Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've got a nasty infection. Total Codec Pack.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » September 30th, 2014, 4:42 pm

Hello,

A couple of weeks ago my computer was infected with a nasty virus/trojan horse. I made the mistake of running a program that I downloaded off the internet from an untrustworthy site. I don't remember the name of the program and I've since deleted it. Ever since then my anti-virus program (AVG-free) pops up multiple messages a day about trojan horse infections. Some that it has found are:

Crypt3.ARER
Crypt3.ARVN
IDP.Trojan.8BEF0C1B
IDP.TROjan.330F1B36
Simda.WL
Win32/DH{fyB8ZA}
and so on...

I have tried multiple programs, but have been unsuccessful in removing the virus. I have used:

AVG-free
Malwarebytes Anti-Malware
stinger64
JRT
Windows Defender
MicroTrend HouseCall
Esat Online Scanner

I was able to run Esat one time, and it had a found a number of infections, but my computer was slowed down by a number of processes using a very large amount of memory. Every time I would try to end them, a couple more would start, so that I eventually had about 50 versions at once. I stopped the scan and shut down my computer. After restarting, I was unable to run Esat. Every time I would try, I was told that Esat couldn't update the definition files. My internet connection was working just fine and I don't use a proxy. I tried erasing all traces of Esat from my computer to see if that would help, and I stumbled across a hidden folder that contains a number of programs and movies (it had a copy of Esat which is how I found it). It appears that my computer is being used to host illegal software. I tried to delete it, but couldn't since most of the files were being used.

Here are my DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Rob at 13:22:19 on 2014-09-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2317 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Google+ Auto Backup] "C:\Users\Rob\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
uRun: [Andworks] regsvr32.exe C:\Users\Rob\AppData\Local\Andworks\ASMbase217I.dll
uRun: [Andworks Update] regsvr32.exe C:\Users\Rob\AppData\Local\Andworks\CNBP_267.DLL
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{3CB125F7-5AE6-4BE2-87BB-D38407939EB6} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{3CB125F7-5AE6-4BE2-87BB-D38407939EB6} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{787A731F-3ED5-4062-825E-0600C0570306} : NameServer = 8.8.8.8,8.8.8.8
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 193.107.16.144 http://www.google-analytics.com.
Hosts: 193.107.16.144 google-analytics.com.
Hosts: 193.107.16.144 connect.facebook.net.
Hosts: 188.40.62.184 http://www.google-analytics.com.
Hosts: 188.40.62.184 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-12-8 50976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-17 4799760]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-4-6 35112]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2014-9-1 580232]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-6 1255736]
.
=============== Created Last 30 ================
.
2014-09-30 17:48:57 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-27 13:02:02 634880 ----a-w- C:\Users\Rob\AppData\Roaming\ScanDisc.exe
2014-09-26 18:21:01 159768 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6F4B.exe
2014-09-25 04:20:39 188416 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB2AD.exe
2014-09-24 06:06:14 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 06:06:14 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 22:51:41 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 16:21:21 -------- d-----w- C:\Program Files\stinger
2014-09-23 05:17:24 288 ----a-w- C:\Users\Rob\AppData\Roaming\136A41DE.reg
2014-09-21 22:40:49 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-09-20 22:08:28 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\f207d9ae3d2848332edd6971165b55bb\WMP x264 Codec Pack.exe
2014-09-20 19:56:11 54525952 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\7c998312b0c712d7c75586fe29031154\TARGET 3001.exe
2014-09-20 18:53:56 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\df5bfe7ead98e24e4f7dde85b32ed92f\Crash Time II.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\db24d687a19d643a1c6965973736c23c\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\d1ada249bda7818938e4b145d48c22d2\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6be59164457beaa41328bfb551ba0731\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\35e65aa016dd1c393180f8450e9ed2e8\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\062f846a263ce6d9faae039cb20cea91\Lite x264 Codec Pack.exe
2014-09-20 18:07:31 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0507c83744d040c1489ab204eb68b699\Lite x264 Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\e999db042dc46a3d743acbfd426711e5\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\c5a502e859860ee097d5bf360b820cf1\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\b9ebb7ecc53609e609389e5108b8a42e\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\914d877fdcec5c8b671d9c97e8be706a\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\741d708848b3f4daa28bbd2192fc7d4e\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\71e551ee44dda9b8c76aa34e5af643ff\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\6411421a8dc0929fbc39874aa777ec37\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\318e94665f25bd8f7023c6dc4a88329d\WMP xMPG Codec Pack.exe
2014-09-20 17:52:37 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\0b0a407ab25d48aa186909f845709856\WMP xMPG Codec Pack.exe
2014-09-20 17:51:19 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\a9d079ce2977ffb1612db5e0bb58ad2d\Total Codec Pack.exe
2014-09-20 17:51:19 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\610fbe650c83965bae55b009c4a82a8b\Total Codec Pack.exe
2014-09-20 17:36:53 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\07168878a40e7ef035499de201165b69\History Sweeper.exe
2014-09-15 16:45:13 -------- d-----w- C:\Program Files\iPod
2014-09-15 16:45:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-15 16:45:12 -------- d-----w- C:\Program Files\iTunes
2014-09-15 16:45:12 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-15 04:04:40 -------- d-----w- C:\Program Files (x86)\DAMN NFO Viewer
2014-09-15 03:57:27 -------- d-----w- C:\Users\Rob\AppData\Local\Andworks
2014-09-15 03:57:18 -------- d-----w- C:\Users\Rob\AppData\Local\Azsmworks
2014-09-15 03:56:15 2498560 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-11 21:02:48 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 21:02:48 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 21:01:16 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-09-11 21:01:16 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-09-11 21:01:16 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-09-11 21:01:16 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-09-10 08:04:57 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 08:04:57 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 08:04:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 08:04:34 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 08:04:15 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 08:04:15 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 08:04:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 08:04:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 08:04:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 08:04:00 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 08:03:59 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-02 03:59:41 128728 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-02 03:59:12 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-02 03:59:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-02 03:59:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-02 03:57:40 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
2014-09-02 03:57:34 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-02 03:57:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-02 03:49:37 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-09-02 03:25:06 -------- d-----w- C:\Windows\ERUNT
2014-09-02 03:08:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\Wise Care 365
2014-09-02 03:08:15 -------- d-----w- C:\Program Files (x86)\Wise
2014-09-01 18:42:41 -------- d-----w- C:\Program Files\Bonjour
2014-09-01 18:42:41 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2014-09-23 21:56:35 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 21:56:35 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-12 03:53:43 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-08-06 15:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-25 07:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-22 02:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 13:23:00.93 ===============


DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 10/6/2013 12:39:47 PM
System Uptime: 9/30/2014 11:51:50 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 62.883 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.425 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 659.802 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 9/19/2014 12:28:04 AM - Scheduled Checkpoint
RP89: 9/23/2014 6:12:53 PM - Malwarebytes Anti-Rootkit Restore Point
RP90: 9/24/2014 1:32:36 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 193.107.16.144 http://www.google-analytics.com.
Hosts: 193.107.16.144 google-analytics.com.
Hosts: 193.107.16.144 connect.facebook.net.
Hosts: 188.40.62.184 http://www.google-analytics.com.
Hosts: 188.40.62.184 google-analytics.com.
Hosts: 188.40.62.184 connect.facebook.net.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Activity Tracker
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.09)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVG SafeGuard toolbar
Battle.net
Bonjour
BufferChm
C4100
c4100_Help
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Copy
Destinations
DeviceDiscovery
Diablo III
DocProc
DVDFab 9.0.7.2 (18/10/2013)
Fax
Google Chrome
Google Talk Plugin
Google Update Helper
Google+ Auto Backup
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HydraVision
ImgBurn
iTunes
Java 7 Update 45 (64-bit)
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
NirSoft BlueScreenView
OCR Software by I.R.I.S. 13.0
Picasa 3
Recuva
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Status
TeamViewer 9
Toolbox
TrayApp
Tweaking.com - Windows Repair (All in One)
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
WebReg
Wise Care 365 3.23
.
==== Event Viewer Messages From Past Week ========
.
9/30/2014 11:49:41 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:43:14 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:43:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/30/2014 11:43:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/30/2014 11:42:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2014 11:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/30/2014 11:42:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 discache spldr Wanarpv6
9/30/2014 11:42:36 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:41:30 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/30/2014 11:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/30/2014 11:34:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgdiska AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2014 11:34:42 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/29/2014 11:59:35 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
9/25/2014 10:20:26 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The media is write protected.
9/25/2014 10:20:18 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
9/25/2014 10:15:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092514-68078-01.
.
==== End Of File ===========================
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm
Advertisement
Register to Remove

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 1st, 2014, 11:15 am

Hello rigidee,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 1st, 2014, 11:27 am

Hi pgmigg,

I have read the guidelines and the READ THIS FIRST forum post. I appreciate your help with this matter and look forward to your instructions.
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 1st, 2014, 12:46 pm

Hello rigidee,

I have tried multiple programs, but have been unsuccessful in removing the virus. I have used:

AVG-free
Malwarebytes Anti-Malware
stinger64
JRT
Windows Defender
MicroTrend HouseCall
Esat Online Scanner
Could you please post here the log file JRT.txt which was saved to your desktop?
Probably, there were kept a log files from ESET Online Scanner and from Malwarebytes Anti-Malware (MBAM - please check C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-xx-...) - if it so, please post them too.

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for any kind of business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a JRT.txt log file
  3. Contents of the ESETScan.txt log file
  4. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-xx-... file
  5. Contents of CKFiles.txt log file
  6. Answers to my question related to type of using of your computer
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 2nd, 2014, 3:53 pm

Hi pgmigg,

I was unable to execute your instructions. Now when I boot my computer, the starting Windows screen appears, but then nothing but a black screen and a cursor. I can move the cursor and use ctr-alt-del to access the task manager, but otherwise nothing works. Not the start key, not the mouse buttons, not anything I've tried. I then booted in safe mode and had the same problem. I was able to boot in safe mode with a command prompt, but that's about it. I'm starting to think a clean OS install is required, unless you think there is something you can suggest I try.

My computer is not used for any business purposes or connected to a business network. It is used for educational purposes - my daughter goes to an on-line school - but is done entirely over the internet and not an educational network.
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 3rd, 2014, 1:41 am

Hello rigidee,

I was able to boot in safe mode with a command prompt, but that's about it. I'm starting to think a clean OS install is required, unless you think there is something you can suggest I try.
The OS reinstall is possible but as the last thing. Firstly let to try to Repair your system by restore to early point in time prior the day "xxxxxx" when your troubles started.

To enter System Recovery Options from the Boot Menu...
  1. Restart the computer.
  2. As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  3. Use the arrow keys to select Repair your computer.
  4. Select the operating system you want to repair, and then click Next.
  5. Select your user account and click Next.
    In the System Recovery Options Menu you will see the following options:
    1. Startup Repair
    2. System Restore
    3. System Image Recovery
    4. Windows Memory Diagnostic
    5. Command Prompt
  6. Select System Restore
    • You should now see a list of System Restore Points. If you don't, check/tick Show more restore points.
    • Chose the restore point just prior to xxxxxxxx
    • Then click Next, then follow the prompts.

Please let me know about your results and then wait for next set of instructions...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 4th, 2014, 8:50 pm

Hi pgmigg,

System Restore worked and my box is back up and running.
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 4th, 2014, 9:20 pm

Hello rigidee,

System Restore worked and my box is back up and running.
Very nice! :D

In such case I would like to ask you to run previous steps - I will repeat them:

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Then:
I have tried multiple programs, but have been unsuccessful in removing the virus. I have used:
Malwarebytes Anti-Malware
JRT
Esat Online Scanner

Could you please post here the log file JRT.txt which was saved to your desktop?
Probably, there were kept a log files from ESET Online Scanner and from Malwarebytes Anti-Malware (MBAM - please check C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-xx-...) - if it so, please post them too.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of a JRT.txt log file
  4. Contents of the ESETScan.txt log file
  5. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2014-xx-... file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 6th, 2014, 12:07 pm

Hi pgmigg,

I have log files CKFiles.txt, JRT.txt, and mbam-log-2014-xx that I will include in the following posts. I never succeeded in completing an ESET scan, so there is no log file for that. I also had to run JRT.exe again, because I had deleted that log file before contacting Malwareremoval.com. When JRT.exe finished running, by computer was once again unusable (only a black screen and mouse cursor). I ran system restore again to get it working, and the only change in computer behavior I've noticed is that sometimes when I click on a web link, my browser (chrome) goes to an alternative web page. The last time it happened, a download started automatically, and the file that was downloaded was immediately pegged as Malware by AVG-Free.
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 6th, 2014, 12:07 pm

CKFiles.txt:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\rob\downloads\nutcrackers.docx
scanner sequence 3.AP.11.VLNAUZ
----- EOF -----
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 6th, 2014, 12:08 pm

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.0 (10.05.2014:1)
OS: Windows 7 Professional x64
Ran by *** on Sun 10/05/2014 at 12:44:19.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] couponprinterservice
Successfully deleted: [Service] couponprinterservice



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2186564753-274233747-90243057-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Malwarebytes' Anti-Malware (portable)
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rob\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/05/2014 at 12:52:12.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 6th, 2014, 12:10 pm

mbam-log-2014-xx:

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/09/01 23:00:04 -0500</date>

<logfile>mbam-log-2014-09-01 (23-00-02).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.09.02.02</malware-database>

<rootkit-database>v2014.08.21.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>Rob</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>306626</objects>

<time>1051</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>1</datas>

<folders>0</folders>

<files>3</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>warn</pup>

<pum>enabled</pum>

</options>


-<items>


-<data>

<path>HKU\S-1-5-21-2186564753-274233747-90243057-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>

<valuename>Start Page</valuename>

<vendor>PUP.Optional.Spigot.A</vendor>

<action>replaced</action>

<valuedata>https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie</valuedata>

<baddata>https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie</baddata>

<gooddata>www.google.com</gooddata>

<hash>3c9e23c546353204fba80dd0a75d8878</hash>

</data>


-<file>

<path>C:\$Recycle.Bin\S-1-5-21-2186564753-274233747-90243057-1001\$RPQB8ZI.exe</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>c2180fd91e5d91a5f53b03a561a0eb15</hash>

</file>


-<file>

<path>C:\$Recycle.Bin\S-1-5-21-2186564753-274233747-90243057-1001\$RV5DK22.tmp</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>b921f5f32a510135ac849d0b3ac707f9</hash>

</file>


-<file>

<path>C:\$Recycle.Bin\S-1-5-21-2186564753-274233747-90243057-1001\$R8JC4BL.tmp\Au_.exe</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>71692dbb3546e65070c045639170ba46</hash>

</file>

</items>

</mbam-log>
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 7th, 2014, 12:29 am

Hello rigidee,

I also had to run JRT.exe again, because I had deleted that log file
In the future, please do not take the initiative and do not run anything I did not ask to do. The last time I asked you to post just JRT log, if it were found from previous run... :(

Well... Let continue!

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    AVG SafeGuard toolbar
    Java 7 Update 45 (64-bit)
    Java 7 Update 51
    Java Auto Updater
    SmartWebPrinting
    Wise Care 365
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Processes
    taskeng.exe
    taskhost.exe
    CouponPrinterService.exe
    
    :Services
    CouponPrinterService
    
    :Files
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Coupons
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 4.
TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator...".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply

Step 5.
OTL - Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the zoek-results.log file
  4. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  5. Contents of a OTL.txt log file
  6. Contents of a Extras.txt log file
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 8th, 2014, 11:29 am

pgmigg,

I was able to complete steps 1 & 2, but after my computer rebooted in step 2, I had the same problem as before. Black screen, only a cursor and access to task manager. I ran system restore again, but the programs I uninstalled in step 1 were back. I will include the OTL log file at the end of this post, but I will await your reply before I do anything else. Thank you.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
No active process named taskeng.exe was found!
No active process named taskhost.exe was found!
No active process named CouponPrinterService.exe was found!
========== SERVICES/DRIVERS ==========
Service CouponPrinterService stopped successfully!
Service CouponPrinterService deleted successfully!
========== FILES ==========
File move failed. C:\Windows\system32\taskeng.exe scheduled to be moved on reboot.
File\Folder C:\Windows\system32\taskhost.exe not found.
C:\Program Files (x86)\Coupons folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rob\Desktop\cmd.bat deleted successfully.
C:\Users\Rob\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 57311 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rob
->Flash cache emptied: 57822 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Rob
->Java cache emptied: 3384134 bytes

Total Java Files Cleaned = 3.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rob
->Temp folder emptied: 16638449 bytes
->Temporary Internet Files folder emptied: 318316 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 388634841 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10845559 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46490662 bytes
RecycleBin emptied: 438824713 bytes

Total Files Cleaned = 860.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10072014_173327
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 8th, 2014, 11:48 am

Hello rigidee,

I was able to complete steps 1 & 2, but after my computer rebooted in step 2, I had the same problem as before. Black screen, only a cursor and access to task manager. I ran system restore again, but the programs I uninstalled in step 1 were back.
OK. Please close all open applications and make a shutdown (not a restart!) for computer - it may take a while... Then please wait for a minute (at least) and switch on the computer normally and do nothing until it finished completely. Then make a restart (not a shutdown for now) and be sure that it started normally.

Then please proceed to Steps 3, 4, and 5. In case with "black screen with only cursor and access to task manager" at any moment, please stop and let me know.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware