Jump to content

BitCoin Miner infection


Recommended Posts

Hello.

Today i nitced that i have BitCoinMiner Trojan. I've tried to remove it using MBAM, but after restart it downloads itself.

DDS File:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16384 BrowserJavaVersion: 10.21.2

Run by Asparte at 10:43:36 on 2013-10-27

Microsoft Windows 8 Pro 6.2.9200.0.1250.48.1033.18.4094.2184 [GMT 1:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\dashost.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Wireshark\Wireshark.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe

C:\Users\Asparte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

C:\Program Files\ShareX\ShareX.exe

C:\PROGRA~2\Raptr\raptr.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office15\MsoSync.exe

C:\PROGRA~2\Raptr\raptr_im.exe

C:\Program Files (x86)\Raptr\raptr_ep64.exe

C:\Windows\System32\schtasks.exe

C:\Program Files (x86)\WhatPulse2\whatpulse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Windows\Temp\svchost.exe" -o http://p.0839f88ae61efaa3e91fdf5b732b242f.com -O r13:r13 -l 1

x64-SSODL: WebCheck -

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Asparte\AppData\Roaming\Mozilla\Firefox\Profiles\jgpbchhz.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\Asparte\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Asparte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-6-6 56208]

R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-6-10 70296]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 28504]

R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-2-28 50448]

R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-13 178448]

R2 MSSQL$INSERTGT;SQL Server (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]

R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-1-29 2560816]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-18 4153184]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-2-28 29280]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-2-28 29280]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\Drivers\L1C62x64.sys [2013-6-5 58880]

S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616]

S2 AVP;Usługa Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-2-28 356128]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\Drivers\ssadadb.sys [2011-5-13 36328]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-5-21 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-5-21 79360]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-30 17480]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-30 9800]

S3 rspLLL;rspLLL;C:\Windows\System32\Drivers\rspLLL64.sys [2013-5-23 23968]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

S4 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-5-26 245760]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\Drivers\RsFx0151.sys [2011-6-17 313696]

S4 SQLAgent$INSERTGT;SQL Server Agent (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-10-27 08:35:22 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Malwarebytes

2013-10-27 08:35:16 -------- d-----w- C:\ProgramData\Malwarebytes

2013-10-27 08:35:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-10-27 08:35:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-26 10:35:07 -------- d-----w- C:\ProgramData\Steam

2013-10-22 20:12:07 -------- d-----w- C:\Users\Asparte\WapSter

2013-10-22 20:11:37 -------- d-----w- C:\Program Files\WapSter

2013-10-20 08:49:19 -------- d-----w- C:\Program Files (x86)\ali213

2013-10-20 07:52:10 -------- d-----w- C:\Program Files (x86)\ZOC6

2013-10-19 21:56:49 -------- d-----w- C:\Users\Asparte\.thumbnails

2013-10-19 21:51:20 -------- d-----w- C:\Users\Asparte\.gimp-2.8

2013-10-19 21:51:19 -------- d-----w- C:\Users\Asparte\AppData\Local\gegl-0.2

2013-10-19 21:49:54 -------- d-----w- C:\Program Files\GIMP 2

2013-10-15 14:27:47 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-10-08 15:52:55 -------- d-----w- C:\Program Files\CPUID

2013-10-08 13:45:34 -------- d-----w- C:\Program Files (x86)\XeMu360

2013-10-05 13:32:28 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Rainmeter

2013-10-05 13:32:26 -------- d-----w- C:\Program Files\Rainmeter

2013-10-03 19:19:33 -------- d-----w- C:\Program Files\ShareX

2013-10-01 18:48:28 144984 ----a-w- C:\Users\Asparte\whois.exe

2013-09-30 19:29:01 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Sublime Text 2

2013-09-30 19:28:25 -------- d-----w- C:\Program Files\Sublime Text 2

2013-09-28 09:51:26 -------- d-----w- C:\Program Files (x86)\ffdshow

2013-09-27 19:05:06 -------- d-----w- C:\Windows\System32\oodag

2013-09-27 19:03:44 -------- d-----w- C:\Program Files\OO Software

2013-09-27 19:03:11 -------- d-----w- C:\ProgramData\OO Software

2013-09-27 18:57:32 -------- d-----w- C:\Users\Asparte\AppData\Local\O&O

2013-09-27 17:06:21 -------- d-----w- C:\Users\Asparte\AppData\Local\Downloaded Installations

.

==================== Find3M ====================

.

2013-10-10 15:12:35 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys

2013-10-10 15:12:35 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

2013-10-10 15:12:32 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys

2013-09-12 17:39:36 468480 ----a-w- C:\Windows\System32\deployJava1.dll

2013-08-22 12:10:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-08-22 12:10:10 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-08-22 12:10:08 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 10:44:10.31 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 5/21/2013 6:03:40 PM

System Uptime: 10/27/2013 10:34:29 AM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L

Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2500/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 70 GiB total, 4.973 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 2.882 GiB free.

F: is FIXED (NTFS) - 196 GiB total, 2.684 GiB free.

G: is FIXED (NTFS) - 59 GiB total, 0.431 GiB free.

H: is FIXED (NTFS) - 61 GiB total, 4.087 GiB free.

I: is FIXED (NTFS) - 200 GiB total, 3.685 GiB free.

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP43: 10/26/2013 12:27:36 PM - Installed DirectX

.

==== Installed Programs ======================

.

????-????? ?? 0.6.19374

18 Wheels of Steel: Haulin'

7-Zip 9.20 (x64 edition)

AAC to MP3 Converter

Action!

Adobe AIR

Adobe Audition CS6

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Reader XI (11.0.03)

Aegisub 3.0.4

OŠUCA‚̉ʎŔ

Apple Application Support

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Audacity 2.0.3

AviSynth 2.5

Battlefield 3™

BeamNG-Techdemo-0.3 (remove only)

BeamNG DRIVE 0.3.06

BitTorrent

bl

Brother MFL-Pro Suite DCP-J515W

BurnAware Free 6.4

Burnout Paradise: The Ultimate Box

Camtasia Studio 7

CodeBlocks

Counter-Strike

CPUID CPU-Z 1.66.1

Creative ALchemy

Creative Audio Control Panel

Creative Entertainment Console

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

CrystalDiskInfo 5.6.2 Shizuku Edition

EaseUS Partition Master 9.2.2

Euro Truck Simulator 2 wersja 1.5.2.1s

Extension Changer

Facebook Messenger 2.1.4814.0

FeedDemon

FIFA 14 Demo

foobar2000 v1.2.8

FormatFactory 2.96

Freemake Video Downloader

GetFLV 9.1.2.6

GIF Viewer 3.3

GIMP 2.8.6

Google Chrome

Google Update Helper

GPU Caps Viewer 1.18.1

Grand Theft Auto IV

Guifications Plugin (remove only)

Haali Media Splitter

Handbrake 5596 Nightly

HashTab 5.1.0.23

HeidiSQL 8.0.0.4396

HxD Hex Editor version 1.7.7.0

ˇ¶300Ó˘Đۡ· °ć±ľ 0.2.0

InsERT GT 1.32 HF2

Intel Processor Diagnostic Tool 64Bit

IrfanView (remove only)

Java 7 Update 21

Java Auto Updater

Java 6 Update 21 (64-bit)

JDownloader 0.9

Kaspersky Internet Security 2013

KeePass Password Safe 2.23

KMP Media Toolbar

KVIrc

LAME v3.99.3 (for Windows)

Last.fm Scrobbler 2.1.36

LatencyMon 5.00

LAV Filters 0.58.1

Mal Updater 2.95

Malwarebytes Anti-Malware version 1.75.0.1300

Medal of Honor Single Player

Media Preview

MediaCoder 0.8.22.5506

Metin2

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft Application Error Reporting

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Espanol

Microsoft Office Shared 32-bit MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft Silverlight

Microsoft SQL Server 2005 Backward compatibility

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Browser

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

Microsoft Word MUI (English) 2013

Microsoft XNA Framework Redistributable 4.0

MKV Font Extractor 1.0.0

MKVToolNix 6.2.0

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

MP4 Video Splitter Software

MPC-HC 1.6.8

MSVCRT Redists

NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst

Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski

Need for Speed™ Most Wanted

Neverwinter

Nmap 6.40

Notepad++

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NyuFX

O&O Defrag Professional

OCCT 4.4.0

Open Broadcaster Software

Origin

osu!

Outils de vérification linguistique 2013 de Microsoft Office - Français

ph

Pidgin

PITy 2012 dla Windows kompilacja:1.4.5.12

Portal 2

PremiumSoft Navicat Premium 9.1

PunkBuster Services

Rainmeter

Raptr

Realtek High Definition Audio Driver

Resource Hacker Version 3.6.0

Rigs of Rods 0.38.67

Scribus 1.4.3 (64bit)

Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)

Setup - FIFA 14 Ultimate Edition ...

ShareX 8.2.0.655

Skype™ 6.9

Spotify

SQL Server 2008 R2 SP1 Common Files

SQL Server 2008 R2 SP1 Database Engine Services

SQL Server 2008 R2 SP1 Database Engine Shared

Sql Server Customer Experience Improvement Program

Steam

Sterowniki firmy InsERT 5.08

Sublime Text 2.0.2

TeamSpeak 3 Client

TeamViewer 8

The KMPlayer (remove only)

tools-windows

Tunatic

Unity Web Player

Update for Japanese Microsoft IME Postal Code Dictionary

Update for Japanese Microsoft IME Standard Dictionary

Update for Japanese Microsoft IME Standard Extended Dictionary

Vegas Pro 12.0 (64-bit)

VLC media player 2.1.0

VMware Player

Volume Panel

WapSter AQQ

WhatPulse version 2.1.1

Windows Media Encoder 9 Series

WinHTTrack Website Copier 3.47-20 (x64)

WinMerge 2.14.0

WinPcap 4.1.3

Wireshark 1.10.1 (64-bit)

XAMPP

xy-VSFilter 3.0.0.211

ZOC Terminal 6.4

.

==== Event Viewer Messages From Past Week ========

.

10/23/2013 4:15:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum, you logs is not readable in that forum.

Please rescan and post or attach the logs:

--------------------

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Sorry for messed logs.

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16384 BrowserJavaVersion: 10.21.2

Run by Asparte at 10:43:36 on 2013-10-27

Microsoft Windows 8 Pro 6.2.9200.0.1250.48.1033.18.4094.2184 [GMT 1:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\dashost.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Wireshark\Wireshark.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe

C:\Users\Asparte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

C:\Program Files\ShareX\ShareX.exe

C:\PROGRA~2\Raptr\raptr.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office15\MsoSync.exe

C:\PROGRA~2\Raptr\raptr_im.exe

C:\Program Files (x86)\Raptr\raptr_ep64.exe

C:\Windows\System32\schtasks.exe

C:\Program Files (x86)\WhatPulse2\whatpulse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Windows\Temp\svchost.exe" -o http://p.0839f88ae61efaa3e91fdf5b732b242f.com -O r13:r13 -l 1

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = socks=127.0.0.1:31337

mWinlogon: Userinit = userinit.exe,

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

uRun: [WhatPulse] "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"

uRun: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe

uRun: [puush] C:\Program Files (x86)\puush\puush.exe

uRun: [spotify Web Helper] "C:\Users\Asparte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

mRun: [MP4 Video Splitter Software.exe] <no file>

StartupFolder: C:\Users\Asparte\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Asparte\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

StartupFolder: C:\Users\Asparte\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

StartupFolder: C:\Users\Asparte\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ShareX.lnk - C:\Program Files\ShareX\ShareX.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\O&ODEF~1.LNK - C:\Windows\Installer\{A2EA88AA-8749-457F-B82D-BD236713AE29}\DefragIcon.exe

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

TCP: NameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{ECADDEAA-5396-4237-AC83-213716E1716B} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{ECADDEAA-5396-4237-AC83-213716E1716B} : DHCPNameServer = 8.8.8.8 8.8.4.4

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Asparte\AppData\Roaming\Mozilla\Firefox\Profiles\jgpbchhz.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\Asparte\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Asparte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-6-6 56208]

R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-6-10 70296]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 28504]

R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-2-28 50448]

R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-13 178448]

R2 MSSQL$INSERTGT;SQL Server (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]

R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-1-29 2560816]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-18 4153184]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-2-28 29280]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-2-28 29280]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\Drivers\L1C62x64.sys [2013-6-5 58880]

S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616]

S2 AVP;Usługa Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-2-28 356128]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\Drivers\ssadadb.sys [2011-5-13 36328]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-5-21 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-5-21 79360]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-30 17480]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-30 9800]

S3 rspLLL;rspLLL;C:\Windows\System32\Drivers\rspLLL64.sys [2013-5-23 23968]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\Drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\Drivers\ssadmdm.sys [2011-5-13 177640]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

S4 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-5-26 245760]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\Drivers\RsFx0151.sys [2011-6-17 313696]

S4 SQLAgent$INSERTGT;SQL Server Agent (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-10-27 08:35:22 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Malwarebytes

2013-10-27 08:35:16 -------- d-----w- C:\ProgramData\Malwarebytes

2013-10-27 08:35:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-10-27 08:35:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-26 10:35:07 -------- d-----w- C:\ProgramData\Steam

2013-10-22 20:12:07 -------- d-----w- C:\Users\Asparte\WapSter

2013-10-22 20:11:37 -------- d-----w- C:\Program Files\WapSter

2013-10-20 08:49:19 -------- d-----w- C:\Program Files (x86)\ali213

2013-10-20 07:52:10 -------- d-----w- C:\Program Files (x86)\ZOC6

2013-10-19 21:56:49 -------- d-----w- C:\Users\Asparte\.thumbnails

2013-10-19 21:51:20 -------- d-----w- C:\Users\Asparte\.gimp-2.8

2013-10-19 21:51:19 -------- d-----w- C:\Users\Asparte\AppData\Local\gegl-0.2

2013-10-19 21:49:54 -------- d-----w- C:\Program Files\GIMP 2

2013-10-15 14:27:47 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-10-08 15:52:55 -------- d-----w- C:\Program Files\CPUID

2013-10-08 13:45:34 -------- d-----w- C:\Program Files (x86)\XeMu360

2013-10-05 13:32:28 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Rainmeter

2013-10-05 13:32:26 -------- d-----w- C:\Program Files\Rainmeter

2013-10-03 19:19:33 -------- d-----w- C:\Program Files\ShareX

2013-10-01 18:48:28 144984 ----a-w- C:\Users\Asparte\whois.exe

2013-09-30 19:29:01 -------- d-----w- C:\Users\Asparte\AppData\Roaming\Sublime Text 2

2013-09-30 19:28:25 -------- d-----w- C:\Program Files\Sublime Text 2

2013-09-28 09:51:26 -------- d-----w- C:\Program Files (x86)\ffdshow

2013-09-27 19:05:06 -------- d-----w- C:\Windows\System32\oodag

2013-09-27 19:03:44 -------- d-----w- C:\Program Files\OO Software

2013-09-27 19:03:11 -------- d-----w- C:\ProgramData\OO Software

2013-09-27 18:57:32 -------- d-----w- C:\Users\Asparte\AppData\Local\O&O

2013-09-27 17:06:21 -------- d-----w- C:\Users\Asparte\AppData\Local\Downloaded Installations

.

==================== Find3M ====================

.

2013-10-10 15:12:35 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys

2013-10-10 15:12:35 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

2013-10-10 15:12:32 7717984 ----a-w- C:\Windows\System32\drivers\kl1.sys

2013-09-12 17:39:36 468480 ----a-w- C:\Windows\System32\deployJava1.dll

2013-08-22 12:10:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-08-22 12:10:10 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-08-22 12:10:08 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 10:44:10.31 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 5/21/2013 6:03:40 PM

System Uptime: 10/27/2013 10:34:29 AM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L

Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2500/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 70 GiB total, 4.973 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 2.882 GiB free.

F: is FIXED (NTFS) - 196 GiB total, 2.684 GiB free.

G: is FIXED (NTFS) - 59 GiB total, 0.431 GiB free.

H: is FIXED (NTFS) - 61 GiB total, 4.087 GiB free.

I: is FIXED (NTFS) - 200 GiB total, 3.685 GiB free.

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP43: 10/26/2013 12:27:36 PM - Installed DirectX

.

==== Installed Programs ======================

.

????-????? ?? 0.6.19374

18 Wheels of Steel: Haulin'

7-Zip 9.20 (x64 edition)

AAC to MP3 Converter

Action!

Adobe AIR

Adobe Audition CS6

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Reader XI (11.0.03)

Aegisub 3.0.4

OŠUCA‚̉ʎŔ

Apple Application Support

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Audacity 2.0.3

AviSynth 2.5

Battlefield 3™

BeamNG-Techdemo-0.3 (remove only)

BeamNG DRIVE 0.3.06

BitTorrent

bl

Brother MFL-Pro Suite DCP-J515W

BurnAware Free 6.4

Burnout Paradise: The Ultimate Box

Camtasia Studio 7

CodeBlocks

Counter-Strike

CPUID CPU-Z 1.66.1

Creative ALchemy

Creative Audio Control Panel

Creative Entertainment Console

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

CrystalDiskInfo 5.6.2 Shizuku Edition

EaseUS Partition Master 9.2.2

Euro Truck Simulator 2 wersja 1.5.2.1s

Extension Changer

Facebook Messenger 2.1.4814.0

FeedDemon

FIFA 14 Demo

foobar2000 v1.2.8

FormatFactory 2.96

Freemake Video Downloader

GetFLV 9.1.2.6

GIF Viewer 3.3

GIMP 2.8.6

Google Chrome

Google Update Helper

GPU Caps Viewer 1.18.1

Grand Theft Auto IV

Guifications Plugin (remove only)

Haali Media Splitter

Handbrake 5596 Nightly

HashTab 5.1.0.23

HeidiSQL 8.0.0.4396

HxD Hex Editor version 1.7.7.0

ˇ¶300Ó˘Đۡ· °ć±ľ 0.2.0

InsERT GT 1.32 HF2

Intel Processor Diagnostic Tool 64Bit

IrfanView (remove only)

Java 7 Update 21

Java Auto Updater

Java 6 Update 21 (64-bit)

JDownloader 0.9

Kaspersky Internet Security 2013

KeePass Password Safe 2.23

KMP Media Toolbar

KVIrc

LAME v3.99.3 (for Windows)

Last.fm Scrobbler 2.1.36

LatencyMon 5.00

LAV Filters 0.58.1

Mal Updater 2.95

Malwarebytes Anti-Malware version 1.75.0.1300

Medal of Honor Single Player

Media Preview

MediaCoder 0.8.22.5506

Metin2

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft Application Error Reporting

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Espanol

Microsoft Office Shared 32-bit MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft Silverlight

Microsoft SQL Server 2005 Backward compatibility

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Browser

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

Microsoft Word MUI (English) 2013

Microsoft XNA Framework Redistributable 4.0

MKV Font Extractor 1.0.0

MKVToolNix 6.2.0

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

MP4 Video Splitter Software

MPC-HC 1.6.8

MSVCRT Redists

NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst

Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski

Need for Speed™ Most Wanted

Neverwinter

Nmap 6.40

Notepad++

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NyuFX

O&O Defrag Professional

OCCT 4.4.0

Open Broadcaster Software

Origin

osu!

Outils de vérification linguistique 2013 de Microsoft Office - Français

ph

Pidgin

PITy 2012 dla Windows kompilacja:1.4.5.12

Portal 2

PremiumSoft Navicat Premium 9.1

PunkBuster Services

Rainmeter

Raptr

Realtek High Definition Audio Driver

Resource Hacker Version 3.6.0

Rigs of Rods 0.38.67

Scribus 1.4.3 (64bit)

Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)

Setup - FIFA 14 Ultimate Edition ...

ShareX 8.2.0.655

Skype™ 6.9

Spotify

SQL Server 2008 R2 SP1 Common Files

SQL Server 2008 R2 SP1 Database Engine Services

SQL Server 2008 R2 SP1 Database Engine Shared

Sql Server Customer Experience Improvement Program

Steam

Sterowniki firmy InsERT 5.08

Sublime Text 2.0.2

TeamSpeak 3 Client

TeamViewer 8

The KMPlayer (remove only)

tools-windows

Tunatic

Unity Web Player

Update for Japanese Microsoft IME Postal Code Dictionary

Update for Japanese Microsoft IME Standard Dictionary

Update for Japanese Microsoft IME Standard Extended Dictionary

Vegas Pro 12.0 (64-bit)

VLC media player 2.1.0

VMware Player

Volume Panel

WapSter AQQ

WhatPulse version 2.1.1

Windows Media Encoder 9 Series

WinHTTrack Website Copier 3.47-20 (x64)

WinMerge 2.14.0

WinPcap 4.1.3

Wireshark 1.10.1 (64-bit)

XAMPP

xy-VSFilter 3.0.0.211

ZOC Terminal 6.4

.

==== Event Viewer Messages From Past Week ========

.

10/23/2013 4:15:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Rogue Killer:

RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Asparte [Admin rights]

Mode : Scan -- Date : 10/27/2013 14:41:41

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:31337 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] Origin : C:\Users\Asparte\AppData\Roaming\Origin\update.vbe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> H:\Documents and Settings\Asparte\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.amoninst.com # hosts anti-adware / pups

127.0.0.1 www.smarterpcsolutions.net # hosts anti-adware / pups

127.0.0.1 www.newhtsoft.com # hosts anti-adware / pups

127.0.0.1 www.simplyinstaller.com # hosts anti-adware / pups

127.0.0.1 www.tsxnrey.com # hosts anti-adware / pups

127.0.0.1 www.dynamicmonetizer.com # hosts anti-adware / pups

127.0.0.1 trf33pro.euroclicaelimite.netdna-cdn.com # hosts anti-adware / pups

127.0.0.1 cdn3.otherdownload.com # hosts anti-adware / pups

127.0.0.1 cdn.goateastcach.us # hosts anti-adware / pups

127.0.0.1 cdn2.otherdownload.com # hosts anti-adware / pups

127.0.0.1 d11ftuwdwpx4fl.cloudfront.net # hosts anti-adware / pups

127.0.0.1 cdn.cdndp.com # hosts anti-adware / pups

127.0.0.1 www.goplayer.cc # hosts anti-adware / pups

127.0.0.1 download.lollipop-network.com # hosts anti-adware / pups

127.0.0.1 downloadinfo.co # hosts anti-adware / pups

127.0.0.1 s.xingcloud.com # hosts anti-adware / pups

127.0.0.1 dl.elex.soft365.com # hosts anti-adware / pups

127.0.0.1 lproot.soft365.com # hosts anti-adware / pups

127.0.0.1 www.twonext.com # hosts anti-adware / pups

127.0.0.1 service.getwebcake.com # hosts anti-adware / pups

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500418AS ATA Device +++++

--- User ---

[MBR] 557834e5c39f13f6e91038dd94a57703

[bSP] 240d2d26cc4237b8f7e9fddec0b00625 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 71579 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 146800640 | Size: 204798 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 566233025 | Size: 200456 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD160JJ ATA Device +++++

--- User ---

[MBR] 91b0f5e790051a4f856fe07006e38b45

[bSP] 50c206d79625bae06f5f5e82fae42921 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 122621 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_10272013_144141.txt >>

In case of IPB messing up logs, here's the link to Pastebin with all these logs:

http://pastebin.com/2S97NUYU

My hosts file contains only entries created by adwcleaner. Should I delete them?

Link to post
Share on other sites

Did you set this proxy in IE:

uProxyServer = socks=127.0.0.1:31337

---------------------------

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[V2][sUSP PATH] Origin : C:\Users\Asparte\AppData\Roaming\Origin\update.vbe [-] -> FOUND

Now click Delete on the right hand column under Options

--------------------------

Please create a new system restore point before continuing.

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg


      • Double click on AdwCleaner.exe to run the tool.
        Vista/Windows 7/8 users right-click and select Run As Administrator
      • Click on the Scan button.
      • AdwCleaner will begin...be patient as the scan may take some time to complete.
      • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
      • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
      • Look over the log especially under Files/Folders for any program you want to save.
      • If there's a program you may want to save, just uncheck it from AdwCleaner.
      • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
      • If you're ready to clean it all up.....click the Clean button.
      • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
      • Copy and paste the contents of that logfile in your next reply.
      • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
      • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
      • To restore an item that has been deleted:
      • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
      • Then..................
        Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
        Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
        Make sure that everything is checked, and click Remove Selected.
        Please let me know how computer is running now.
        ----------------------------
        If there's still problems.....
        Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)
        Please make sure you click download buttons that look like this, not "sponsored ad links":
        bleep-crop.jpg
        • Double-click to run it. When the tool opens click Yes to disclaimer.
        • Press Scan button.
        • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
        • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
        • MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.