] R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);C:\Windows\System32\drivers\vaclcskd.sys [2008-8-27 64104] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-3-22 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392] R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-8 18216] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464] S2 Apache2.2;Apache2.2;C:\Users\user\Desktop\Brandedbagweb\material\xampp-win32-1.7.7-VC9\xampp\apache\bin\httpd.exe [2011-11-2 18432] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;C:\Program Files (x86)\Delete Duplicate Files\DDFS.exe [2009-12-21 212992] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-3 1038088] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 98688] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2009-12-3 438784] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736] S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-8-16 397176] S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-8-16 384888] S4 Extensions Updates Service;Extensions Updates Service;C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [2008-10-29 99328] S4 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736] S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] . =============== File Associations =============== . FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-06-10 10:23:46 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7715739E-A706-4E05-8312-B59153F81683}\mpengine.dll 2013-06-09 11:46:27 -------- d-----w- C:\Users\user\AppData\Local\FLT 2013-06-09 11:46:10 -------- d-----w- C:\Windows\SysWow64\Saves 2013-06-09 02:42:12 -------- d-sh--w- C:\$RECYCLE.BIN 2013-06-09 02:15:05 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-08 17:32:26 -------- d-----w- C:\Users\user\AppData\Local\Activision 2013-06-08 13:56:08 -------- d-----w- C:\Users\user\AppData\Local\{6CA97C4B-33D9-4FB5-82B0-28CF5D7F9A89} 2013-06-07 17:04:09 -------- d-s---w- C:\ComboFix 2013-06-07 16:52:54 -------- d-sh--w- C:\ProgramData\svsupdates0 2013-06-07 16:50:19 -------- d-----w- C:\Users\user\AppData\Roaming\WindowsLogon 2013-05-31 12:02:14 -------- d-----w- C:\ProgramData\Blizzard Entertainment . ==================== Find3M ==================== . 2013-05-15 09:52:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-15 09:52:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-06 02:31:06 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-04-06 02:31:06 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-04-05 13:35:59 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-04-05 13:35:51 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-04-04 06:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-18 17:41:20 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-18 17:41:18 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-18 17:41:18 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll 2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll 2013-03-14 14:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin . ============= FINISH: 18:30:03.74 ===============
  8. Help i have scanned through my computer with malewarebytes twice the first time it found 6 then the second time o but then i scanned used microsoft security essential and it the coin miner keeps reapearing
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.