Jump to content

Unable to remove trojan.bitcoin.miner


Recommended Posts

I was hoping you'd be able to help. I have the pro license for your anti-malware software and have run the latest version of this and your anti-rootkit software. Although it is stating that it is finding, quarantining and deleting some infected files, they seem to reinvade my system on every re-boot etc.

Please could you help me to remove this root virus? Any advice would be greatly appreciated.

Many thanks,

Malcs.

Link to post
Share on other sites

Hey Ron,

Many thanks for the prompt response :)
 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.10.02
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
jonny_000 :: BETSY [administrator]
 
Protection: Enabled
 
10/10/2013 09:25:12
mbam-log-2013-10-10 (09-25-12).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199859
Time elapsed: 4 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 5
C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

  • Root Admin

Hi there..
 
Please read the following and we'll see about getting you cleaned up.

P2P/Piracy Warning:
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 



Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 

 

 

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 13-10-15.02 - jonny_000 15/10/2013  11:26:30.1.4 - x64

Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.8088.6262 [GMT 1:00]

Running from: c:\users\jonny_000\Desktop\ComboFix.exe

AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

.

(((((((((((((((((((((((((   Files Created from 2013-09-15 to 2013-10-15  )))))))))))))))))))))))))))))))

.

.

2013-10-15 10:55 . 2013-10-15 10:56 -------- d-----w- c:\users\jonny_000\AppData\Local\temp

2013-10-15 10:55 . 2013-10-15 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-14 13:06 . 2013-10-14 13:06 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp

2013-10-14 10:36 . 2013-10-14 11:25 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-10-13 00:11 . 2013-10-13 00:11 -------- d-----w- c:\program files\Microsoft.NET

2013-10-10 17:07 . 2013-10-10 21:51 -------- d-----w- C:\AMD

2013-10-10 02:50 . 2013-06-29 03:07 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-10-10 02:50 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-10 02:50 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys

2013-10-10 02:50 . 2013-07-02 01:41 337752 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS

2013-10-10 02:50 . 2013-07-02 01:41 447320 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS

2013-10-10 02:50 . 2013-07-02 01:41 213336 ----a-w- c:\windows\system32\drivers\UCX01000.SYS

2013-10-10 02:50 . 2013-07-01 01:42 623448 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-10 02:50 . 2013-07-01 01:42 498008 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-10 02:50 . 2013-07-01 01:42 79192 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-10 02:50 . 2013-07-01 01:42 21848 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-10 02:50 . 2013-06-29 03:07 32256 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-10 02:50 . 2013-06-29 03:06 120832 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-10 02:49 . 2013-07-05 22:01 210560 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-10-10 02:49 . 2013-07-05 22:02 99328 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-10 02:49 . 2013-07-19 22:13 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 02:49 . 2013-07-19 22:13 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 02:48 . 2013-05-26 23:17 35328 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-10-10 02:48 . 2013-05-26 22:59 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-10-10 02:48 . 2013-05-25 03:15 362496 ----a-w- c:\windows\system32\atmfd.dll

2013-10-10 02:48 . 2013-05-25 02:32 300032 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-10-10 02:48 . 2013-08-23 05:11 4040192 ----a-w- c:\windows\system32\win32k.sys

2013-10-10 02:41 . 2013-09-22 22:54 3959296 ----a-w- c:\windows\system32\jscript9.dll

2013-10-10 02:41 . 2013-09-22 22:54 2647552 ----a-w- c:\windows\system32\iertutil.dll

2013-10-10 02:41 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-10-10 02:41 . 2013-04-28 22:30 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll

2013-10-10 02:41 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-10 02:41 . 2013-06-22 05:45 54488 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-10-09 21:09 . 2013-10-09 21:09 -------- d-----w- c:\users\jonny_000\AppData\Local\GameFly

2013-10-09 13:23 . 2013-10-09 13:23 -------- d-----w- c:\users\jonny_000\AppData\Roaming\GameFly

2013-10-07 09:38 . 2013-10-07 09:38 -------- d-----w- c:\users\jonny_000\AppData\Roaming\AVG

2013-10-07 09:37 . 2013-10-07 09:40 -------- d-----w- c:\programdata\AVG

2013-10-07 09:37 . 2013-10-07 09:44 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2013-10-06 16:15 . 2013-10-10 23:02 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Bioshock

2013-10-05 10:32 . 2013-10-05 10:32 -------- d-----w- c:\programdata\Solidshield

2013-10-04 11:50 . 2013-10-04 11:50 -------- d-----w- c:\users\jonny_000\AppData\Local\Gas Powered Games

2013-10-03 21:41 . 2013-10-03 21:41 -------- d-----w- c:\program files (x86)\JoWooD

2013-10-03 11:55 . 2013-10-03 11:55 290480 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10219.bin

2013-09-28 22:21 . 2013-09-28 22:21 -------- d-----w- c:\programdata\Licenses

2013-09-28 22:21 . 2013-09-28 22:21 -------- d-----w- c:\program files (x86)\SpywareBlaster

2013-09-28 22:21 . 2011-11-04 04:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2013-09-28 22:21 . 2009-03-24 11:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2013-09-28 22:18 . 2013-09-28 22:18 -------- d-----w- c:\users\jonny_000\AppData\Roaming\WinPatrol

2013-09-28 22:18 . 2013-09-28 22:18 -------- d-----w- c:\programdata\InstallMate

2013-09-28 22:18 . 2013-09-28 22:18 -------- d-----w- c:\program files (x86)\BillP Studios

2013-09-28 10:41 . 2013-09-28 10:41 -------- d-----w- c:\users\jonny_000\AppData\Roaming\com.headupgames.theinnerworld

2013-09-28 10:30 . 2013-09-28 10:30 -------- d-----w- c:\program files (x86)\Cisco

2013-09-27 08:35 . 2013-09-27 08:35 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-09-26 22:46 . 2013-09-26 22:52 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Tropico 4

2013-09-26 22:42 . 2013-09-26 22:42 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Kalypso Media

2013-09-25 20:07 . 2013-09-25 20:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys

2013-09-25 16:48 . 2013-09-25 16:55 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Vessel

2013-09-20 08:04 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL

2013-09-19 12:10 . 2013-09-19 12:10 9082024 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\OSETUP.DLL

2013-09-17 23:50 . 2013-09-17 23:50 47744 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\OSetupPS.dll

2013-09-17 23:50 . 2013-09-17 23:50 393464 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\ODeploy.exe

2013-09-17 23:50 . 2013-09-17 23:50 1061568 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe

2013-09-16 11:03 . 2013-09-16 11:03 -------- d-----w- c:\users\jonny_000\AppData\Roaming\TuneUp Software

2013-09-16 11:02 . 2013-10-07 08:09 -------- d-----w- C:\$AVG

2013-09-16 11:02 . 2013-10-10 07:12 -------- d-----w- c:\program files (x86)\AVG

2013-09-16 11:01 . 2013-09-16 11:01 -------- d-s---w- c:\windows\SysWow64\Microsoft

2013-09-16 11:00 . 2013-10-07 08:03 -------- d-----w- c:\users\jonny_000\AppData\Local\Avg2014

2013-09-15 14:11 . 2013-09-15 14:14 -------- d-----w- c:\users\jonny_000\AppData\Roaming\Wise Registry Cleaner

2013-09-15 14:10 . 2013-09-15 14:10 -------- d-----w- c:\program files (x86)\Wise

2013-09-15 14:07 . 2013-09-15 14:07 -------- d-----w- c:\program files (x86)\VS Revo Group

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-14 13:06 . 2012-10-22 02:26 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys

2013-10-10 02:51 . 2013-07-21 02:20 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-10-02 01:38 . 2013-09-14 07:36 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-02 01:38 . 2013-09-14 07:36 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-08 21:11 . 2013-09-08 21:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-09-04 14:35 . 2013-09-04 14:35 20496 ----a-w- c:\windows\system32\drivers\avgboota.sys

2013-09-02 09:59 . 2013-09-02 09:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-09-02 09:29 . 2013-09-02 09:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-09-02 09:26 . 2013-09-02 09:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-09-02 09:26 . 2013-09-02 09:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-08-20 21:53 . 2013-08-20 21:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-08-20 06:02 . 2013-08-20 06:02 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-08-20 06:02 . 2013-08-20 06:02 103576 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-08-16 05:41 . 2013-09-12 15:27 58200 ----a-w- c:\windows\system32\drivers\dam.sys

2013-08-16 05:39 . 2013-09-12 15:27 2371728 ----a-w- c:\windows\system32\WSService.dll

2013-08-16 05:39 . 2013-09-12 15:27 59416 ----a-w- c:\windows\system32\wuauclt.exe

2013-08-16 05:32 . 2013-09-12 15:27 209200 ----a-w- c:\windows\system32\NotificationUI.exe

2013-08-16 05:22 . 2013-09-12 15:27 40448 ----a-w- c:\windows\system32\wuapp.exe

2013-08-16 05:22 . 2013-09-12 15:27 4917760 ----a-w- c:\windows\system32\sppsvc.exe

2013-08-16 05:21 . 2013-09-12 15:27 3275776 ----a-w- c:\windows\system32\wuaueng.dll

2013-08-16 05:21 . 2013-09-12 15:27 49664 ----a-w- c:\windows\system32\wups.dll

2013-08-16 05:21 . 2013-09-12 15:27 49152 ----a-w- c:\windows\system32\wups2.dll

2013-08-16 05:21 . 2013-09-12 15:27 1621504 ----a-w- c:\windows\system32\wucltux.dll

2013-08-16 05:21 . 2013-09-12 15:27 252416 ----a-w- c:\windows\system32\WUSettingsProvider.dll

2013-08-16 05:21 . 2013-09-12 15:27 99328 ----a-w- c:\windows\system32\wudriver.dll

2013-08-16 05:21 . 2013-09-12 15:27 142848 ----a-w- c:\windows\system32\wuwebv.dll

2013-08-16 05:21 . 2013-09-12 15:27 773120 ----a-w- c:\windows\system32\wuapi.dll

2013-08-16 05:21 . 2013-09-12 15:27 688640 ----a-w- c:\windows\system32\WSShared.dll

2013-08-16 05:21 . 2013-09-12 15:27 183808 ----a-w- c:\windows\system32\WSSync.dll

2013-08-16 05:21 . 2013-09-12 15:27 204800 ----a-w- c:\windows\system32\WSClient.dll

2013-08-16 05:21 . 2013-09-12 15:27 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll

2013-08-16 05:21 . 2013-09-12 15:27 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-16 05:21 . 2013-09-12 15:27 174592 ----a-w- c:\windows\system32\storewuauth.dll

2013-08-16 05:21 . 2013-09-12 15:27 1164288 ----a-w- c:\windows\system32\sppobjs.dll

2013-08-16 05:21 . 2013-09-12 15:27 368640 ----a-w- c:\windows\system32\sppwinob.dll

2013-08-16 05:21 . 2013-09-12 15:27 81408 ----a-w- c:\windows\system32\setupcln.dll

2013-08-16 05:21 . 2013-09-12 15:27 120320 ----a-w- c:\windows\system32\sppc.dll

2013-08-16 05:20 . 2013-09-12 15:27 105984 ----a-w- c:\windows\system32\WinSetupUI.dll

2013-08-15 22:43 . 2013-09-12 15:27 35328 ----a-w- c:\windows\SysWow64\wuapp.exe

2013-08-15 22:43 . 2013-09-12 15:27 628736 ----a-w- c:\windows\SysWow64\wuapi.dll

2013-08-15 22:43 . 2013-09-12 15:27 20992 ----a-w- c:\windows\SysWow64\wups.dll

2013-08-15 22:43 . 2013-09-12 15:27 84992 ----a-w- c:\windows\SysWow64\wudriver.dll

2013-08-15 22:43 . 2013-09-12 15:27 126976 ----a-w- c:\windows\SysWow64\wuwebv.dll

2013-08-15 22:43 . 2013-09-12 15:27 562688 ----a-w- c:\windows\SysWow64\WSShared.dll

2013-08-15 22:43 . 2013-09-12 15:27 159232 ----a-w- c:\windows\SysWow64\WSSync.dll

2013-08-15 22:43 . 2013-09-12 15:27 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-08-15 22:43 . 2013-09-12 15:27 167424 ----a-w- c:\windows\SysWow64\WSClient.dll

2013-08-15 22:43 . 2013-09-12 15:27 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-15 22:43 . 2013-09-12 15:27 83968 ----a-w- c:\windows\SysWow64\OEMLicense.dll

2013-08-15 22:42 . 2013-09-12 15:27 76800 ----a-w- c:\windows\SysWow64\setupcln.dll

2013-08-15 22:42 . 2013-09-12 15:27 91648 ----a-w- c:\windows\SysWow64\sppc.dll

2013-08-13 06:46 . 2013-08-13 06:46 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2013-08-13 06:46 . 2013-08-13 06:46 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-08-13 06:46 . 2013-08-13 06:46 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2013-08-13 06:46 . 2013-08-13 06:46 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-08-07 05:15 . 2013-09-12 15:26 144896 ----a-w- c:\windows\system32\tssdisai.dll

2013-07-30 09:01 . 2013-07-30 09:01 252728 ----a-w- c:\windows\system32\drivers\avgwfpa.sys

2013-07-27 12:44 . 2013-07-27 12:48 543744 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2013-07-27 12:44 . 2013-07-27 12:55 1664000 ----a-w- c:\windows\sttray64.exe

2013-07-27 12:44 . 2013-07-27 12:55 6102016 ----a-w- c:\windows\system32\stlang64.dll

2013-07-27 12:44 . 2013-07-27 12:48 499200 ----a-w- c:\windows\system32\stcplx64.dll

2013-07-27 12:44 . 2013-07-27 12:48 2189312 ----a-w- c:\windows\system32\stapo64.dll

2013-07-27 12:44 . 2013-07-27 12:48 672256 ------w- c:\windows\system32\stapi64.dll

2013-07-27 12:44 . 2013-07-27 12:48 256000 ----a-w- c:\windows\system32\st646433.dll

2013-07-27 12:44 . 2013-07-27 12:55 8013312 ----a-w- c:\windows\system32\IDTNHP.dll

2013-07-27 12:44 . 2013-07-27 12:55 464384 ----a-w- c:\windows\system32\slapoi64.dll

2013-07-27 12:44 . 2013-07-27 12:55 253952 ----a-w- c:\windows\system32\IDTNJ.exe

2013-07-27 12:44 . 2013-07-27 12:55 2216448 ----a-w- c:\windows\system32\IDTNX.dll

2013-07-27 12:44 . 2013-07-27 12:55 8003072 ----a-w- c:\windows\system32\IDTNGUI.exe

2013-07-27 12:44 . 2013-07-27 12:55 1821184 ----a-w- c:\windows\system32\IDTNC64.cpl

2013-07-27 12:44 . 2013-07-27 12:55 224256 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2013-07-27 03:58 . 2012-07-26 07:24 2207232 ----a-w- c:\windows\SysWow64\PrintConfig.dll

2013-07-24 18:42 . 2013-07-23 14:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-07-24 18:42 . 2013-07-23 14:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-07-20 06:00 . 2013-07-20 06:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-07-20 06:00 . 2013-07-20 06:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-07-19 11:44 . 2013-07-19 11:44 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-07-19 11:26 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-09-13 05:05 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-09-13 05:05 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-09-13 05:05 1724616 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-09-30 3551576]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-09-24 441408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-31 580512]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\

iSCTsysTray.lnk - c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe [2012-7-24 316416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 iscFlash;iscFlash;c:\swsetup\sp60874\iscflashx64.sys;c:\swsetup\sp60874\iscflashx64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]

R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]

S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]

S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\System32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]

S3 NETwNe64;@oem35.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]

S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]

S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]

S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\system32\DRIVERS\xusb22.sys;c:\windows\SYSNATIVE\DRIVERS\xusb22.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

apphost REG_MULTI_SZ   apphostsvc

iissvcs REG_MULTI_SZ   w3svc was

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-07 22:41 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 11:36]

.

2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 11:36]

.

2013-10-14 c:\windows\Tasks\HPCeeScheduleForjonny_000.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-09-13 05:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-09-13 05:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-09-13 05:02 2328264 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-27 1664000]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-08-27 11577216]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-21 171040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-21 399392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-21 441888]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105

IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2013-10-15  12:05:59

ComboFix-quarantined-files.txt  2013-10-15 11:05

.

Pre-Run: 602,388,295,680 bytes free

Post-Run: 602,221,817,856 bytes free

.

- - End Of File - - 9F84ACD558F0275E710183AF752421B1
Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

  • Root Admin

That's good - it did not find anything.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Sorry buddy, rescanning now.

In the meantime....
 

# AdwCleaner v3.008 - Report created 17/10/2013 at 10:12:09
# Updated 17/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : jonny_000 - BETSY
# Running from : C:\Users\jonny_000\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\jonny_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1350 octets] - [17/10/2013 10:10:01]
AdwCleaner[s0].txt - [1275 octets] - [17/10/2013 10:12:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1335 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 8 x64

Ran by jonny_000 on 17/10/2013 at 10:16:45.01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{66EDD1EC-32FE-4870-BC1E-69695A8299EB}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\CookiesBlockedForUrls [blacklisted Policy]

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\JavaScriptBlockedForUrls [blacklisted Policy]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/10/2013 at 10:23:04.56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.17.03

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16721

jonny_000 :: BETSY [administrator]

 

Protection: Enabled

 

17/10/2013 10:27:14

mbam-log-2013-10-17 (10-27-14).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204992

Time elapsed: 3 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

  • Root Admin

How is the computer running now?

Are there still any signs of an infection?

 

Please run MBAM and check for updates and do a Quick Scan and post back the log.

 

Then run the following.

 

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

The computer always ran fine but the virus seems to have gone....:)
 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.18.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
jonny_000 :: BETSY [administrator]
 
Protection: Enabled
 
18/10/2013 10:32:31
mbam-log-2013-10-18 (10-32-31).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205369
Time elapsed: 5 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74  

   x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus 2014   

Windows Defender     

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 SpywareBlaster 5.0    

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Wise Registry Cleaner 7.84  

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 WinPatrol winpatrol.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 AVG avgwdsvc.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 BillP Studios WinPatrol WinPatrol.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

Link to post
Share on other sites

Hi Ron,

I know you haven't given me the all clear yet but I did just want to say thank you for all of your help.

MBAM is excellent software, I have saved many a PC from vicious malware just by booting in safe mode and installing the latest version.

Keep up the excellent work!

As far as I can tell though, the bitcoin miner has now been vanquished! I will return though until you give me the all clear :)

I wish you and the Malwarebytes team all the best in your future endeavours!

:) :) :)

Link to post
Share on other sites

  • Root Admin

Hi there.  Please check for any Adobe updates otherwise you look good to go now.
 
At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png


Remove the rest of the tools used:





Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:

  • This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.