Jump to content

several infections on my pc


ranran001
 Share

Recommended Posts

I have found several infections on my computer, I used the free version of Malware Bytes, as well as the antirootkit tool that malware provides. Two of them Malware Bytes found are Trojan.Bitcoinminer, one is a PUP.Bitcoinminer, 4 of them are PUP.Opencandy, and the last one I found while using the Antirootkit software that Malware Bytes provides for free, called Trojan.Trace

 

How do I make sure Malware Bytes got rid of these infections for good?

Link to post
Share on other sites

Hello ranran001 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by AdHuck at 7:53:37 on 2013-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8157.5560 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\AdHuck\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Litecoin\litecoin-qt.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [2831CB268EA1D9100F3290B87A531E787421CF71._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\7e104d80-a443-4d06-b051-bb3fa4e2fa5f.exe /check
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\AdHuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\AdHuck\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\AdHuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Litecoin.lnk - C:\Program Files (x86)\Litecoin\litecoin-qt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8DE9A245-A363-4229-9538-3B9B8A266F29} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EFMER_TThrottle] <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\AdHuck\AppData\Roaming\Mozilla\Firefox\Profiles\kyavz695.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\AdHuck\AppData\Roaming\Mozilla\Firefox\Profiles\kyavz695.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-16 17:13; {e001c731-5e37-4538-a5cb-8168736a2360}; C:\Users\AdHuck\AppData\Roaming\Mozilla\Firefox\Profiles\kyavz695.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: !HIDDEN! 2012-10-06 16:49; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-3 55856]
R1 cputemperature;cputemperature;C:\Windows\System32\drivers\cputemperature.sys [2012-8-9 29632]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-15 169624]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-28 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [2011-12-8 947328]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-8-3 586880]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe [2012-8-3 1464752]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-10-7 218112]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-3 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-3 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-1 418376]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-11-2 270704]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-8-3 160768]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-1 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-5-22 15176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-3 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-1 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2012-8-3 24648]
S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2012-8-3 141896]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-3-26 192072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-11-1 113936]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\Digital Theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-19 12:48:14    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2013-12-19 12:40:17    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{522B2AE9-24D2-4D96-995A-F0ED0AF6F281}\mpengine.dll
2013-12-19 00:42:22    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-19 00:37:19    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-18 04:07:25    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1869DFB8-5C21-4D15-8949-732934B9F030}\gapaengine.dll
2013-12-18 04:07:22    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-18 04:04:20    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-12-18 04:04:18    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-12-17 00:35:14    --------    d-----w-    C:\Users\AdHuck\AppData\Local\Western Digital
2013-12-17 00:35:13    --------    d-----w-    C:\Users\AdHuck\AppData\Local\Western_Digital_Technolog
2013-12-17 00:33:52    --------    d-----w-    C:\Program Files\Common Files\Western Digital
2013-12-17 00:31:09    --------    d-----w-    C:\ProgramData\Package Cache
2013-12-16 23:29:20    --------    d-----w-    C:\Users\AdHuck\AppData\Local\Western_Digital
2013-12-16 23:19:22    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04F345FB-69B5-4925-A5AA-846A3531EBE6}\offreg.dll
2013-12-16 23:18:39    --------    d-----w-    C:\ProgramData\Western Digital
2013-12-16 23:18:39    --------    d-----w-    C:\Program Files\Western Digital
2013-12-16 23:10:23    --------    d-----w-    C:\Program Files (x86)\Western Digital
2013-12-16 23:10:23    --------    d-----w-    C:\Program Files (x86)\Common Files\Western Digital
2013-12-16 22:13:24    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\QuickScan
2013-12-16 21:23:33    --------    d-----w-    C:\ProgramData\SMR410
2013-12-16 20:49:41    --------    d-----w-    C:\Users\AdHuck\AppData\Local\NPE
2013-12-16 10:48:10    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\PPCoin
2013-12-16 10:48:01    --------    d-----w-    C:\Program Files (x86)\PPCoin
2013-12-14 22:44:34    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\MultiMiner
2013-12-14 20:12:05    2557800    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-12-14 13:39:35    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\Litecoin
2013-12-14 13:39:27    --------    d-----w-    C:\Program Files (x86)\Litecoin
2013-12-14 13:31:26    --------    d-----w-    C:\Users\AdHuck\AppData\Local\gtk-2.0
2013-12-14 13:28:38    --------    d-----w-    C:\Users\AdHuck\AppData\Local\GNU
2013-12-14 13:28:36    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\.kde
2013-12-14 13:28:03    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\gnupg
2013-12-14 13:28:02    --------    d-----w-    C:\ProgramData\GNU
2013-12-14 13:27:58    --------    d-----w-    C:\Program Files (x86)\GNU
2013-12-14 13:06:03    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\wxChecksums
2013-12-14 13:05:41    --------    d-----w-    C:\Program Files (x86)\wxChecksums
2013-12-13 13:01:23    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04F345FB-69B5-4925-A5AA-846A3531EBE6}\mpengine.dll
2013-12-11 20:23:50    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-11 20:23:47    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-11 20:23:47    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-12-11 17:17:56    --------    d-----w-    C:\Program Files (x86)\KeePass Password Safe
2013-12-11 17:16:00    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-11 17:16:00    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 17:15:54    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 17:15:54    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 17:15:42    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 17:15:31    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 17:14:40    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 17:14:40    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 17:14:40    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-11 17:14:40    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-11 17:14:39    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 17:14:39    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 17:14:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 17:14:39    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 17:07:16    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 17:07:16    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 17:07:16    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-11 17:07:16    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 16:19:06    --------    d-----w-    C:\Users\AdHuck\AppData\Roaming\BitTorrent
2013-12-11 10:36:18    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 10:36:18    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
.
==================== Find3M  ====================
.
2013-12-11 18:53:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:53:17    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-01 20:13:34    252688    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2013-11-01 20:10:16    154896    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-11-01 20:10:16    140560    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-11-01 20:10:16    126736    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-11-01 20:10:16    113936    ----a-w-    C:\Windows\System32\drivers\VBoxUSB.sys
2013-11-01 20:07:00    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 11:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-27 14:53:06    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 14:53:06    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH:  7:54:33.22 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2012 8:45:17 PM
System Uptime: 12/19/2013 7:49:26 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8Z68-V LX
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 2992/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 439 GiB total, 133.739 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 426.378 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 492 GiB total, 66.669 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 12/17/2013 8:28:45 PM - Windows Update
RP3: 12/17/2013 10:39:28 PM - Installed Realtek Ethernet Diagnostic Utility
RP4: 12/17/2013 10:41:08 PM - Installed Realtek Ethernet Controller Driver
RP5: 12/17/2013 10:46:10 PM - Windows Update
RP7: 12/18/2013 3:15:47 AM - avast! antivirus system restore point
RP8: 12/18/2013 6:04:46 AM - Windows Update
RP9: 12/18/2013 10:47:08 AM - Device Driver Package Install: NVIDIA Display adapters
RP10: 12/18/2013 10:48:03 AM - avast! antivirus system restore point
RP11: 12/18/2013 10:49:59 AM - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
RP12: 12/18/2013 10:50:25 AM - Windows Update
RP13: 12/18/2013 12:19:11 PM - Windows Update
RP14: 12/18/2013 12:29:39 PM - Installed Asmedia ASM104x USB 3.0 Host Controller Driver.
RP15: 12/18/2013 12:30:52 PM - Windows Update
RP284: 12/18/2013 1:10:52 PM - Windows Backup
RP285: 12/18/2013 3:22:19 PM - Windows Backup
RP286: 12/18/2013 8:02:36 PM - Malwarebytes Anti-Rootkit Restore Point
RP287: 12/19/2013 7:40:01 AM - Windows Update
RP288: 12/19/2013 7:48:08 AM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 10
Adobe Reader X (10.1.8)
AI Suite II
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Extreme
Asmedia ASM104x USB 3.0 Host Controller Driver
Bonjour
Braid
BufferChm
C4200
c4200_Help
calibre
CCleaner
Company of Heroes (New Steam Version)
Content Manager
Copy
Darkspore™
Data Lifeguard Diagnostic for Windows 1.24
DC Universe Online
DC Universe Online Live
Defraggler
Destinations
DeviceDiscovery
DocProc
Dropbox
Elements 10 Organizer
EVGA Precision X 4.2.0
GIMP 2.8.2
Google Chrome
Google Update Helper
GPBaseService2
Gpg4win (2.2.1)
GPL Ghostscript
GSview 5.0
H&R Block Basic + Efile + State 2012
H&R Block Ohio 2012
Hauppauge HDPVR Scheduler
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
HD Tune 2.55
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Intel® Watchdog Timer Driver (Intel® WDT)
iTunes
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
KeePass Password Safe 2.24
LibreOffice 3.4
Litecoin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Maxima 5.30.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MiKTeX 2.9
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
Mp3tag v2.47b
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
NETGEAR Genie
NVIDIA Control Panel 306.94
NVIDIA CUDA Toolkit v5.0 (64 bit)
NVIDIA Graphics Driver 306.94
NVIDIA Install Application
OCR Software by I.R.I.S. 13.0
OpenAL
Oracle VM VirtualBox 4.3.2
Osmos
PlanetSide 2
Portal
Portal 2
Portal 2 Publishing Tool
PPCoin
PRE10STI64Installer
PS_AIO_Software_min
PunkBuster Services
Python 2.7.3
QuickTime
R for Windows 3.0.1
Random Password Generator
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
RivaTuner Statistics Server 5.1.2
RStudio
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Scan
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shop for HP Supplies
Sigil 0.6.2
Skype™ 6.11
SmartSound Common Data
SmartSound Premiere Elements 10 x64 Plugin
SmartSound Sonicfire Pro 5
SmartWebPrinting
SolutionCenter
Status
Steam
SyncBack
TexMakerX 2.1
Tom Clancy's Splinter Cell: Chaos Theory
Toolbox
TrayApp
TrueCrypt
TThrottle (32/64 Bit): Temperature Throttle by eFMer V 5.1.0
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
VLC media player 2.0.8
VUDU To Go
WD Drive Utilities
WD Quick View
WD Security
WD SmartWare
WD SmartWare Installer
WebReg
Winamp
Winamp Detector Plug-in
Wolfenstein
World Community Grid
World of Warcraft
wxChecksums 1.2.0
.
==== Event Viewer Messages From Past Week ========
.
12/19/2013 7:50:35 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect.
12/19/2013 7:50:35 AM, Error: Service Control Manager [7000]  - The WD Backup service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/19/2013 7:49:39 AM, Error: volmgr [45]  - The system could not sucessfully load the crash dump driver.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by AdHuck on Thu 12/19/2013 at 13:37:42.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\AdHuck\AppData\Roaming\mozilla\firefox\profiles\kyavz695.default\minidumps [164 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2013 at 13:41:29.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.015 - Report created 19/12/2013 at 13:47:18
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : AdHuck - ADHUCK-PC
# Running from : C:\Users\AdHuck\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\AdHuck\AppData\Roaming\Mozilla\Firefox\Profiles\kyavz695.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\AdHuck\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1692 octets] - [19/12/2013 13:46:23]
AdwCleaner[s0].txt - [1581 octets] - [19/12/2013 13:47:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1641 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
AdHuck :: ADHUCK-PC [administrator]

12/19/2013 2:02:38 PM
mbam-log-2013-12-19 (14-02-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211557
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Users\AdHuck\Documents\cgminer\cgminer.exe    a variant of Win32/BitCoinMiner.AF application    cleaned by deleting - quarantined
C:\Users\AdHuck\Downloads\ccsetup328.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Users\AdHuck\Downloads\ccsetup402.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
F:\cnet2_Yamb-2_0_0_8_zip.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined

C:\Users\AdHuck\Downloads\cgminer-3.8.5-windows.7z    a variant of Win32/BitCoinMiner.AF application    deleted - quarantined
C:\Users\AdHuck\Downloads\cudaminer-2013-12-10.zip    a variant of Win32/BitCoinMiner.W application    deleted - quarantined
 

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.