Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware installation

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware installation

Unread postby ldrancer » April 3rd, 2014, 8:33 pm

think i got some of that stuff. came from a bundled thing.
i do sometimes see searchfun try to take over my browser. so i searched here, and found this systemlook program with a suggestion of things to look for. well heres what it gives me
SystemLook 04.09.10 by jpshortstuff
Log created at 20:17 on 03/04/2014 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\stahlregen + geiss + shifter - babylon.milk --a---- 26473 bytes [20:18 28/04/2009] [20:18 28/04/2009] FD56279AD850D3AA87454766302DACF1

Searching for "*conduit*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1414464940-4264314983-1291064034-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1414464940-4264314983-1291064034-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1414464940-4264314983-1291064034-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-1414464940-4264314983-1291064034-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "conduit"
No data found.

-= EOF =-

when i try to delete them registry keys, it says access denied.
ldrancer
Banned Member
 
Posts: 8
Joined: April 3rd, 2014, 8:30 pm
Advertisement
Register to Remove

Re: malware installation

Unread postby ldrancer » April 3rd, 2014, 8:58 pm

and and and
ive ran spybot search and destroy and removed everything it could find. malwarebytes and removed everythign it coudl find. and adware remover. and let it remove anything it done. too.
i think this spyware tried to make another account on my computer too. theres a whole xp folder deal on my computer, the documents and settings in the C:\ drive. which isnt there for windows 7 which ive got on. btw this is nothing but a spyware operating system. and a computer is what i use. whether you guys think that or not.

ok so them folders are there, does w7 have a system volume information folder on it? on C:\ ? it has some files in it im not sure about, such as syscache.hve file. tracking.log

im not sure of another account, its not under user accounts in control panel. and a multipar folder i had, on c:\ has a lock beside it now too, and its just a regular program folder.

heres a hijackthis log too.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:59:28 PM, on 4/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16843)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
C:\Program Files (x86)\DU Meter\DUMeter.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Nightly\firefox.exe
D:\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [MSCS] C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cdloader] "C:\Windows\system32\config\systemprofile\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cdloader] "C:\Windows\system32\config\systemprofile\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: magicJack - Unknown owner - C:\mjusbsp\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7449 bytes
ldrancer
Banned Member
 
Posts: 8
Joined: April 3rd, 2014, 8:30 pm

Re: malware installation

Unread postby ldrancer » April 4th, 2014, 12:36 am

read sticky.

my computer just sometimes goes to searchfun. the title of the page is SUP. page title. in html, if u guys know what im saying. i run adblockers so nothing loads. thats about it for now. oh yea something everytime i load up my computer, it locks up for like a second, but not really locking up, not loading, and then ill hear the dun dun dun, some like usb device failed to attach? sound.. thats it. but i havent got nothing attached, well, i havent checked but just started happenning. i get that sound, my computer continues loading, hten thats it.

before doing some, of the spyware removal, i had my homepage changed to mysearch or something. so then i just started running spyware removers. ive got weird folders on my computer that wherent there before. system volume information is filled with these couple of weird files. on every drive i have. thats still there. and until i ran the adremover program i had black boxes blinking on my browser, lke when i would mouse over the adress bar, it would black box out, just a little, or the search bar, it would black box out. like spyware reading stuff. the folders seem like their loggin and seem like their keeping trackof browsing. my adblockers will sometimes, now show the searchfun page or a fish page i kept seeing. but its moslty dissappeared. my browser is tooken over sometimes by this.

heres the dds log
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Owner at 0:28:24.77 on Fri 04/04/2014
Internet Explorer: 9.10.9200.16844
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2571 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
C:\Program Files (x86)\DU Meter\DUMeter.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\mjusbsp\srvany.exe
C:\mjusbsp\magicJack.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\wisptis.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Nightly\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
D:\downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [MSCS] C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe /autorun
mRun: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
dRun: [cdloader] "C:\Windows\system32\config\systemprofile\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: safeweb: {B0A728FA-B4C4-A168-EE84-0FCE55E5446B} - C:\Program Files (x86)\safeweb\4JV8DyH2C.x64.dll
BHO-X64: safeweb - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
mRun-x64: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe Envoke
mRun-x64: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe Envoke
mRun-x64: [MouseDriver] TiltWheelMouse.exe
mRun-x64: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
mRun-x64: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
AppInit_DLLs-X64: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\zf500uyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cloudflare-watch.org/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 magicJack;magicJack;C:\mjusbsp\srvany.exe [2014-3-27 8192]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-30 418376]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2013-12-6 13207552]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2013-12-6 626176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-30 25928]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2014-1-27 24176]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-11 888536]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 d0e87c27;SW-Sustainer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-30 701512]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;C:\Windows\System32\drivers\an983x64.sys [2014-1-11 48128]
S3 cmipci;CMI8738/8768 Audio Driver;C:\Windows\System32\drivers\cmipci.sys [2009-7-13 47104]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\Windows\System32\drivers\LtcyCfgWDM.sys [2005-12-26 8960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-11 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-1-11 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-11 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-11 1255736]
.
=============== Created Last 30 ================
.
2014-04-04 00:53:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-02 09:11:22 -------- d-----w- C:\AdwCleaner
2014-04-01 21:33:33 10521840 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B1B0C58C-F342-40B2-B6B5-2DD270A99CA7}\mpengine.dll
2014-03-31 16:08:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\AvitoDvd
2014-03-31 16:08:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\AviDvdBurner
2014-03-31 16:08:36 -------- d-----w- C:\Program Files (x86)\AviToDvdFree
2014-03-31 15:37:27 -------- d-----w- C:\Program Files (x86)\Haali
2014-03-31 15:37:07 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-03-31 15:37:06 -------- d-----w- C:\Program Files (x86)\ffdshow
2014-03-31 15:35:43 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2014-03-31 15:35:33 -------- d-----w- C:\Program Files (x86)\AVStoDVD
2014-03-31 14:54:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\AnvSoft
2014-03-31 08:12:42 -------- d-----w- C:\Program Files (x86)\pazera-software
2014-03-31 02:31:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-31 02:31:20 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2014-03-31 01:01:44 -------- d-----w- C:\Program Files (x86)\SimCity
2014-03-30 09:14:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-03-30 09:14:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-30 09:14:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-30 09:14:01 -------- d-----w- C:\PROGRA~3\Malwarebytes
2014-03-30 09:09:04 -------- d-----w- C:\Program Files\CCleaner
2014-03-30 07:20:19 -------- d-----w- C:\Users\Owner\AppData\Local\Packages
2014-03-30 07:20:16 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2014-03-30 07:20:16 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo
2014-03-30 07:20:16 -------- d-----w- C:\PROGRA~3\65eb4f35943afb5
2014-03-30 07:19:47 -------- d-----w- C:\PROGRA~3\InstallMate
2014-03-29 01:52:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\The Creative Assembly
2014-03-27 08:22:49 -------- d-----w- C:\mjusbsp
2014-03-27 04:35:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\Jasc
2014-03-27 04:34:54 -------- d-----w- C:\Program Files (x86)\Jasc Software Inc
2014-03-27 04:33:09 -------- d-----w- C:\PROGRA~3\Blumentals
2014-03-27 04:32:13 -------- d-----w- C:\Program Files (x86)\Easy GIF Animator
2014-03-20 07:43:53 -------- d-----w- C:\Program Files (x86)\Nightly
2014-03-19 07:01:03 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\wdf01000.sys.mui
2014-03-19 07:01:03 2560 ----a-w- C:\Windows\System32\drivers\zh-CN\wdf01000.sys.mui
2014-03-19 07:01:03 2560 ----a-w- C:\Windows\System32\drivers\ja-JP\wdf01000.sys.mui
2014-03-19 06:15:52 -------- d-----w- C:\PROGRA~3\vsosdk
2014-03-19 05:05:20 82816 ----a-w- C:\Users\Owner\AppData\Roaming\pcouffin.sys
2014-03-19 05:05:16 -------- d-----w- C:\Program Files (x86)\VSO
2014-03-19 05:05:16 -------- d-----w- C:\PROGRA~3\VSO
2014-03-19 05:02:33 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-19 05:02:33 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-19 04:36:22 -------- d-----w- C:\Program Files (x86)\Pegasys Inc
2014-03-18 12:00:41 6144 ----a-w- C:\Windows\System32\drivers\ja-JP\tunnel.sys.mui
2014-03-18 11:59:06 5120 ----a-w- C:\Windows\System32\drivers\zh-TW\tunnel.sys.mui
2014-03-18 11:58:59 7680 ----a-w- C:\Windows\System32\drivers\zh-TW\fvevol.sys.mui
2014-03-18 11:57:01 5120 ----a-w- C:\Windows\System32\drivers\zh-CN\tunnel.sys.mui
2014-03-18 11:57:01 23040 ----a-w- C:\Windows\System32\drivers\zh-CN\usbport.sys.mui
2014-03-18 11:57:01 11776 ----a-w- C:\Windows\System32\drivers\zh-CN\usbhub.sys.mui
2014-03-18 11:57:00 9728 ----a-w- C:\Windows\System32\drivers\zh-CN\battc.sys.mui
2014-03-18 11:57:00 4608 ----a-w- C:\Windows\System32\drivers\zh-CN\rdvgkmd.sys.mui
2014-03-18 11:57:00 3584 ----a-w- C:\Windows\System32\drivers\zh-CN\sermouse.sys.mui
2014-03-18 11:57:00 3072 ----a-w- C:\Windows\System32\drivers\zh-CN\tsusbhub.sys.mui
2014-03-18 11:57:00 3072 ----a-w- C:\Windows\System32\drivers\zh-CN\mouclass.sys.mui
2014-03-18 11:57:00 2560 ----a-w- C:\Windows\System32\drivers\zh-CN\rdpwd.sys.mui
2014-03-18 11:57:00 2560 ----a-w- C:\Windows\System32\drivers\zh-CN\mouhid.sys.mui
2014-03-18 11:57:00 24064 ----a-w- C:\Windows\System32\drivers\zh-CN\ndis.sys.mui
2014-03-18 05:26:49 -------- d-----w- C:\Program Files (x86)\Nero
2014-03-18 05:26:45 -------- d-----w- C:\PROGRA~3\Nero
2014-03-18 05:17:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\Aimersoft Video Converter Ultimate
2014-03-18 05:17:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-03-18 05:16:58 -------- d-----w- C:\Users\Owner\AppData\Local\Aimersoft
2014-03-18 05:16:58 -------- d-----w- C:\Program Files\Common Files\Aimersoft
2014-03-18 05:16:49 -------- d-----w- C:\PROGRA~3\Aimersoft Video Converter Ultimate
2014-03-18 04:53:50 -------- d-----w- C:\Program Files (x86)\ConvertVideoFiles.Net
2014-03-18 04:06:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\DVD Flick
2014-03-18 04:06:52 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2014-03-18 04:06:52 609824 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2014-03-18 04:06:52 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll
2014-03-18 04:06:52 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx
2014-03-18 04:06:52 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2014-03-18 04:06:52 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx
2014-03-18 04:06:52 -------- d-----w- C:\Program Files (x86)\DVD Flick
2014-03-18 01:54:32 -------- d-----w- C:\Users\Owner\AppData\Roaming\Pegasys Inc
2014-03-18 01:53:22 59488 ----a-w- C:\Windows\SysWow64\GenSvcInst.exe
2014-03-18 01:53:22 33408 ----a-w- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS
2014-03-18 01:53:22 145504 ----a-w- C:\Windows\SysWow64\bgsvcgen.exe
2014-03-18 01:53:03 88704 ----a-w- C:\Windows\SysWow64\packet.dll
2014-03-18 01:53:03 42512 ----a-w- C:\Windows\SysWow64\drivers\npf.sys
2014-03-18 01:53:03 240240 ----a-w- C:\Windows\SysWow64\wpcap.dll
2014-03-14 09:10:41 -------- d-----w- C:\Fraps
2014-03-14 05:30:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\Post Master
2014-03-11 21:02:12 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-11 21:02:12 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-11 21:02:12 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-11 21:02:12 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-11 21:02:11 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-11 21:02:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-11 21:02:11 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-11 21:02:11 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-10 23:39:14 -------- d-----w- C:\Windows\System32\appmgmt
2014-03-08 03:00:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\.minecraft
.
==================== Find3M ====================
.
2014-03-30 03:32:39 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-30 03:32:39 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-03-30 03:32:19 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:39:39 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-02-23 05:35:24 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-02-04 14:27:51 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2014-01-27 10:10:15 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-01-27 10:10:15 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-01-27 10:10:15 111616 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-01-27 10:10:15 102400 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-01-27 10:04:50 47104 ----a-w- C:\Windows\System32\drivers\cmipci.sys
2014-01-26 23:22:02 8960 ----a-w- C:\Windows\System32\drivers\LtcyCfgWDM.sys
2014-01-23 10:26:43 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-01-22 12:24:16 16 ----a-w- C:\Windows\nraesg.exe
2014-01-18 12:13:01 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2014-01-11 11:21:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-11 11:21:05 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-11 08:30:22 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-11 05:01:19 0 ----a-w- C:\Windows\ativpsrm.bin
2014-01-11 04:54:31 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-11 04:53:51 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-01-11 04:53:51 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 0:28:34.87 ===============
and ive attachd the attach
You do not have the required permissions to view the files attached to this post.
ldrancer
Banned Member
 
Posts: 8
Joined: April 3rd, 2014, 8:30 pm

Re: malware installation

Unread postby Cypher » April 4th, 2014, 11:23 am

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.
Please submit a new log and wait for a helper to reply. Thank you for your understanding.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware