Jump to content

Recommended Posts

I woke up to an infected computer this morning. I had the Awardhotspot addons in chrome. I removed them and installed malwarebytes. That is when I started getting pop-up saying that access to 162.210.192.21 was being blocked. I noticed the the first step in a lot of these situations is to run Rogue Killer, so I tried that but it hangs on various parts of the scan. Is this normal?


Thanks in advance.


 


DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2

Run by Zephram at 0:34:33 on 2014-01-17

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16301.12761 [GMT 9:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\McAfee\MSC\McAPExe.exe

C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

F:\Utilities\VPN\hamachi-2.exe

F:\Utilities\VPN\LMIGuardianSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

F:\Music\Winamp\winampa.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

F:\Utilities\Malwarebytes' Anti-Malware\mbam.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\Rundll32.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - 

mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - 

mWinlogon: Userinit = userinit.exe,

BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - 

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - 

TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - 

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

uRun: [steam] "C:\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Zephram\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Zephram\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [WinampAgent] F:\Music\Winamp\winampa.exe

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

StartupFolder: C:\Users\Zephram\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com



TCP: NameServer = 164.124.101.2 203.248.252.2 192.168.1.1

TCP: Interfaces\{036CDE6C-C3B5-407F-B301-E4C04E7AC1FA} : DHCPNameServer = 164.124.101.2 203.248.252.2 192.168.1.1

TCP: Interfaces\{A8D5D7EB-7CDD-4380-8C97-8C4C61EEC0B9} : DHCPNameServer = 211.219.86.1 211.246.100.20

TCP: Interfaces\{B5F2E037-E059-49B2-9C71-C8EEF469EA7D} : DHCPNameServer = 211.219.86.1 211.246.100.20

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\windows\syswow64\nvinit.dll  c:\progra~2\gssupp~1\assist~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe

x64-BHO: greatsAverr: {744EF510-641F-8167-34F3-D4DE2FA988CA} - C:\Program Files (x86)\greatsAverr\gsqN6HJOL.x64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s


x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Zephram\AppData\Roaming\Mozilla\Firefox\Profiles\h88vqbsn.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll

FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Users\Zephram\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\Zephram\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Zephram\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Zephram\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Zephram\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\npKeyPro.dll

FF - plugin: C:\Windows\System32\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - plugin: F:\Music\Mozilla Plugins\npitunes.dll

FF - plugin: F:\Video\VLC\npvlc.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-10-15 21104]

R2 e9f32388;GS Supporter;C:\Windows\System32\rundll32.exe [2009-7-14 45568]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;F:\Utilities\VPN\hamachi-2.exe -s --> F:\Utilities\VPN\hamachi-2.exe -s [?]

R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-16 328928]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-16 328928]

R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-1-16 178048]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-16 328928]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-16 328928]

R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-16 328928]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-1-16 328928]

R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-11-4 311120]

R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-1-16 1025232]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-1-16 219272]

R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 782360]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-1-16 182752]

R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-11-4 343696]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1370912]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 15128352]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-15 2655768]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-28 245760]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-11-4 70112]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-15 317440]

R3 JRSUKD25;JRSUKD25;C:\Windows\System32\JRSUKD25.SYS [2013-5-21 19888]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-11-4 519576]

R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]

R3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2013-5-21 112888]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-10 39200]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-15 413800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;F:\Utilities\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-16 418376]

S2 MBAMService;MBAMService;F:\Utilities\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-16 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\bitraider\BRSptSvc.exe [2013-4-21 935192]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-1-16 197704]

S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2013-5-21 141848]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-16 25928]

S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-11-26 96112]

S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2013-5-21 98104]

S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2013-5-21 167672]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-11-23 121416]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-27 22528]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-15 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S3 WRfiltv;WRfiltv;C:\Windows\System32\drivers\WRfiltv.sys [2009-7-31 25600]

.

=============== Created Last 30 ================

.

2014-01-16 11:59:11 -------- d-----w- C:\Users\Zephram\AppData\Roaming\Malwarebytes

2014-01-16 11:59:01 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-16 11:58:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-16 09:48:51 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys

2014-01-16 09:48:39 -------- d-----w- C:\Program Files (x86)\McAfee.com

2014-01-16 09:48:35 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2014-01-16 09:48:19 -------- d-----w- C:\Program Files\McAfee.com

2014-01-16 09:48:19 -------- d-----w- C:\Program Files\McAfee

2014-01-16 09:48:17 -------- d-----w- C:\Program Files (x86)\McAfee

2014-01-16 09:39:01 -------- d-----w- C:\Quarantine

2014-01-16 09:38:54 -------- d-----w- C:\Program Files\stinger

2014-01-16 09:38:37 182752 ----a-w- C:\Windows\System32\mfevtps.exe

2014-01-16 09:38:36 -------- d-----w- C:\Program Files\Common Files\McAfee

2014-01-14 20:14:13 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA6523C3-909F-43CA-9F6E-BBB33081DC17}\mpengine.dll

2014-01-14 20:13:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2014-01-14 20:13:42 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2014-01-14 20:13:42 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2014-01-14 20:13:42 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

2014-01-14 20:13:42 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2014-01-14 20:13:42 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2014-01-14 20:13:42 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-01-14 20:13:42 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2014-01-14 20:13:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2014-01-11 00:55:22 -------- d-----w- C:\Program Files (x86)\Coupons

2014-01-09 08:03:20 -------- d-----w- C:\Users\Zephram\AppData\Local\Packages

2014-01-09 08:03:20 -------- d-----w- C:\ProgramData\greatsAverr

2014-01-09 08:03:19 -------- d-----w- C:\Program Files (x86)\greatsAverr

2014-01-09 07:59:42 -------- d-----w- C:\ProgramData\SoftWarehouse

2014-01-09 07:59:33 -------- d-----w- C:\Program Files (x86)\GS Supporter

2014-01-09 07:59:22 -------- d-----w- C:\Users\Zephram\AppData\Local\Torch

2014-01-09 07:59:22 -------- d-----w- C:\Users\Zephram\AppData\Local\Comodo

2014-01-09 07:59:22 -------- d-----w- C:\ProgramData\dbdb85394bc503fd

2014-01-09 07:58:43 -------- d-----w- C:\ProgramData\InstallMate

2014-01-04 08:21:12 -------- d-----w- C:\Windows\pss

.

==================== Find3M  ====================

.

2013-12-18 12:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-11 08:21:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 08:21:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-11 02:39:03 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-12-11 02:39:03 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-12-11 02:36:37 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-12-10 11:25:54 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-12-09 23:04:53 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2013-11-29 16:56:58 1096480 ----a-w- C:\Windows\System32\nvspcap64.dll

2013-11-29 16:56:57 979744 ----a-w- C:\Windows\SysWow64\nvspcap.dll

2013-11-26 13:07:44 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys

2013-11-26 13:07:22 96112 ----a-w- C:\Windows\System32\drivers\mfencrk.sys

2013-11-26 13:07:02 411944 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys

2013-11-26 03:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll

2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll

2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-11-10 23:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-11-04 07:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2013-11-04 07:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2013-11-04 07:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2013-11-04 07:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2013-11-04 07:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2013-11-04 07:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2013-10-30 17:03:12 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys

2013-10-30 17:02:58 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll

2013-10-30 17:02:56 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll

2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-10-27 00:12:42 31520 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-10-27 00:12:42 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-10-27 00:12:42 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll

2013-10-27 00:12:42 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll

2013-10-27 00:12:42 1510176 ----a-w- C:\Windows\System32\nvhdagenco64.dll

2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll

2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

.

============= FINISH:  0:34:46.80 ===============

 

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 10/15/2012 8:31:25 AM

System Uptime: 1/16/2014 10:46:28 PM (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. |  | Z68MA-D2H-B3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 18.645 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

F: is FIXED (NTFS) - 931 GiB total, 200.993 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: McAfee Inc. mfeapfk

Device ID: ROOT\LEGACY_MFEAPFK\0000

Manufacturer: 

Name: McAfee Inc. mfeapfk

PNP Device ID: ROOT\LEGACY_MFEAPFK\0000

Service: mfeapfk

.

==== System Restore Points ===================

.

RP232: 1/4/2014 9:31:00 AM - Windows Update

RP233: 1/4/2014 5:10:03 PM - Windows Update

RP234: 1/8/2014 6:58:26 AM - Windows Update

RP235: 1/15/2014 5:13:39 AM - Windows Update

RP236: 1/16/2014 3:05:48 AM - Windows Update

RP237: 1/16/2014 10:55:54 PM - Installed Java 7 Update 51

RP238: 1/17/2014 12:33:11 AM - Revo Uninstaller's restore point - uTorrentControl_v2 Toolbar

.

==== Installed Programs ======================

.

AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.06)

AhnLab Online Security

Another Matrix Screen Saver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Arcanum Of Steamworks and Magick Obscura

ARMA 2

Arma 2: DayZ Mod

ARMA 2: Operation Arrowhead

Assassins Creed IV Black Flag

Atom Zombie Smasher 

AVS Update Manager 1.0

AVS Video Converter 7

AVS4YOU Software Navigator 1.4

Baldur's Gate Enhanced Edition

Bastion

Batman™: Arkham Origins

Battle.net

Beneath a Steel Sky

BioShock Infinite

BitRaider Web Client

Bonjour

Borderlands

Borderlands 2

Call of Juarez Gunslinger

Chivalry: Medieval Warfare

Cisco Connect

Counter-Strike

Counter-Strike: Source

Coupon Printer for Windows

Cthulhu Saves the World 

Cube World version 0.0.1

Curse Client

Dead Island

DEFCON

Diablo III

Don't Starve

DoomRL version 0.9.9.7

Dungeon Defenders

Dungeons & Dragons: Chronicles of Mystara

Dungeons of Dredmor

Eador. Masters of the Broken World

Endless Space

Etron USB3.0 Host Controller

Fallout: New Vegas

Far Cry® 3

Far Cry® 3 Blood Dragon

Flotilla

Full Combat Rebalance 2 version 1.0

Game Dev Tycoon version 1.3.2

gamelauncher-ps2-live

GeForce Experience NvStream Client Components

GOG.com Downloader version 3.5.8

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

Gratuitous Space Battles

GS Supporter 1.80

GS.Enabler

Guild Wars 2

Half-Life

Hammerwatch

Hearthstone

Heroes of Might and Magic V

Heroes of Might and Magic V: Hammers of Fate

Heroes of Might and Magic V: Tribes of the East

HL-2270DW

Hotline Miami

I Am Alive

I Have No Mouth, and I Must Scream

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

iTunes

Java 7 Update 51

Java 7 Update 7 (64-bit)

Java Auto Updater

Kerbal Space Program

League of Legends

Legend of Grimrock

LogMeIn Hamachi

Machinarium

Magic Online

Malwarebytes Anti-Malware version 1.75.0.1300

Mark of the Ninja

Marvel Heroes

Mass Effect

McAfee AntiVirus Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Corporation

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft LifeCam

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Framework Redistributable 4.0 Refresh

Mirror's Edge

MotioninJoy Gamepad tool 0.7.1001

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

Mumble 1.2.3

Natural Selection 2

NVIDIA 3D Vision Controller Driver 331.82

NVIDIA 3D Vision Driver 331.82

NVIDIA Control Panel 331.82

NVIDIA GeForce Experience 1.8

NVIDIA Graphics Driver 331.82

NVIDIA HD Audio Driver 1.3.26.4

NVIDIA Install Application

NVIDIA LED Visualizer 1.0

NVIDIA Network Service

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.0725

NVIDIA ShadowPlay 10.10.5

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 10.10.5

NVIDIA Update Core

NVIDIA Virtual Audio 1.2.12

ON_OFF Charge B11.0110.1

OpenAL

OpenOffice.org 3.4.1

Orcs Must Die!

Organ Trail: Director's Cut

Origin

Outlast

Papers, Please

Path of Exile

PFConfig 1.0.296

PlanetSide 2

Play withSIX

Pokémon Trading Card Game Online

Portal 2

Prison Architect

PS3 Media Server

PunkBuster Services

PyMapper 8.4.2

Quest for Glory Pack

Rainmeter

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Retro City Rampage™

Revo Uninstaller 1.95

Rogue Legacy

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Shadowrun Returns

SHIELD Streaming

Sid Meier's Civilization V

Skype™ 6.3

Sleeping Dogs™

SpaceChem

SpeedFan (remove only)

StarCitizen

StarForge Alpha

Steam

Strike Suit Infinity

Super Monday Night Combat

Surgeon Simulator 2013

Team Fortress 2

Terraria

The Binding of Isaac

The Elder Scrolls V: Skyrim

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Katy Perry's Sweet Treats

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 Pets

The Sims™ 3 Seasons

The Sims™ 3 Showtime

The Sims™ 3 Supernatural

The Sims™ 3 World Adventures

The Witcher 2 - Assassins of Kings Enhanced Edition

Ticket to Ride

TouchEn Key with E2E for 32bit

Transformers: Fall of Cybertron

Tropico 4

Ultima Online Classic Client

Ultima Online Forever

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3)

Uplay

VLC media player 2.0.8

Warhammer 40,000: Dawn of War - Game of the Year Edition

Warhammer® 40,000™: Dawn of War® II

Wasteland 1 - The Original Classic

Winamp

Winamp Detector Plug-in

WinRAR 4.20 (64-bit)

WinSCP 5.1.3

World of Warcraft

X3: Terran Conflict

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

1/16/2014 6:48:22 PM, Error: Service Control Manager [7003]  - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.

1/16/2014 5:13:22 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.

1/16/2014 10:46:41 PM, Error: Service Control Manager [7000]  - The McAfee Inc. mfeapfk service failed to start due to the following error:  The specified service does not exist.

1/15/2014 8:43:06 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

1/15/2014 8:43:06 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

1/12/2014 6:31:24 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR3.

.

==== End Of File ===========================

 


 


Link to post
Share on other sites

Hello PyroDwarf! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Coupon Printer for Windows .

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Thank you!

 

------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Zephram on Fri 01/17/2014 at  1:27:07.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1038941090-660640611-790380482-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    BackgroundContainer    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Zephram\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Zephram\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Zephram\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Zephram\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Zephram\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Zephram\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Zephram\appdata\locallow\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Zephram\AppData\Roaming\mozilla\firefox\profiles\h88vqbsn.default\extensions\staged
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/17/2014 at  1:33:22.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.017 - Report created 17/01/2014 at 01:45:11
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Zephram - PYRODWARF
# Running from : F:\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SoftWarehouse
Folder Deleted : C:\ProgramData\greatsAverr
Folder Deleted : C:\Program Files (x86)\greatsAverr
Folder Deleted : C:\Users\Zephram\AppData\Local\genienext
Folder Deleted : C:\Users\Zephram\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Zephram\Documents\Mobogenie
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4FB8563-ABF4-4578-8E6B-F15D21BB9BAA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD61A4F-ED84-4A1F-AB27-E75777C62A75}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\uTorrentControl_v2
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Zephram\AppData\Roaming\Mozilla\Firefox\Profiles\h88vqbsn.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Zephram\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3775 octets] - [17/01/2014 01:44:43]
AdwCleaner[s0].txt - [3191 octets] - [17/01/2014 01:45:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3251 octets] ##########
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.16.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Zephram :: PYRODWARF [administrator]
 
Protection: Disabled
 
1/17/2014 1:39:07 AM
mbam-log-2014-01-17 (01-39-07).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228238
Time elapsed: 1 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Zephram\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 6
C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\hk64tbuTo2.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\hktbuTo2.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\ldrtbuTo2.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\prxtbuTo2.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\tbuTo2.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\uTorrentControl_v2ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\prxtbuTor.dll Win32/Toolbar.Conduit.O application cleaned by deleting - quarantined

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\tbuTo0.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$R8LNGCM\tbuTor.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$RMFPEGR\nengine.dll Win32/NextLive.A application cleaned by deleting - quarantined

C:\$Recycle.Bin\S-1-5-21-1038941090-660640611-790380482-1000\$RNSI863\OldVersion\Mobogenie\nengine.dll Win32/NextLive.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\greatsAverr\gsqN6HJOL.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Users\Zephram\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A application cleaned by deleting - quarantined

C:\Program Files (x86)\GS Supporter\Assistant.dll a variant of Win32/SProtector.D application cleaned by deleting (after the next restart) - quarantined

C:\Program Files (x86)\GS Supporter\AssistantSvc.dll a variant of Win32/SProtector.D application cleaned by deleting (after the next restart) - quarantined

C:\Users\Zephram\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2V1EFQ7F\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A application deleted - quarantined

C:\Users\Zephram\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined

F:\Downloads\cbsidlm-cbsi145-Revo_Uninstaller-ORG-10687648.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined

F:\Downloads\PFConfig 1.0.296+working serial\PFCSetup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

F:\Video\Black Swan {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
Link to post
Share on other sites

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please let me know how are things now.
Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.