Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware Symptoms

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware Symptoms

Unread postby KingJ » March 22nd, 2014, 12:17 am

I went AFK for about 30 mins, and the "w" key was typing by itsself, I didn't think much of it but I rebooted to be sure and the screen black screened and took 10-15 mins to load, also when I ran the aswMBR scan, my screen bluescreened (BSOD).



DDS logs below:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Joshua at 0:07:20 on 2014-03-22
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1069 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera_crashreporter.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Program Files (x86)\Opera\20.0.1387.77\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\ThumbnailExtractionHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [LightShot] C:\Users\Joshua\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Autonomy\Connected BackupPC\LaunchAgent.vbs" "C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe -silent"
mRun: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{3AA6FAD8-751A-46CD-9A9D-107951ABBE75}\7596C637F6E6D2E4564777F627B6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{7AAA880A-D7A6-4540-94B8-E48368215DF6} : DHCPNameServer = 10.211.254.254 8.8.8.8
TCP: Interfaces\{8736A3CA-87B1-4CFB-8F2D-6EE140A07611} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{AC223A55-595D-41EA-8E64-79FDCBD5D1C7} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\hg9h9e2n.default-1378448872379\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joshua\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Joshua\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-5 62168]
R1 LV_Tracker;LV_Tracker;C:\Windows\System32\Drivers\LV_TrackerX64.sys [2012-7-17 63024]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-5-13 199008]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-8-7 70984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-3-5 319288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-9 701512]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-9 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-12-4 2505904]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-5-13 294544]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2013-12-2 1204424]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-5-13 690832]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-1-17 202600]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\Drivers\tapoas.sys [2012-7-15 30720]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-5-13 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 AgentService;AgentService;C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe [2012-11-27 7154000]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-8-7 393032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-8-7 384840]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2013-11-13 64112]
S2 IceDragonUpdater;COMODO IceDragon Update Service;C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-12-19 1821384]
S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
S2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [2013-12-10 317792]
S2 Online Shield Starter Service;Online Shield Starter Service;C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [2014-2-24 318328]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-14 48736]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-10 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-10 43832]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-8-12 42184]
S3 wmbclass;USB Mobile Broadband Adapter Driver;C:\Windows\System32\Drivers\wmbclass.sys [2013-7-14 230912]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-20 19:22:59 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F5932D7-86F0-4B15-AD84-A174EF42D923}\offreg.dll
2014-03-20 17:11:10 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F5932D7-86F0-4B15-AD84-A174EF42D923}\mpengine.dll
2014-03-18 22:11:27 10521840 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-16 15:47:11 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-13 16:57:39 385 ----a-w- C:\Windows\System32\_zipIt.vbs
2014-03-13 03:04:00 233056 ----a-w- C:\Windows\System32\drivers\11090394.sys
2014-03-12 05:52:59 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-12 05:52:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-12 01:33:09 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 01:33:09 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 01:33:08 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 01:33:08 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 00:44:47 -------- d-----w- C:\ProgramData\GlarySoft
2014-03-12 00:39:15 -------- d-----w- C:\Users\Joshua\AppData\Roaming\GlarySoft
2014-03-12 00:39:13 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-03-12 00:38:43 -------- d-----w- C:\Program Files (x86)\Glary Utilities 4
2014-03-09 17:16:41 -------- d-----w- C:\Users\Joshua\AppData\Roaming\OpenVPN Technologies
2014-03-09 17:16:41 -------- d-----w- C:\Users\Joshua\AppData\Local\OpenVPN Technologies
2014-03-09 17:14:51 -------- d-----w- C:\Program Files (x86)\OpenVPN Technologies
2014-03-06 07:24:55 -------- d-----w- C:\Program Files (x86)\Steganos Online Shield
2014-03-05 19:18:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-02-27 00:09:19 -------- d-----w- C:\Users\Joshua\AppData\Local\Skype
2014-02-27 00:08:47 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-26 01:52:33 -------- d-----w- C:\Windows\ERUNT
2014-02-22 22:58:26 -------- d-----r- C:\Sandbox
2014-02-22 22:56:50 -------- d-----w- C:\Program Files\Sandboxie
2014-02-21 21:08:31 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2014-02-21 21:08:31 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2014-02-21 21:08:30 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2014-02-21 21:08:30 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2014-02-21 08:28:41 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Steganos VPN
2014-02-21 08:27:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steganos
2014-02-21 08:27:44 -------- d-----w- C:\Program Files (x86)\OkayFreedom
2014-02-21 08:26:00 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Steganos
.
==================== Find3M ====================
.
2014-03-17 18:22:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-04 22:52:34 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-12 23:30:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 0:10:15.06 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:57:29 PM
System Uptime: 3/18/2014 5:14:30 PM (79 hours ago)
.
Motherboard: Hewlett-Packard | | 18DE
Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics | Socket FT1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 204.047 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 2.537 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_064E&PID_C336&MI_00\6&339E702A&0&0000
Manufacturer: Microsoft
Name: HP Truevision HD
PNP Device ID: USB\VID_064E&PID_C336&MI_00\6&339E702A&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
RP51: 2/28/2014 5:52:07 PM - Scheduled Checkpoint
RP52: 3/9/2014 1:13:32 PM - Installed OpenVPN Client
RP53: 3/12/2014 2:48:05 PM - Windows Update
RP54: 3/19/2014 5:58:33 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
4 Elements II
Adobe Flash Player 12 Plugin
Aeria Ignite
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
AudibleManager
Bejeweled 3
BlueStacks App Player
BlueStacks Notification Center
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Comodo IceDragon
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberGhost 5
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Ghost Recon Online (NCSA-Live)
Glary Utilities 4.7
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
HitmanPro 3.7
Hoyle Card Games
HP 3D DriveGuard
HP Connected Backup
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
Jewel Match 3
John Deere Drive Green
Kaspersky Security Scan
lightshot-4.4.2.0
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Exploit version 0.10.0.1000
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.3
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
OkayFreedom
OpenVPN Client
Opera Stable 16.0.1196.80
Opera Stable 20.0.1387.77
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Sandboxie 4.08 (64-bit)
Secunia PSI (3.0.0.9016)
Security Task Manager 1.8g
SecurityKISS Tunnel v0.3.0
Skype™ 6.14
Soldier Front 2
Steganos Online Shield
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
TAP-Windows 9.9.2
Update Installer for WildTangent Games App
v0.3.0
Vacation Quest™ - Australia
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VpnOneClick
WildTangent Games
WildTangent Games App
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/18/2014 5:27:12 PM, Error: Service Control Manager [7034] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 3 time(s).
3/18/2014 5:19:38 PM, Error: Service Control Manager [7031] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/18/2014 5:19:32 PM, Error: Service Control Manager [7031] - The OkayFreedom VPN Starter Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/18/2014 5:19:21 PM, Error: Service Control Manager [7031] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/18/2014 5:19:19 PM, Error: Service Control Manager [7034] - The COMODO IceDragon Update Service service terminated unexpectedly. It has done this 1 time(s).
3/18/2014 5:14:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
3/16/2014 11:04:02 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.3 with the system having network hardware address A4-DB-30-E9-43-61. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================
KingJ
Active Member
 
Posts: 4
Joined: March 12th, 2014, 10:42 pm
Advertisement
Register to Remove

Re: Possible Malware Symptoms

Unread postby Cypher » March 23rd, 2014, 1:08 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Possible Malware Symptoms

Unread postby Cypher » March 26th, 2014, 11:06 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware