kisamokichi Posted March 12, 2014 ID:802085 Share Posted March 12, 2014 I was removing the threats on Malwarebytes when it froze and stopped responding. I waited about 10 minutes for it to respond with no luck. I have attached the DDS and Attach files from the dds scanner. Malwarebytes had updated before I scanned. PC info:Dell Studio 1737 running Windows Vista Home Premium 64 bit, Service Pack 1 Build 6001Intel® Core 2 Duo CPU T6500 @ 2.10GHz, 2100 MhzRAM 4gbHarddrive 300gb If any other info is needed, please ask. attach.txtdds.txt Link to post Share on other sites More sharing options...
Maniac Posted March 12, 2014 ID:802449 Share Posted March 12, 2014 Hello kisamokichi and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.P2P/Piracy Warning: If you're using Peer 2 Peer software such as qBittorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. When you are done, please generate a new fresh DDS log files. Link to post Share on other sites More sharing options...
kisamokichi Posted March 13, 2014 Author ID:802517 Share Posted March 13, 2014 Here is the new DDS and ATTACH files. attach.txtdds.txt Link to post Share on other sites More sharing options...
kisamokichi Posted March 13, 2014 Author ID:802518 Share Posted March 13, 2014 Im sorry. I did not fully comprehend what you said. Here is the copy-pasted DDS----- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.45.2Run by Joe at 20:19:35 on 2014-03-12AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\WLTRYSVC.EXEC:\Windows\System32\bcmwltry.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\SoftDenchi\UCManSvc.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\System32\WLTRAY.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\taskeng.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exeC:\Windows\system32\taskeng.exeC:\Windows\splwow64.exeC:\Windows\SysWOW64\conime.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\lxeacoms.exeC:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exeuRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exemRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [NPSStartup] <no file>mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{A3B39953-A4AB-4AD2-95A0-7ED431FCA881} : DHCPNameServer = 209.18.47.61 209.18.47.62Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Torntv V9.0: {11111111-1111-1111-1111-110511131190} - x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"x64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\i1uf8m4p.default\FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Users\Joe\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Users\Joe\AppData\Local\Roblox\Versions\version-7cb30356092f43ac\NPRobloxProxy.dllFF - plugin: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npo1d.dll.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-12-9 28600]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [2013-12-30 89600]R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-12-9 440400]R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-12-9 440400]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-12-9 108440]R2 hmip;hmip;C:\Windows\System32\drivers\hmip64.sys [2014-2-11 30056]R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]R2 UCManSvc;UCManSvc;C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [2010-3-12 241808]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-12-7 172032]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2013-12-7 126464]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-27 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-27 701512]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2013-12-8 93184]S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2014-3-6 20232]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-27 25928]S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\System32\drivers\sscebus.sys [2014-1-26 127488]S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\System32\drivers\sscemdfl.sys [2014-1-26 18944]S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\System32\drivers\sscemdm.sys [2014-1-26 161280]S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2014-1-26 16448]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-12-9 1017424].=============== Created Last 30 ================..==================== Find3M ====================.2013-12-27 20:44:39 522224 ----a-w- C:\Windows\DIFxAPI.dll2013-12-26 19:00:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-12-26 19:00:39 264616 ----a-w- C:\Windows\SysWow64\javaws.exe2013-12-26 19:00:39 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2013-12-26 19:00:38 174504 ----a-w- C:\Windows\SysWow64\java.exe2013-12-18 11:14:58 131576 ----a-w- C:\Windows\System32\drivers\avipbb.sys2013-12-18 11:14:58 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys.============= FINISH: 20:20:18.20 =============== Link to post Share on other sites More sharing options...
Maniac Posted March 13, 2014 ID:802823 Share Posted March 13, 2014 Step 1 Please temporarily disable Avira: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/?p=649843 Step 2 Please run a Quick Scan with Malwarebytes and post the log: Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Link to post Share on other sites More sharing options...
kisamokichi Posted March 14, 2014 Author ID:802901 Share Posted March 14, 2014 I have done as you said. Here is the log. The big problem I have is that even though I updated, Malwarebytes is still freezing and not responding even after waiting 10 minutes. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.11.10 Windows Vista Service Pack 1 x64 NTFSInternet Explorer 7.0.6001.18000Joe :: JOE-PC [administrator] 3/13/2014 9:47:20 PMMBAM-log-2014-03-13 (21-55-43).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 211555Time elapsed: 4 minute(s), 9 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 5C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn (PUP.Optional.CrossRider.A) -> No action taken.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0 (PUP.Optional.CrossRider.A) -> No action taken.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js (PUP.Optional.CrossRider.A) -> No action taken.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib (PUP.Optional.CrossRider.A) -> No action taken.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> No action taken. Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kisamokichi Posted March 14, 2014 Author ID:802902 Share Posted March 14, 2014 This is the second log I got after I checked PUP settings. The first one was without PUP settings and before I tried updating. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.11.10 Windows Vista Service Pack 1 x64 NTFSInternet Explorer 7.0.6001.18000Joe :: JOE-PC [administrator] 3/13/2014 9:57:21 PMmbam-log-2014-03-13 (21-57-21).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 211519Time elapsed: 3 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 5C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maniac Posted March 16, 2014 ID:803634 Share Posted March 16, 2014 Your database version is old. Please update it and try again. Link to post Share on other sites More sharing options...
kisamokichi Posted March 17, 2014 Author ID:804025 Share Posted March 17, 2014 I updated the database and did another scan. No malicious items detected. Weird... Thanks for your help anyways. c: Link to post Share on other sites More sharing options...
Maniac Posted March 17, 2014 ID:804366 Share Posted March 17, 2014 Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 21, 2014 Root Admin ID:805772 Share Posted March 21, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts