Jump to content

Recommended Posts

Listen, I've been on facebook and some friend texted me some picture and "lol" i download it it was in .JAR file i opend it and it said Bit coin coin minner i know that virus it is going on system files or something like that,and now i dont know how to remove it can you please tell me how ?

Link to post
Share on other sites

Hello Milivoje and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.51.2
Run by Milivoje at 6:43:11 on 2014-03-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2168 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Users\Milivoje\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
C:\Users\Milivoje\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Milivoje\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera_crashreporter.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MKLOL] "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [LightShot] C:\Users\Milivoje\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
uRun: [uTorrent] "C:\Users\Milivoje\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Akamai NetSession Interface] "C:\Users\Milivoje\AppData\Local\Akamai\netsession_win.exe"
uRun: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1DB3B20E-5E20-423D-A54C-9EA771219B55} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\System32\csrss\csrss.exe
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-2-22 283064]
R1 VD_FileDisk;VD_FileDisk;C:\Windows\System32\drivers\vd_filedisk.sys [2011-1-26 30312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-29 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-12 701512]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-2-22 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-12 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Milivoje\Desktop\Everest Ultimate Edition v.4.60.1529 beta\kerneld.amd64 [2014-3-3 21632]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-2-23 98560]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
.
=============== File Associations ===============
.
FileExt: .scr: XnView.File.scr="C:\Program Files (x86)\TC UP\PLUGINS\Media\XnView\xnview.exe"  "%1" [userChoice]
FileExt: .txt: Notepad++.File.txt="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]
FileExt: .ini: Notepad++.File.ini="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]
FileExt: .inf: Notepad++.File.inf="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]
FileExt: .vbs: Notepad++.File.vbs="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]
FileExt: .js: HateML.File.js="C:\Program Files (x86)\TC UP\PLUGINS\Media\HateML\HateML.exe"  "%1" [userChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-12 19:02:13 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-12 19:02:07 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8518058E-6E9F-4539-ADD4-4B668906D7DC}\mpengine.dll
2014-03-12 18:38:50 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\Malwarebytes
2014-03-12 18:38:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-12 18:38:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-12 18:38:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:28:48 -------- d---a-w- C:\Temp
2014-03-10 21:04:18 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\.minecraft
2014-03-10 19:35:32 -------- d-----w- C:\Windows\System32\appmgmt
2014-03-10 06:25:06 -------- d-----w- C:\Users\Milivoje\AppData\Local\Comodo
2014-03-10 06:25:03 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-03-10 06:25:03 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-03-10 06:24:54 -------- d-----w- C:\Program Files (x86)\Comodo
2014-03-10 06:24:23 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-03-10 06:24:23 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2014-03-08 11:09:14 -------- d-----w- C:\Radio
2014-03-08 10:48:03 -------- d-----w- C:\ProgramData\YTD Video Downloader
2014-03-08 10:47:57 -------- d-----w- C:\Program Files (x86)\YTD Video Downloader
2014-03-08 10:36:08 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\XnView
2014-03-08 10:35:33 -------- d-----w- C:\Users\Milivoje\AppData\Local\GHISLER
2014-03-08 10:29:16 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\HEXelon
2014-03-08 10:28:17 -------- d-----w- C:\Program Files (x86)\TC UP
2014-03-06 10:02:11 -------- d-----w- C:\Program Files (x86)\VinylArtist
2014-03-02 17:52:16 -------- d-----w- C:\ProgramData\Nexon
2014-03-02 17:51:18 -------- d-----w- C:\ProgramData\MVH
2014-03-02 17:24:06 -------- d-----w- C:\ProgramData\NexonEU
2014-03-02 16:11:27 -------- d-----w- C:\Users\Milivoje\AppData\Local\Akamai
2014-03-02 16:08:07 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\MPHCA Loader
2014-03-02 16:07:46 -------- d-----w- C:\Users\Milivoje\AppData\Local\MPHCA
2014-03-02 12:58:39 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2014-03-02 12:58:39 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2014-03-02 12:58:38 -------- d-----w- C:\Program Files (x86)\BRS
2014-03-02 12:27:25 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\uTorrent
2014-03-02 06:08:07 1194185 ----a-w- C:\Windows\unins000.exe
2014-03-01 21:57:18 -------- d-----w- C:\Program Files (x86)\Skillbrains
2014-03-01 21:57:16 -------- d-----w- C:\Users\Milivoje\AppData\Local\Skillbrains
2014-03-01 21:57:12 -------- d-----w- C:\Users\Milivoje\AppData\Local\Programs
2014-03-01 19:12:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-02-28 19:49:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-02-28 19:49:42 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-02-28 19:49:34 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-02-28 19:49:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-02-26 06:56:11 -------- d-----w- C:\ProgramData\Oracle
2014-02-26 06:55:49 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-26 06:55:02 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-24 02:08:06 -------- d-----w- C:\Program Files\CCleaner
2014-02-23 22:43:13 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
2014-02-23 22:43:12 -------- d-----w- C:\Program Files (x86)\Overwolf
2014-02-23 22:41:15 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\TS3Client
2014-02-23 22:41:15 -------- d-----w- C:\Users\Milivoje\AppData\Local\Overwolf
2014-02-23 22:40:46 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-02-23 10:37:24 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\AVG2014
2014-02-23 10:36:51 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\TuneUp Software
2014-02-23 10:36:21 -------- d--h--w- C:\$AVG
2014-02-23 10:36:21 -------- d-----w- C:\ProgramData\AVG2014
2014-02-23 10:35:59 -------- d-----w- C:\Program Files (x86)\AVG
2014-02-23 10:33:05 -------- d-----w- C:\Windows\SysWow64\csrss
2014-02-23 10:32:20 -------- d--h--w- C:\ProgramData\Common Files
2014-02-23 10:32:20 -------- d-----w- C:\Users\Milivoje\AppData\Local\MFAData
2014-02-23 10:32:20 -------- d-----w- C:\Users\Milivoje\AppData\Local\Avg2014
2014-02-23 10:32:20 -------- d-----w- C:\ProgramData\MFAData
2014-02-22 21:10:11 0 ----a-w- C:\Windows\ativpsrm.bin
2014-02-22 21:06:59 -------- d-----w- C:\Windows\Panther
2014-02-22 20:16:34 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2014-02-22 16:14:58 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\Need for Speed World
2014-02-22 15:45:44 -------- d-----w- C:\Users\Milivoje\AppData\Local\Electronic_Arts_Inc
2014-02-22 15:40:14 -------- d-sh--w- C:\ProgramData\DSS
2014-02-22 15:40:13 -------- d-----w- C:\ProgramData\Codemasters
2014-02-22 15:00:36 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-02-22 14:58:35 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-02-22 14:54:53 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-02-22 14:54:53 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-02-22 14:54:53 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-02-22 14:41:01 -------- d-----w- C:\Windows\SysWow64\xlive
2014-02-22 14:40:54 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-22 13:46:59 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll
2014-02-22 13:44:19 -------- d-----w- C:\Program Files\Direktix
2014-02-22 13:34:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 13:34:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-22 13:33:19 -------- d-----w- C:\Users\Milivoje\AppData\Local\Adobe
2014-02-22 13:23:34 -------- d-----w- C:\Windows\SysWow64\directx
2014-02-22 13:07:47 -------- d-----w- C:\Users\Milivoje\AppData\Local\Opera Software
2014-02-22 13:07:46 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\Opera Software
2014-02-22 13:05:52 -------- d-----w- C:\Program Files (x86)\MKJogo
2014-02-22 13:01:17 13824 ----a-w- C:\Windows\32slwga.dll
2014-02-22 12:53:43 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-02-22 12:53:43 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-02-22 12:53:43 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2014-02-22 12:53:43 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2014-02-22 12:48:40 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-02-22 12:48:37 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\DAEMON Tools Lite
2014-02-22 12:48:35 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2014-02-22 12:48:14 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2014-02-22 12:42:33 -------- d-----w- C:\Windows\pss
2014-02-22 12:38:41 -------- d-----w- C:\Program Files (x86)\OSCAR Editor X7
2014-02-22 12:38:17 -------- d-----w- C:\Program Files (x86)\OscarEditor
2014-02-22 12:33:30 -------- d-----w- C:\Users\Milivoje\AppData\Local\AMD
2014-02-22 12:33:23 -------- d-----w- C:\Users\Milivoje\AppData\Local\ATI
2014-02-22 12:33:21 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-02-22 12:33:19 -------- d-----w- C:\Program Files (x86)\AMD APP
2014-02-22 12:33:16 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-02-22 12:33:16 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-02-22 12:32:48 -------- d-----w- C:\ProgramData\AMD
2014-02-22 12:32:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2014-02-22 12:32:16 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-02-22 12:32:13 -------- d-----w- C:\Program Files\ATI
2014-02-22 12:30:48 -------- d-----w- C:\Program Files\ATI Technologies
2014-02-22 12:30:06 -------- d-----w- C:\AMD
2014-02-22 12:25:30 -------- d-----w- C:\Users\Milivoje\AppData\Local\Skype
2014-02-22 12:25:18 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-22 12:23:00 -------- d-sh--w- C:\Windows\Installer
2014-02-22 12:18:36 -------- d-----w- C:\Users\Milivoje\AppData\Local\Google
2014-02-22 12:18:24 -------- d-----w- C:\Users\Milivoje\AppData\Local\Deployment
2014-02-22 12:18:07 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2014-02-22 12:18:07 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2014-02-22 12:18:07 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2014-02-22 12:18:07 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-02-22 12:18:07 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-02-22 12:16:10 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-02-22 12:16:10 -------- d-----w- C:\Program Files\Realtek
.
==================== Find3M  ====================
.
2014-02-03 12:20:54 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  6:43:40.58 ===============
 
Attach.txt
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2014 1:14:15 PM
System Uptime: 3/13/2014 6:35:52 AM (0 hours ago)
.
Motherboard: Sapphire Tech |  | PC-AM2RX790
Processor: AMD Athlon II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 32 GiB total, 7.228 GiB free.
D: is FIXED (NTFS) - 201 GiB total, 104.662 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\PNP0510\2
Manufacturer: 
Name: 
PNP Device ID: ACPI\PNP0510\2
Service: 
.
==== System Restore Points ===================
.
RP27: 3/12/2014 8:01:35 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 12 Plugin
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
AVG 2014
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CLEO 4.3
Combat Arms EU
Comodo Dragon
DAEMON Tools Lite
DiRT 3
Google Chrome
Google Update Helper
Java 7 Update 51
Java 7 Update 51 (64-bit)
Java Auto Updater
lightshot-5.1.0.15
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Notepad++
OpenAL
Opera Stable 20.0.1387.64
OSCAR Editor
Overwolf
Rapture3D 2.4.8 Game
Realtek High Definition Audio Driver
Skype™ 6.14
TeamSpeak 3 Client
Total Commander Ultima Prime 5.9.0.0
VirtualDJ Home FREE
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live ID Sign-in Assistant
WinRAR 5.01 (64-bit)
X7 Oscar Editor
YTD Video Downloader 4.7.3
.
==== Event Viewer Messages From Past Week ========
.
3/12/2014 8:30:28 PM, Error: Service Control Manager [7023]  - The SPP Notification Service service terminated with the following error:  Access is denied.
3/12/2014 4:37:01 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/10/2014 12:04:35 AM, Error: Service Control Manager [7022]  - The AMD FUEL Service service hung on starting.
.
==== End Of File ===========================
 
 
i read to post my log files not to attach them 
Link to post
Share on other sites

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh DDS log files.

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.51.2

Run by Milivoje at 6:00:39 on 2014-03-14

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.1449 [GMT 1:00]

.

AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Overwolf\Overwolf.exe

C:\Users\Milivoje\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe

C:\Users\Milivoje\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Milivoje\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe

C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera_crashreporter.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

C:\Users\Milivoje\Desktop\Everest Ultimate Edition v.4.60.1529 beta\everest.exe

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

D:\Rockstar Games\GTA San Andreas\samp.exe

C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe

D:\Rockstar Games\GTA San Andreas\gta_sa.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [MKLOL] "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto

uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

uRun: [LightShot] C:\Users\Milivoje\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue

uRun: [Akamai NetSession Interface] "C:\Users\Milivoje\AppData\Local\Akamai\netsession_win.exe"

uRun: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{1DB3B20E-5E20-423D-A54C-9EA771219B55} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\System32\csrss\csrss.exe

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-2-22 283064]

R1 VD_FileDisk;VD_FileDisk;C:\Windows\System32\drivers\vd_filedisk.sys [2011-1-26 30312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-4-29 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-2-22 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Milivoje\Desktop\Everest Ultimate Edition v.4.60.1529 beta\kerneld.amd64 [2014-3-3 21632]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-12 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-12 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-12 25928]

S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-2-23 98560]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]

.

=============== File Associations ===============

.

FileExt: .scr: XnView.File.scr="C:\Program Files (x86)\TC UP\PLUGINS\Media\XnView\xnview.exe"  "%1" [userChoice]

FileExt: .txt: Notepad++.File.txt="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]

FileExt: .ini: Notepad++.File.ini="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]

FileExt: .inf: Notepad++.File.inf="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]

FileExt: .vbs: Notepad++.File.vbs="C:\Program Files (x86)\TC UP\PLUGINS\Media\Notepad++\notepad++.exe"  "%1" [userChoice]

FileExt: .js: HateML.File.js="C:\Program Files (x86)\TC UP\PLUGINS\Media\HateML\HateML.exe"  "%1" [userChoice]

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2014-03-13 20:35:13 -------- d-----w- C:\Users\Milivoje\AppData\Local\CrashDumps

2014-03-12 19:02:13 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2014-03-12 19:02:07 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8518058E-6E9F-4539-ADD4-4B668906D7DC}\mpengine.dll

2014-03-12 18:38:50 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\Malwarebytes

2014-03-12 18:38:44 -------- d-----w- C:\ProgramData\Malwarebytes

2014-03-12 18:38:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-03-12 18:38:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-12 15:28:48 -------- d---a-w- C:\Temp

2014-03-10 21:04:18 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\.minecraft

2014-03-10 19:35:32 -------- d-----w- C:\Windows\System32\appmgmt

2014-03-10 06:25:06 -------- d-----w- C:\Users\Milivoje\AppData\Local\Comodo

2014-03-10 06:25:03 57096 ----a-w- C:\Windows\System32\certsentry.dll

2014-03-10 06:25:03 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll

2014-03-10 06:24:54 -------- d-----w- C:\Program Files (x86)\Comodo

2014-03-10 06:24:23 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2014-03-10 06:24:23 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2014-03-08 11:09:14 -------- d-----w- C:\Radio

2014-03-08 10:48:03 -------- d-----w- C:\ProgramData\YTD Video Downloader

2014-03-08 10:47:57 -------- d-----w- C:\Program Files (x86)\YTD Video Downloader

2014-03-08 10:36:08 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\XnView

2014-03-08 10:35:33 -------- d-----w- C:\Users\Milivoje\AppData\Local\GHISLER

2014-03-08 10:29:16 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\HEXelon

2014-03-08 10:28:17 -------- d-----w- C:\Program Files (x86)\TC UP

2014-03-06 10:02:11 -------- d-----w- C:\Program Files (x86)\VinylArtist

2014-03-02 17:52:16 -------- d-----w- C:\ProgramData\Nexon

2014-03-02 17:51:18 -------- d-----w- C:\ProgramData\MVH

2014-03-02 17:24:06 -------- d-----w- C:\ProgramData\NexonEU

2014-03-02 16:11:27 -------- d-----w- C:\Users\Milivoje\AppData\Local\Akamai

2014-03-02 16:08:07 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\MPHCA Loader

2014-03-02 16:07:46 -------- d-----w- C:\Users\Milivoje\AppData\Local\MPHCA

2014-03-02 12:58:39 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll

2014-03-02 12:58:39 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll

2014-03-02 12:58:38 -------- d-----w- C:\Program Files (x86)\BRS

2014-03-02 06:08:07 1194185 ----a-w- C:\Windows\unins000.exe

2014-03-01 21:57:18 -------- d-----w- C:\Program Files (x86)\Skillbrains

2014-03-01 21:57:16 -------- d-----w- C:\Users\Milivoje\AppData\Local\Skillbrains

2014-03-01 21:57:12 -------- d-----w- C:\Users\Milivoje\AppData\Local\Programs

2014-03-01 19:12:25 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2014-02-28 19:49:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2014-02-28 19:49:42 99840 ----a-w- C:\Windows\System32\wudriver.dll

2014-02-28 19:49:34 36864 ----a-w- C:\Windows\System32\wuapp.exe

2014-02-28 19:49:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2014-02-26 06:56:11 -------- d-----w- C:\ProgramData\Oracle

2014-02-26 06:55:49 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-02-26 06:55:02 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2014-02-24 02:08:06 -------- d-----w- C:\Program Files\CCleaner

2014-02-23 22:43:13 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf

2014-02-23 22:43:12 -------- d-----w- C:\Program Files (x86)\Overwolf

2014-02-23 22:41:15 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\TS3Client

2014-02-23 22:41:15 -------- d-----w- C:\Users\Milivoje\AppData\Local\Overwolf

2014-02-23 22:40:46 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2014-02-23 10:37:24 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\AVG2014

2014-02-23 10:36:21 -------- d--h--w- C:\$AVG

2014-02-23 10:36:21 -------- d-----w- C:\ProgramData\AVG2014

2014-02-23 10:35:59 -------- d-----w- C:\Program Files (x86)\AVG

2014-02-23 10:33:05 -------- d-----w- C:\Windows\SysWow64\csrss

2014-02-23 10:32:20 -------- d--h--w- C:\ProgramData\Common Files

2014-02-23 10:32:20 -------- d-----w- C:\Users\Milivoje\AppData\Local\MFAData

2014-02-23 10:32:20 -------- d-----w- C:\Users\Milivoje\AppData\Local\Avg2014

2014-02-23 10:32:20 -------- d-----w- C:\ProgramData\MFAData

2014-02-22 21:10:11 0 ----a-w- C:\Windows\ativpsrm.bin

2014-02-22 21:06:59 -------- d-----w- C:\Windows\Panther

2014-02-22 20:16:34 -------- d-----w- C:\Program Files (x86)\VirtualDJ

2014-02-22 16:14:58 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\Need for Speed World

2014-02-22 15:45:44 -------- d-----w- C:\Users\Milivoje\AppData\Local\Electronic_Arts_Inc

2014-02-22 15:40:14 -------- d-sh--w- C:\ProgramData\DSS

2014-02-22 15:40:13 -------- d-----w- C:\ProgramData\Codemasters

2014-02-22 15:00:36 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2014-02-22 14:58:35 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2014-02-22 14:54:53 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2014-02-22 14:54:53 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2014-02-22 14:54:53 -------- d-----w- C:\Program Files (x86)\OpenAL

2014-02-22 14:41:01 -------- d-----w- C:\Windows\SysWow64\xlive

2014-02-22 14:40:54 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2014-02-22 13:46:59 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll

2014-02-22 13:44:19 -------- d-----w- C:\Program Files\Direktix

2014-02-22 13:34:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-22 13:34:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-02-22 13:33:19 -------- d-----w- C:\Users\Milivoje\AppData\Local\Adobe

2014-02-22 13:23:34 -------- d-----w- C:\Windows\SysWow64\directx

2014-02-22 13:07:47 -------- d-----w- C:\Users\Milivoje\AppData\Local\Opera Software

2014-02-22 13:07:46 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\Opera Software

2014-02-22 13:05:52 -------- d-----w- C:\Program Files (x86)\MKJogo

2014-02-22 13:01:17 13824 ----a-w- C:\Windows\32slwga.dll

2014-02-22 12:53:43 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2014-02-22 12:53:43 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2014-02-22 12:53:43 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll

2014-02-22 12:53:43 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll

2014-02-22 12:48:40 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2014-02-22 12:48:37 -------- d-----w- C:\Users\Milivoje\AppData\Roaming\DAEMON Tools Lite

2014-02-22 12:48:35 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2014-02-22 12:48:14 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2014-02-22 12:42:33 -------- d-----w- C:\Windows\pss

2014-02-22 12:38:41 -------- d-----w- C:\Program Files (x86)\OSCAR Editor X7

2014-02-22 12:38:17 -------- d-----w- C:\Program Files (x86)\OscarEditor

2014-02-22 12:33:30 -------- d-----w- C:\Users\Milivoje\AppData\Local\AMD

2014-02-22 12:33:23 -------- d-----w- C:\Users\Milivoje\AppData\Local\ATI

2014-02-22 12:33:21 -------- d-----w- C:\Program Files (x86)\AMD AVT

2014-02-22 12:33:19 -------- d-----w- C:\Program Files (x86)\AMD APP

2014-02-22 12:33:16 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2014-02-22 12:33:16 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2014-02-22 12:32:48 -------- d-----w- C:\ProgramData\AMD

2014-02-22 12:32:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2014-02-22 12:32:16 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2014-02-22 12:32:13 -------- d-----w- C:\Program Files\ATI

2014-02-22 12:30:48 -------- d-----w- C:\Program Files\ATI Technologies

2014-02-22 12:30:06 -------- d-----w- C:\AMD

2014-02-22 12:25:30 -------- d-----w- C:\Users\Milivoje\AppData\Local\Skype

2014-02-22 12:25:18 -------- d-----r- C:\Program Files (x86)\Skype

2014-02-22 12:23:00 -------- d-sh--w- C:\Windows\Installer

2014-02-22 12:18:36 -------- d-----w- C:\Users\Milivoje\AppData\Local\Google

2014-02-22 12:18:24 -------- d-----w- C:\Users\Milivoje\AppData\Local\Deployment

2014-02-22 12:18:07 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2014-02-22 12:18:07 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2014-02-22 12:18:07 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2014-02-22 12:18:07 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2014-02-22 12:18:07 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2014-02-22 12:16:10 -------- d-----w- C:\Windows\SysWow64\RTCOM

2014-02-22 12:16:10 -------- d-----w- C:\Program Files\Realtek

.

==================== Find3M  ====================

.

2014-02-03 12:20:54 270496 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH:  6:00:50.59 ===============

 

I deleted uTorrent 

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.16.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Milivoje :: MILIVOJE-PC [administrator]

 

Protection: Disabled

 

3/16/2014 7:44:34 AM

mbam-log-2014-03-16 (07-44-34).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217049

Time elapsed: 4 minute(s), 30 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

But listen, I already scanned my computer 4 days ago, now it didnt find virus but then it found 6 here is the log 

 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.12.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Milivoje :: MILIVOJE-PC [administrator]

 

Protection: Enabled

 

3/12/2014 7:40:07 PM

mbam-log-2014-03-12 (19-40-07).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215556

Time elapsed: 4 minute(s), 26 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Winupdate (Trojan.Agent) -> Data: C:\Windows\system32\csrss\HRDuGAs9fvuU\csrss.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Backdoor.Bot) -> Data: regsvr32 /s "C:\Temp:02190171.dat" -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 1

C:\Users\Milivoje\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

 

Files Detected: 9

C:\Users\Milivoje\AppData\Local\Temp\NFSW_PursuitBot.exe (Trojan.MalPack.G) -> Quarantined and deleted successfully.

C:\Users\Milivoje\AppData\Local\Temp\s6s8Baulwct3.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Users\Milivoje\AppData\Local\Temp\Rar$EXa0.185\Lets Drift 3.EXE (Hacktool.CheatEngine) -> Quarantined and deleted successfully.

C:\Windows\System32\csrss\csrss.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\csrss\csrss.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\Users\Milivoje\AppData\Roaming\dclogs\2014-02-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Milivoje\AppData\Roaming\dclogs\2014-02-24-2.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Milivoje\AppData\Roaming\dclogs\2014-02-25-3.dc (Stolen.Data) -> Quarantined and deleted successfully.

c:\temp:02190171.dat (Backdoor.Bot) -> Quarantined and deleted successfully.

 

(end)

 

But still my pc is lagging, I still think there is a virus.

Link to post
Share on other sites

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.