phoenixx13 Posted May 7, 2013 ID:677070 Share Posted May 7, 2013 Hello,I found this website through a Google search and you folks seem knowledgeable about this so I'm hoping someone can help me.A few days ago I noticed that my avast! had sandboxed a program called "shell.exe" on system startup, but did no action to it since they couldn't figure out of if it was malicious or not. I ran a full avast! virus scan and nothing was found.Then I ran a full MalwareBytes scan and it picked up 3 items and deleted them :Files Detected: 3C:\Users\Phoenixx\vbufodveesr.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.C:\Users\Phoenixx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\a3df3e1-265a265e (PUP.BitCoinMiner) -> Quarantined and deleted successfully.C:\Users\Phoenixx\AppData\Roaming\WindowsPED\miner.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.I thought all was done, however, upon system startup today, avast! once again found shell.exe and sandboxed it, doing no action to it. When I hit close, I got a message along the lines of "shell.exe cannot run because miner.dll was deleted, please reinstall the program and try again."I ran another MalwareBytes scan and nothing was picked up, then I ran another full avast! scan and again, nothing was picked up.I'm running out of ideas here and I don't know how to remove this worm. If anyone could help me out in removing this pesky program I would really appreciate it. I have the topic followed and I will be checking back soon! Link to post Share on other sites More sharing options...
phoenixx13 Posted May 7, 2013 Author ID:677073 Share Posted May 7, 2013 I am unsure how to go back and edit my post, so here are the two attachments as required in the sticky:Attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 3/3/2011 9:20:11 PMSystem Uptime: 5/7/2013 10:25:51 AM (1 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | H55-USB3Processor: Intel® Core i3 CPU 560 @ 3.33GHz | Socket 1156 | 3325/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 53.892 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 298 GiB total, 135.33 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP399: 4/30/2013 12:45:43 PM - Windows UpdateRP400: 5/7/2013 10:35:03 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Adobe Shockwave Player 11.6AionAlice: Madness ReturnsApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft Magic-i Visual Effects 2ArcSoft ShowBizArcSoft WebCam Companion 3Audiosurfavast! Free AntivirusBandisoft MPEG-1 DecoderBatman: Arkham City™BlenderBonjourBorderlandsBorderlands 2Brother MFL-Pro Suite MFC-J5910DWCurse ClientD3DX10Dark Souls: Prepare to Die EditionDarksidersDead IslandDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDiablo IIIDisney Pirates of the Caribbean OnlineDon't StarveDragon Age IIDragon Age OriginsEA InstallerEA Shared Game Component: ActivationFraps (remove only)Free M4a to MP3 Converter 7.0GameSpy ArcadeGigabyte Raid ConfigurerGIMP 2.6.11Google ChromeGoogle Earth Plug-inGoogle Update HelperGuild WarsGuild Wars 2Happy Cloud ClientHiJackThisiCloudIntel® Management Engine ComponentsiTunesJava 7 Update 17Java Auto UpdaterJava 6 Update 39JavaFX 2.1.1Kingdoms of Amalur: Reckoning™Left 4 DeadLeft 4 Dead 2MagickaMalwarebytes Anti-Malware version 1.75.0.1300Mass EffectMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft HaloMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMicrosoft XNA Framework Redistributable 3.1Microsoft XNA Framework Redistributable 4.0Mozilla Firefox 20.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)Mumble 1.2.3My Lockbox 2.9.7NCsoft LauncherNEC Electronics USB 3.0 Host Controller DriverNexon Game ManagerNuance PaperPort 12Nuance PDF Viewer PlusNVIDIA 3D Vision Controller DriverNVIDIA 3D Vision Controller Driver 306.97NVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsOblivionON_OFF Charge B10.0427.1OriginPaperPort Image Printer 64-bitPCSX2 - Playstation 2 EmulatorPidginPirates of the Burning SeaPoker Night 2POWERPREP IIPrototypePunkBuster ServicesQuickTimeRaptrRazer DeathAdder MouseRealm of the Mad GodRealtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverRIFT™SAMSUNG USB Driver for Mobile PhonesScansoft PDF ProfessionalSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2760762) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSensorsView Pro 4.3Sid Meier's Civilization 4 CompleteSid Meier's Civilization IV ColonizationSid Meier's Civilization VSkype Click to CallSkype™ 6.3Star Wars: The Old RepublicSteamswMSMTeam Fortress 2TERATerrariaThe Elder Scrolls V: SkyrimThe Sims MedievalThe Sims™ 2 Double DeluxeThe Sims™ 3The Sims™ 3 AmbitionsThe Sims™ 3 GenerationsThe Sims™ 3 Late NightThe Sims™ 3 PetsThe Sims™ 3 SeasonsThe Sims™ 3 ShowtimeThe Sims™ 3 SupernaturalThe Sims™ 3 World AdventuresTorchlight IITurboTax Audit Support Center 3.0Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVampire: The Masquerade - BloodlinesVentrilo Client for Windows x64VindictusWarhammer® 40,000®: Dawn of War® II – Retribution™Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Media Player Firefox PluginWindows Movie Maker 2.6WinRAR 4.11 (32-bit)World of WarcraftXfire (remove only).==== Event Viewer Messages From Past Week ========.5/7/2013 10:28:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.5/7/2013 10:27:31 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.5/6/2013 7:14:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.5/6/2013 7:14:08 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.5/6/2013 6:15:35 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.5/6/2013 1:19:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.5/6/2013 1:19:07 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.5/2/2013 12:23:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.5/2/2013 12:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.5/2/2013 12:22:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the JMB36X service to connect.5/2/2013 12:22:31 PM, Error: Service Control Manager [7000] - The JMB36X service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.4/30/2013 2:25:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2..==== End Of File ===========================DDS.txt:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2Run by Phoenixx at 11:11:43 on 2013-05-07Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8119.5398 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\XSrvSetup.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\SysWOW64\PnkBstrB.exeC:\Program Files (x86)\SensorsViewPro43\svservice.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\My Lockbox\mylbx.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Users\Phoenixx\AppData\Local\Apps\2.0\WBJ34BZL.21T\YJXQ2C9B.T24\curs..tion_9e9e83ddf3ed3ead_0005.0001_35ab96b41397406c\CurseClient.exeC:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Razer\DeathAdder\razerhid.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exeC:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exeC:\Program Files (x86)\Razer\DeathAdder\razertra.exeC:\Program Files (x86)\Razer\DeathAdder\razerofa.exeC:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\System32\WUDFHost.exeC:\PROGRA~2\Raptr\raptr.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\Steam\Steam.exeC:\PROGRA~2\Raptr\raptr_im.exeC:\Program Files (x86)\Raptr\raptr_ep64.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.facebook.com/home.php?ref=hpmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeuRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduleruRun: [PlayNC Launcher] <no file>mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exemRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exemRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exemRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exemRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunmRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\Phoenixx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccipStartupFolder: C:\Users\Phoenixx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Users\Phoenixx\AppData\Roaming\WindowsPED\usft_ext.exe.vbsmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{5F71111D-2005-4591-965A-B676F804128D} : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /ax64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllx64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Phoenixx\AppData\Roaming\Mozilla\Firefox\Profiles\2o4he6eg.default\FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-03-14 15:37; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65336]R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2013-2-17 54848]R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-3-3 21544]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-8-24 1025808]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-8-24 377920]R1 sensorsview;sensorsview;C:\Program Files (x86)\SensorsViewPro43\drv\sensorsview32_64.sys [2008-7-26 14544]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-8-24 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-8-24 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-10 45248]R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-3-3 72304]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]R2 SensorsVService;SensorsVService;C:\Program Files (x86)\SensorsViewPro43\svservice.exe [2011-12-2 935424]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-4-2 104960]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2320920]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-4-2 19968]R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-3-26 12032]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-3 346144]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-3-26 13312]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 178624]S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-9-2 245760]S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2011-3-26 12032]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [?]S3 DCamUSBNovatek;USB2.0 UVC Camera;C:\Windows\System32\drivers\nvtcam.sys [2010-7-14 2746624]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-3 1255736]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088].=============== Created Last 30 ================.2013-05-07 14:53:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52BAEAFB-0DCE-4D14-BFFF-E1D0619F54C5}\offreg.dll2013-05-07 14:45:16 0 ----a-w- C:\Windows\System32\olepro32.dll2013-05-07 14:45:16 0 ----a-w- C:\Windows\System32\nvd3dum.dll2013-05-07 14:45:16 0 ----a-w- C:\Windows\System32\nvapi.dll2013-05-07 14:35:48 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52BAEAFB-0DCE-4D14-BFFF-E1D0619F54C5}\mpengine.dll2013-05-06 03:14:19 -------- d-----w- C:\Users\Phoenixx\AppData\Roaming\WindowsPED2013-04-24 17:19:59 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-19 00:34:06 -------- d-----w- C:\Program Files\iPod2013-04-19 00:34:05 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-04-19 00:34:05 -------- d-----w- C:\Program Files\iTunes2013-04-19 00:34:05 -------- d-----w- C:\Program Files (x86)\iTunes2013-04-17 00:42:12 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe2013-04-12 05:04:52 -------- d-----w- C:\Users\Phoenixx\AppData\Roaming\STV Software2013-04-12 05:04:46 -------- d-----w- C:\Program Files (x86)\SensorsViewPro432013-04-12 01:59:08 -------- d-----w- C:\Program Files (x86)\Disney2013-04-12 01:50:13 -------- d-----w- C:\Users\Phoenixx\AppData\Roaming\Raptr2013-04-12 01:50:13 -------- d-----w- C:\Program Files (x86)\Raptr2013-04-12 01:44:30 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-04-12 01:44:27 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys2013-04-12 01:44:22 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-04-12 01:44:19 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-04-12 01:44:19 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-04-12 01:44:18 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-04-12 01:44:18 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-04-12 01:44:18 112640 ----a-w- C:\Windows\System32\smss.exe.==================== Find3M ====================.2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-14 01:16:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-14 01:16:34 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-03-06 22:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-03-06 22:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr2013-03-04 20:26:24 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys.============= FINISH: 11:12:12.25 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted May 7, 2013 ID:677081 Share Posted May 7, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrCNote:Please read all of my instructions completely including these.Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
phoenixx13 Posted May 7, 2013 Author ID:677100 Share Posted May 7, 2013 Thank you for your speedy reply!! Here's the information you requested:RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Phoenixx [Admin rights]Mode : Scan -- Date : 05/07/2013 14:02:35| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] CurseClient.exe -- C:\Users\Phoenixx\AppData\Local\Apps\2.0\WBJ34BZL.21T\YJXQ2C9B.T24\curs..tion_9e9e83ddf3ed3ead_0005.0001_35ab96b41397406c\CurseClient.exe [-] -> KILLED [TermProc]¤¤¤ Registry Entries : 3 ¤¤¤[sTARTUP][sUSP PATH] Skype.lnk @Phoenixx : C:\Users\Phoenixx\AppData\Roaming\WindowsPED\usft_ext.exe.vbs [-] -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++--- User ---[MBR] e771e164f5ca7b2ea71d69b1c5a7a0cc[bSP] 732e9288ebbfea2e412263f0cab919e6 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: WDC WD3200AAKS-00V1A0 ATA Device +++++--- User ---[MBR] 1d27c3e1e4c807ffa7cdb7c7ec769a6d[bSP] 1c37814a3fa4ba0840a7e3dff2475c98 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_05072013_02d1402.txt >>RKreport[1]_S_05072013_02d1402.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 7, 2013 ID:677123 Share Posted May 7, 2013 Sorry for the delay, I lost my internet.------------------------Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
phoenixx13 Posted May 7, 2013 Author ID:677134 Share Posted May 7, 2013 Malwarebytes Anti-Rootkit BETA 1.05.0.1001www.malwarebytes.orgDatabase version: v2013.05.07.09Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Phoenixx :: PHOENIXX-PC [limited]5/7/2013 6:20:41 PMmbar-log-2013-05-07 (18-20-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 31062Time elapsed: 8 minute(s), 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted May 7, 2013 ID:677137 Share Posted May 7, 2013 Those two posts from Wasabian will be removed shortly.Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found)[sTARTUP][sUSP PATH] Skype.lnk @Phoenixx : C:\Users\Phoenixx\AppData\Roaming\WindowsPED\usft_ext.exe.vbs [-] -> FOUNDNow click Delete on the right hand column under Options-------------Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
LDTate Posted May 8, 2013 ID:677330 Share Posted May 8, 2013 Post error Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 11, 2013 ID:678362 Share Posted May 11, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts