Jump to content

Virus causing pop-ups, random resets and other things


Recommended Posts

Hello, I seem to have acquired a virus. It is making my computer randomly restart, making pop-ups appear, and changing my search result to only show drugs-related stuff. Malwarebytes removed some files, they always re-appear once I restart the computer. Following the instructions thread, here are the two log files from dds:

 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.40.2
Run by Mkh at 13:24:00 on 2013-12-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.1975.257 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uRun: [AdobeBridge]
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com




TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7AE9C304-43DE-46B8-9E3D-EBF9A4AAF653} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~2\magnipic\sprote~1.dll, c:\progra~2\nvidia~1\nvstre~1\rxinput.dll c:\progra~3\winspeed\winspeed.dll c:\progra~3\wincle~1\wincle~1.dll
SSODL: WebCheck -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: BitSAverr: {0EBE1312-77A3-60ED-D941-01370B72FAB8} -
x64-BHO: AllChoeAepPrriece: {57AE22F4-0912-AD19-F629-BB9666CF7B99} -
x64-BHO: JJoniCoupaon: {765A1C2A-F601-5A2A-6970-A70ED1E2029D} -
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck -
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mkh\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd0ibe.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Mkh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-12-31 13:14:14 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AAB0859-5365-47F7-8D57-F313DE2ED588}\offreg.dll
2013-12-31 12:45:57 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AAB0859-5365-47F7-8D57-F313DE2ED588}\mpengine.dll
2013-12-31 12:31:43 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-31 10:28:47 -------- d-----w- C:\ProgramData\BitSAverr
2013-12-31 10:28:46 -------- d-----w- C:\ProgramData\nmlfhhhlnkkdlodpdangjedojmjehgag
2013-12-31 10:28:46 -------- d-----w- C:\ProgramData\ggdolmfmpojgcmhkoieijpgegfgenleh
2013-12-31 10:28:46 -------- d-----w- C:\ProgramData\AllChoeAepPrriece
2013-12-31 10:28:37 -------- d-----w- C:\ProgramData\cbc45772f5bd55ce
2013-12-31 10:28:35 -------- d-----w- C:\ProgramData\SaveNNewiAApppz
2013-12-31 10:28:35 -------- d-----w- C:\ProgramData\JJoniCoupaon
2013-12-31 09:52:16 -------- d-----w- C:\Program Files (x86)\FInndBesatDeeal
2013-12-31 09:52:12 -------- d-----w- C:\Program Files (x86)\ExsTrACOuopeoun
2013-12-31 09:52:02 -------- d-----w- C:\Program Files (x86)\AllCheappPPricee
2013-12-31 09:51:07 -------- d-----w- C:\Program Files (x86)\AllSavoEr
2013-12-31 09:31:52 -------- d-----w- C:\Users\Mkh\AppData\Local\Packages
2013-12-29 20:15:01 -------- d-----w- C:\ProgramData\Winclean performap
2013-12-28 20:53:57 -------- d-----w- C:\ProgramData\WinSpeed
2013-12-24 00:42:27 119808 ----a-r- C:\Users\Mkh\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-12-24 00:42:13 -------- d-----w- C:\Users\Mkh\AppData\Local\Apps
2013-12-21 20:07:09 -------- d-----w- C:\Program Files (x86)\Steam
2013-12-11 11:05:25 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 11:05:25 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 11:05:25 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 11:05:25 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 10:16:53 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 00:32:16 -------- d-----w- C:\Program Files (x86)\WinSCP
2013-12-10 15:32:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-10 15:32:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-12-07 08:44:53 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F80A4EB-07EC-4499-9999-DE91ADFC089F}\gapaengine.dll
2013-12-01 21:25:40 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2013-12-01 21:25:40 -------- d-----w- C:\Program Files\MotioninJoy
.
==================== Find3M ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-07 20:49:38 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 20:49:34 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-07 20:49:34 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2009-02-13 10:02:52 80896 ----a-w- C:\Program Files\devcon_amd64.exe
.
============= FINISH: 13:29:43,73 ===============

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/07/2010 18:54:35
System Uptime: 31/12/2013 13:11:21 (0 hours ago)
.
Motherboard: MSI | | IONA
Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 1440/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 81,947 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1,802 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NetGroup Packet Filter Driver
Device ID: ROOT\LEGACY_NPF\0000
Manufacturer:
Name: NetGroup Packet Filter Driver
PNP Device ID: ROOT\LEGACY_NPF\0000
Service: npf
.
==== System Restore Points ===================
.
RP726: 26/12/2013 11:51:55 - Windows Update
RP727: 30/12/2013 10:05:39 - Windows Update
RP730: 31/12/2013 10:41:52 - Windows Update
RP731: 31/12/2013 11:05:51 - Revo Uninstaller's restore point - µTorrent
RP732: 31/12/2013 11:15:19 - Revo Uninstaller's restore point - League of Legends
RP733: 31/12/2013 11:16:23 - Removed League of Legends
RP734: 31/12/2013 11:20:17 - Revo Uninstaller's restore point - Torchlight
RP735: 31/12/2013 11:23:31 - Revo Uninstaller's restore point - Deus Ex
RP736: 31/12/2013 11:29:02 - Revo Uninstaller's restore point - MSI Kombustor 2.5.0
RP737: 31/12/2013 11:31:56 - Revo Uninstaller's restore point - Sword of the Stars
RP738: 31/12/2013 11:34:57 - Revo Uninstaller's restore point - foobar2000 v1.2.9
RP739: 31/12/2013 11:36:55 - Revo Uninstaller's restore point - Neverwinter Nights Diamond Edition
RP740: 31/12/2013 11:42:04 - Revo Uninstaller's restore point - Morrowind
RP741: 31/12/2013 11:42:27 - Removed Morrowind
RP742: 31/12/2013 11:46:17 - Revo Uninstaller's restore point - Project 64 version 2.0.0.14
RP743: 31/12/2013 11:48:10 - Revo Uninstaller's restore point - Mount&Blade With Fire and Sword
RP744: 31/12/2013 11:55:44 - Removed Windows 7 USB/DVD Download Tool
RP745: 31/12/2013 12:41:30 - Windows Update
RP746: 31/12/2013 12:49:22 - Revo Uninstaller's restore point - League of Legends
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Add or Remove Adobe Premiere Pro CS5
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Aggiornamenti NVIDIA 7.2.17
Apple Application Support
Apple Software Update
Armada 2526 Gold
Audacity 1.3.13 (Unicode)
Battle for Wesnoth 1.10.7
Blacklight: Retribution
Blender
CCleaner
CMake 2.8, a cross-platform, open-source build system
CodeBlocks
Composite 2013 64-bit
CPUID CPU-Z 1.67
CPUID HWMonitor 1.23
CyberLink DVD Suite Deluxe
Dark Souls: Prepare to Die Edition
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deus Ex
DEVIL MAY CRY 4
DirectX for Managed Code Update (Summer 2004)
Eamon Deluxe 5.0 Beta 4 (open release)
FEAR
foobar2000 v1.2.9
GOG.com Downloader version 3.6.0
GOG.com Tzar
Google Chrome
Google Update Helper
Hi-Rez Studios Authenticate and Update Service
HiJackThis
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart SmartMenu
HP Odometer
HP Remote Solution
HP Setup
HP Support Information
HP Update
Intel® Rapid Storage Technology
Java 7 Update 40
Java Auto Updater
Java 6 Update 22
Java 6 Update 31
Java SE Development Kit 6 Update 20
Java SE Development Kit 6 Update 21
JavaFX 2.1.1
League of Legends
LEGO Racers
LightScribe System Software
MagniPic
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (Italian)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MinGW 5.1.6
Morrowind
MotioninJoy DS3 driver version 0.6.0005
Mount&Blade With Fire and Sword
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 24.0 (x86 pt-BR)
MSI Kombustor 2.5.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
MUSHclient (remove only)
MyTools
Need for Speed™ Most Wanted
Neverwinter Nights Diamond Edition
Notepad++
NVIDIA Display Control Panel
NVIDIA Driver 3D Vision 326.80
NVIDIA Driver audio HD 1.3.26.4
NVIDIA Driver del controller 3D Vision 326.80
NVIDIA Driver grafico 326.80
NVIDIA GeForce Experience 1.6
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
NVIDIA PhysX System Software 9.13.0725
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.2
OpenAL
OpenTTD 1.0.3
Oracle VM VirtualBox 4.2.18
Pacchetto di compatibilità per Office System 2007
Pannello di controllo NVIDIA 326.80
PDF Settings CS5
Pharaoh
Photoshop Camera Raw
Pixel Bender Toolkit
PlayReady PC Runtime amd64
Power2Go
PowerISO
Premiumplay Codec-C
Project 64 version 2.0.0.14
PunkBuster Services
PxMergeModule
QuickTime
Racket v5.3.6 (x86_64)
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.93
RGSS-RTP Standard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Serious Sam: The First Encounter
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
SES Driver
SHIELD Streaming
Shockwave
Sid Meier's Civilization III Complete
Sierra Utilities
SimCity 4 Deluxe
Spelunky
Sql Server Customer Experience Improvement Program
Standard ML of New Jersey
StarCraft II
StarUML 5.0.2.1570
Steam
Steel Bank Common Lisp 1.1.8 (X86)
Stronghold 2 Deluxe
Strumento di caricamento di Windows Live
Suite Shared Configuration CS4
Sword of the Stars
System Requirements Lab Detection
System Shock 2
TES Construction Set
TmNationsForever
Torchlight
TreeSize Free V2.7
Tzar - The Burden of the Crown
UE3Redist
Unity
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Versione di prova di Microsoft Office Home and Student 2007
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Winclean performap
Windows 7 USB/DVD Download Tool
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
Windows Live ID Sign-in Assistant
Windows Live Sync
WinHTTrack Website Copier 3.47-11
WinPcap 4.1.1
WinRAR 4.10 (32-bit)
WinSCP 5.1.8
WinSpeed
WinZip 14.5
.
==== End Of File ===========================

 

Thank you for the help.

Link to post
Share on other sites

Hello Something0 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: MagniPic

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mkh on 31/12/2013 at 18:49:02,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldates
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-31605803-2520898227-1220656526-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_super-mario-war_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_super-mario-war_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_super-mario-war_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_super-mario-war_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Mkh\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Mkh\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Mkh\appdata\local\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Users\Mkh\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Mkh\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Users\Mkh\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Mkh\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Mkh\appdata\locallow\magnipic"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\magnipic"
Successfully deleted: [Folder] "C:\Program Files (x86)\mytools"
Successfully deleted: [Folder] "C:\Program Files (x86)\premiumplay codec-c"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Mkh\AppData\Roaming\mozilla\firefox\profiles\m5wd0ibe.default\extensions\staged
Successfully deleted the following from C:\Users\Mkh\AppData\Roaming\mozilla\firefox\profiles\m5wd0ibe.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Mkh\AppData\Roaming\mozilla\firefox\profiles\m5wd0ibe.default\minidumps [18 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/12/2013 at 18:54:06,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ADWCleaner.txt:

# AdwCleaner v3.016 - Report created 31/12/2013 at 19:02:46
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mkh - MKH-PC
# Running from : C:\Users\Mkh\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\JJoniCoupaon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Mae\AppData\Roaming\Mozilla\Firefox\Profiles\anqtbiyi.default\adawaretb
Folder Deleted : C:\Users\Mae\AppData\Roaming\Mozilla\Firefox\Profiles\anqtbiyi.default\Extensions\staged
Folder Deleted : C:\Users\Mae\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
File Deleted : C:\Users\Mae\AppData\Roaming\Mozilla\Firefox\Profiles\anqtbiyi.default\searchplugins\Web Search.xml
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKCU\Software\53ed8dfe63ae448
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v24.0 (pt-BR)

[ File : C:\Users\Mkh\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd0ibe.default\prefs.js ]


[ File : C:\Users\Mae\AppData\Roaming\Mozilla\Firefox\Profiles\anqtbiyi.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.crossrider.bic", "1358cf1d2bbc61117f17e616aecea14a");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Mkh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

[ File : C:\Users\Mae\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4779 octets] - [31/12/2013 18:58:35]
AdwCleaner[s0].txt - [4726 octets] - [31/12/2013 19:02:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4786 octets] ##########

 

Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.31.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Mkh :: MKH-PC [administrator]

01/01/2014 09:32:02
mbam-log-2014-01-01 (09-32-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261096
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Malwarebytes said nothing was found, howeverthe PC is still exhibiting all the symptoms that it had before.

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

combofix.txt:

ComboFix 14-01-01.01 - Mkh 03/01/2014 11:00:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3959.2726 [GMT 0:00]
Eseguito da: c:\users\Mkh\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\NoteTecniche.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\program files (x86)\WinRAR\SorgUnRAR.Txt
c:\programdata\100
c:\users\Mkh\AppData\Local\assembly\tmp
c:\users\Mkh\AppData\Roaming\technic-launcher.jar
c:\windows\IsUn0410.exe
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Creati Da 2013-12-03 al 2014-01-03 )))))))))))))))))))))))))))))))))))
.
.
2014-01-03 11:15 . 2014-01-03 11:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-03 11:15 . 2014-01-03 11:15 -------- d-----w- c:\users\Mae\AppData\Local\temp
2014-01-02 18:39 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3193E8D-D7E8-48EA-A1B1-33AA60ADA6D2}\mpengine.dll
2014-01-01 19:46 . 2013-10-08 07:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-01 17:17 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-31 18:58 . 2013-12-31 19:03 -------- d-----w- C:\AdwCleaner
2013-12-31 18:48 . 2013-12-31 18:48 -------- d-----w- c:\windows\ERUNT
2013-12-31 10:28 . 2013-12-31 13:09 -------- d-----w- c:\programdata\BitSAverr
2013-12-31 10:28 . 2013-12-31 13:09 -------- d-----w- c:\programdata\AllChoeAepPrriece
2013-12-31 10:28 . 2013-12-31 10:28 -------- d-----w- c:\programdata\nmlfhhhlnkkdlodpdangjedojmjehgag
2013-12-31 10:28 . 2013-12-31 10:28 -------- d-----w- c:\programdata\ggdolmfmpojgcmhkoieijpgegfgenleh
2013-12-31 10:28 . 2013-12-31 10:28 -------- d-----w- c:\programdata\cbc45772f5bd55ce
2013-12-31 10:28 . 2013-12-31 13:09 -------- d-----w- c:\programdata\SaveNNewiAApppz
2013-12-31 09:52 . 2013-12-31 09:52 -------- d-----w- c:\program files (x86)\FInndBesatDeeal
2013-12-31 09:52 . 2013-12-31 09:52 -------- d-----w- c:\program files (x86)\ExsTrACOuopeoun
2013-12-31 09:52 . 2013-12-31 09:52 -------- d-----w- c:\program files (x86)\AllCheappPPricee
2013-12-31 09:51 . 2013-12-31 09:51 -------- d-----w- c:\program files (x86)\AllSavoEr
2013-12-31 09:31 . 2013-12-31 09:31 -------- d-----w- c:\users\Mkh\AppData\Local\Packages
2013-12-29 20:15 . 2013-12-29 20:15 -------- d-----w- c:\programdata\Winclean performap
2013-12-28 20:53 . 2013-12-28 20:53 -------- d-----w- c:\programdata\WinSpeed
2013-12-24 00:42 . 2013-12-24 00:42 119808 ----a-r- c:\users\Mkh\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-12-24 00:42 . 2013-12-31 20:28 -------- d-----w- c:\users\Mkh\AppData\Local\Apps
2013-12-21 20:07 . 2014-01-03 08:08 -------- d-----w- c:\program files (x86)\Steam
2013-12-11 11:05 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 11:05 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 11:05 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 11:05 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 11:05 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 10:16 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 00:32 . 2013-12-11 00:32 -------- d-----w- c:\program files (x86)\WinSCP
2013-12-10 15:35 . 2013-10-14 18:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-10 15:32 . 2013-12-10 15:32 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 15:32 . 2013-12-10 15:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-07 08:44 . 2013-10-19 15:52 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F80A4EB-07EC-4499-9999-DE91ADFC089F}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 09:30 . 2011-06-22 18:38 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 10:21 . 2012-02-10 16:09 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-19 15:52 . 2012-10-03 02:51 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-14 07:48 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 07:48 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 07:48 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 07:48 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 07:48 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 07:48 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 07:48 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2009-02-13 10:02 . 2009-02-13 10:02 80896 ----a-w- c:\program files\devcon_amd64.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys;c:\windows\SYSNATIVE\drivers\WPRO_40_1340.sys [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 def8540c;Winclean performap;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 f1f78e38;WinSpeed;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 17:27 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:57]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 19:35]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 19:35]
.
2013-12-13 c:\windows\Tasks\HPCeeScheduleForMkh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Scansione supplementare -------
.

uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mkh\AppData\Roaming\Mozilla\Firefox\Profiles\m5wd0ibe.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home

.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{0EBE1312-77A3-60ED-D941-01370B72FAB8} - c:\programdata\BitSAverr\8K8MkLg6.x64.dll
BHO-{57AE22F4-0912-AD19-F629-BB9666CF7B99} - c:\programdata\AllChoeAepPrriece\GVId.x64.dll
BHO-{765A1C2A-F601-5A2A-6970-A70ED1E2029D} - c:\programdata\JJoniCoupaon\g.x64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MyTools - c:\program files (x86)\MyTools\uninstall.exe
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-UnityWebPlayer - c:\users\Mkh\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}"=hex:51,66,7a,6c,4c,1d,38,12,5d,42,b7,
c7,9f,30,22,06,d3,88,3c,5d,a4,28,fe,98
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c7,0c,29,17,77,0e,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Ora fine scansione: 2014-01-03 11:25:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-01-03 11:25
.
Pre-Run: 75.004.141.568 byte disponibili
Post-Run: 74.816.757.760 byte disponibili
.
- - End Of File - - 7C15B5BD0576E0F3F2619C7017C5FEEE

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\programdata\BitSAverr

c:\programdata\AllChoeAepPrriece

c:\programdata\JJoniCoupaon

c:\programdata\nmlfhhhlnkkdlodpdangjedojmjehgag

c:\programdata\ggdolmfmpojgcmhkoieijpgegfgenleh

c:\programdata\cbc45772f5bd55ce

c:\programdata\SaveNNewiAApppz

c:\program files (x86)\FInndBesatDeeal

c:\program files (x86)\ExsTrACOuopeoun

c:\program files (x86)\AllCheappPPricee

c:\program files (x86)\AllSavoEr

c:\programdata\Winclean performap

c:\programdata\WinSpeed

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.