Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware Symptoms

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware Symptoms

Unread postby KingJ » March 12th, 2014, 11:25 pm

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Joshua at 23:21:27 on 2014-03-12
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.928 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Joshua\AppData\Local\Skillbrains\lightshot\4.4.2.0\LightShot.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera_crashreporter.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
C:\Program Files (x86)\Opera\20.0.1387.64\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [LightShot] C:\Users\Joshua\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Autonomy\Connected BackupPC\LaunchAgent.vbs" "C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe -silent"
mRun: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75}\2375942554731323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75}\2375942554731323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75}\7596C637F6E6D2E4564777F627B6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7AAA880A-D7A6-4540-94B8-E48368215DF6} : DHCPNameServer = 10.211.254.254 8.8.8.8
TCP: Interfaces\{8736A3CA-87B1-4CFB-8F2D-6EE140A07611} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{AC223A55-595D-41EA-8E64-79FDCBD5D1C7} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\hg9h9e2n.default-1378448872379\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joshua\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-8-1 147768]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-5 62168]
R1 LV_Tracker;LV_Tracker;C:\Windows\System32\Drivers\LV_TrackerX64.sys [2012-7-17 63024]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-5-13 199008]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-8-7 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-8-7 384840]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\Drivers\hitmanpro37.sys [2014-3-12 32512]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-9 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-12-4 2505904]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-5-13 294544]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2013-12-2 1204424]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-5-13 690832]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\Drivers\tapoas.sys [2012-7-15 30720]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-5-13 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 AgentService;AgentService;C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe [2012-11-27 7154000]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-8-7 393032]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2013-11-13 64112]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-14 48736]
S3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-10 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-10 43832]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-8-12 42184]
S3 wmbclass;USB Mobile Broadband Adapter Driver;C:\Windows\System32\Drivers\wmbclass.sys [2013-7-14 230912]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-13 03:08:52 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-03-13 03:04:00 233056 ----a-w- C:\Windows\System32\drivers\11090394.sys
2014-03-13 01:26:03 -------- d-----w- C:\FRST
2014-03-12 20:33:54 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BA3F6BC-56E4-41E2-8601-5FD017A72B83}\offreg.dll
2014-03-12 18:53:57 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BA3F6BC-56E4-41E2-8601-5FD017A72B83}\mpengine.dll
2014-03-12 07:01:39 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-12 05:52:59 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-12 05:52:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 01:33:09 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 01:33:09 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 01:33:08 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 01:33:08 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 00:44:47 -------- d-----w- C:\ProgramData\GlarySoft
2014-03-12 00:39:15 -------- d-----w- C:\Users\Joshua\AppData\Roaming\GlarySoft
2014-03-12 00:39:13 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-03-12 00:38:43 -------- d-----w- C:\Program Files (x86)\Glary Utilities 4
2014-03-09 17:16:41 -------- d-----w- C:\Users\Joshua\AppData\Roaming\OpenVPN Technologies
2014-03-09 17:16:41 -------- d-----w- C:\Users\Joshua\AppData\Local\OpenVPN Technologies
2014-03-09 17:14:51 -------- d-----w- C:\Program Files (x86)\OpenVPN Technologies
2014-03-07 21:55:42 252080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10235.bin
2014-03-06 07:24:55 -------- d-----w- C:\Program Files (x86)\Steganos Online Shield
2014-03-05 19:18:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-02-27 00:09:19 -------- d-----w- C:\Users\Joshua\AppData\Local\Skype
2014-02-27 00:08:47 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-26 01:52:33 -------- d-----w- C:\Windows\ERUNT
2014-02-22 22:58:26 -------- d-----r- C:\Sandbox
2014-02-22 22:56:50 -------- d-----w- C:\Program Files\Sandboxie
2014-02-21 21:08:31 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2014-02-21 21:08:31 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2014-02-21 21:08:30 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2014-02-21 21:08:30 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2014-02-21 08:28:41 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Steganos VPN
2014-02-21 08:27:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steganos
2014-02-21 08:27:44 -------- d-----w- C:\Program Files (x86)\OkayFreedom
2014-02-21 08:26:00 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Steganos
2014-02-13 05:41:29 -------- d-----w- C:\Users\Joshua\AppData\Local\Secunia PSI
2014-02-13 05:41:16 -------- d-----w- C:\Program Files (x86)\Secunia
2014-02-12 05:32:04 -------- d-----w- C:\Program Files\HitmanPro
2014-02-12 05:30:57 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-12 04:09:03 2232664 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-02-12 04:08:47 1845248 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 04:08:47 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 04:08:20 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 04:08:20 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 04:07:11 583680 ----a-w- C:\Windows\System32\msdrm.dll
2014-02-12 04:07:11 451072 ----a-w- C:\Windows\SysWow64\msdrm.dll
2014-02-12 04:06:39 3842560 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 04:06:39 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 04:06:39 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 04:06:37 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
==================== Find3M ====================
.
2014-03-04 22:52:34 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-03 16:39:06 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:23:39.44 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:57:29 PM
System Uptime: 3/12/2014 9:40:09 PM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 18DE
Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics | Socket FT1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 206.38 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 2.537 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_064E&PID_C336&MI_00\6&339E702A&0&0000
Manufacturer: Microsoft
Name: HP Truevision HD
PNP Device ID: USB\VID_064E&PID_C336&MI_00\6&339E702A&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
RP50: 2/21/2014 12:13:33 PM - Windows Update
RP51: 2/28/2014 5:52:07 PM - Scheduled Checkpoint
RP52: 3/9/2014 1:13:32 PM - Installed OpenVPN Client
RP53: 3/12/2014 2:48:05 PM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
Adobe Flash Player 12 Plugin
Aeria Ignite
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
AudibleManager
Bejeweled 3
BlueStacks App Player
BlueStacks Notification Center
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Comodo IceDragon
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberGhost 5
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Ghost Recon Online (NCSA-Live)
Glary Utilities 4.7
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
HitmanPro 3.7
Hoyle Card Games
HP 3D DriveGuard
HP Connected Backup
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
Jewel Match 3
John Deere Drive Green
Kaspersky Security Scan
lightshot-4.4.2.0
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Exploit version 0.10.0.1000
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.3
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
OkayFreedom
OpenVPN Client
Opera Stable 16.0.1196.80
Opera Stable 20.0.1387.64
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Sandboxie 4.08 (64-bit)
Secunia PSI (3.0.0.9016)
Security Task Manager 1.8g
SecurityKISS Tunnel v0.3.0
Skype™ 6.14
Soldier Front 2
Steganos Online Shield
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
TAP-Windows 9.9.2
Update Installer for WildTangent Games App
v0.3.0
Vacation Quest™ - Australia
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VpnOneClick
WildTangent Games
WildTangent Games App
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 8:43:52 PM, Error: Service Control Manager [7034] - The OpenVPN Access Client service terminated unexpectedly. It has done this 1 time(s).
3/8/2014 6:02:43 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2014 6:02:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
3/8/2014 4:22:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
3/7/2014 9:01:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
3/6/2014 8:55:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
3/6/2014 8:24:14 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
3/6/2014 1:22:22 AM, Error: Service Control Manager [7034] - The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2014 1:48:00 AM, Error: VDS Basic Provider [5] - Cannot zero sectors on disk \\?\PhysicalDrive1. Error code: \\?\PhysicalDrive1
3/12/2014 9:53:15 PM, Error: Service Control Manager [7031] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/12/2014 9:53:09 PM, Error: Service Control Manager [7031] - The Online Shield Starter Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/12/2014 9:42:51 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/12/2014 9:41:11 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
3/12/2014 9:40:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff801edab1db3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031214-28875-01.
3/12/2014 9:22:07 PM, Error: Service Control Manager [7031] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/12/2014 9:20:18 PM, Error: Service Control Manager [7034] - The COMODO IceDragon Update Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2014 3:25:07 PM, Error: Service Control Manager [7034] - The BlueStacks Android Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2014 3:21:51 PM, Error: Service Control Manager [7034] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 3 time(s).
3/12/2014 3:05:34 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/12/2014 11:18:28 PM, Error: Service Control Manager [7031] - The OkayFreedom VPN Starter Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/11/2014 9:08:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
3/11/2014 1:28:04 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
3/10/2014 6:51:58 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 50-46-5D-18-56-AF. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================


I went AFK for about 30 mins, and the "w" key was typing by itsself, I didn't think much of it but I rebooted to be sure and the screen black screened and took 10-15 mins to load, also when I ran the aswMBR scan, my screen bluescreened (BSOD).
KingJ
Active Member
 
Posts: 4
Joined: March 12th, 2014, 10:42 pm
Advertisement
Register to Remove

Re: Possible Malware Symptoms

Unread postby Cypher » March 19th, 2014, 7:35 am

We apologise that your topic has gone unanswered.

As it has been five days or more since you started your topic, fresh logs will now have to be posted, as malware can change during this period.
If you still need help, please start a new thread and include your DDS logs:
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.

If for any reason you can't run DDS, please let us know in your post.

This topic will now be closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware