Jump to content

sebastiantwz

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much MrC, your patience and swift response along with easy to follow instructions is greatly appreciated. Many thanks to you !

  2. Dear MrC, I have downloaded and registered Foxit Reader and updated my Firefox. I have also uninstalled the other programs as instructed. Thank you for your time and effort in helping me resolve the problem.
  3. Here is the contents: Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.44 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox 25.0.1 Firefox out of Date! Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` I noticed something that might/might not be a problem. From the past few days, i found that some of the windows gadgets seems to be missing. I always have a clock and Kaspersky's gadgets on my desktop, but sometimes they failed to show up during reboot. Right-click and choosing Gadgets seems to have no effect at all. Any Idea what might have caused this?
  4. Alright, I have downloaded the newest CCleaner and cleaned out the temp files. I noticed that since my last reboot, the malware seems to be taken care of. Ill monitor how things go for a few more days adn will post back here if the malware or anything unusual happens. Thank you for your time MrC, have a great weekend.
  5. He are the logs from Farbar. Threat scan for Malwarebytes found nothing FRST.txt Addition.txt
  6. Thank you Mr C, This is the log from Adwcleaner: # AdwCleaner v3.023 - Report created 11/04/2014 at 10:59:05# Updated 01/04/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Sebastian - SEBASTIAN-PC# Running from : C:\Users\Sebastian\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\PerformancerFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\contoinuetosaiveyFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\contoinuetosaiveyFolder Deleted : C:\Program Files (x86)\continuetosaveFolder Deleted : C:\Program Files (x86)\Surf CanyonFolder Deleted : C:\Users\Sebastian\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Sebastian\AppData\LocalLow\contoinuetosaiveyFolder Deleted : C:\Users\Sebastian\AppData\Roaming\BabSolutionFolder Deleted : C:\Users\Sebastian\AppData\Roaming\BabylonFolder Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibemFolder Deleted : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebpFile Deleted : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\ji8pb58a.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibemKey Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebpKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebpKey Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLLKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSiteKey Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{611EC2E2-6B0A-CAA7-0710-A62D96DC16FE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{611EC2E2-6B0A-CAA7-0710-A62D96DC16FE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{611EC2E2-6B0A-CAA7-0710-A62D96DC16FE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{611EC2E2-6B0A-CAA7-0710-A62D96DC16FE}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Deleted : HKCU\Software\Surf CanyonKey Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf CanyonKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\ji8pb58a.default\prefs.js ] Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);Line Deleted : user_pref("aol_toolbar.default.search.check", false);Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5964 octets] - [11/04/2014 10:52:07]AdwCleaner[s0].txt - [5869 octets] - [11/04/2014 10:59:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5929 octets] ##########
  7. Thank you MrC The scan with TDSSKiller found nothing, I have attached the log since it was too long to include it in the post. TDSSKiller.3.0.0.30_10.04.2014_21.07.31_log.txt
  8. Dear MrC, Thank you for the quick reply. I have done a Threat scan and have removed the threats. Below is the report from Roguekiller: RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Sebastian [Admin rights]Mode : Scan -- Date : 04/10/2014 11:21:31| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : AMD Catalyst (C:\ProgramData\Catalyst\CCC\colorrgb.exe [-]) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 1 ¤¤¤[CHR][PUP] Default : Surf Canyon ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1002FAEX-00Z3A0 +++++--- User ---[MBR] 2e3e2b958ef91da48a940bdc93b77e29[bSP] 0fe74d927a7bfbc4467fe682338c9ba1 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MBUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Corsair Force GS +++++--- User ---[MBR] 318d4df6b2031bf40296635bab8ffd24[bSP] 51fb655a4bc59cd7cb5553a9159baa29 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MBUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD30EZRX-00D8PB0 ATA Device +++++--- User ---[MBR] d653763f095c857288d1552fee22868b[bSP] 43a6027aeaa449a5c5f079b9e9a6744d : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_04102014_112131.txt >> One more thing, how do I make sure my System Restore is Turned On and running?
  9. Firstly, I would like to thank everyone for any help I can get. The issue started off when I noticed some strange behavior whereby my graphics cards seems to be working at 99% load all the time. I have download Malwarebytes and performed a scan on my PC. It seems that my PC has been infected with some sort of Bitcoin mining malware disguised as svchost.exe and has been utilizing my GPU at full capacity for the past weeks. The good news is Malwarebytes was able to quarantine and have everything under control (well done I must say, Kaspersky is not very useful since it could not find the malware), the bad news is that the malware is still on my PC. It comes back to haunt my GPU everytime I turn on my PC. Attached are the files from the Farbar recovery scans. Any assistance will be greatly appreciated Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.