Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Macromedia.exe bitcoin miner


  • This topic is locked This topic is locked
2 replies to this topic

#1 Moist von Lipwig

Moist von Lipwig

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 PM

Posted 11 June 2013 - 09:53 PM

Hello, I have a rather persistent bit of software that runs as 'macromedia.exe' with the description 'coin-miner' that uses 50% of my CPU at all times. I can change affinity and set it to only use one core but obviously I'd like it gone.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Steven at 22:48:33 on 2013-06-11
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.16367.12775 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BOINC\boinctray.exe
C:\Users\Steven\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
D:\Apps\SABnzbd\SABnzbd.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ShareX\ShareX.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Apps\Sickbeard\SickBeard.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\wscript.exe
C:\Users\Steven\AppData\Roaming\WindowsLogon\shell.exe
C:\Users\Steven\AppData\Roaming\WindowsLogon\macromedia.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Users\Steven\AppData\Roaming\WindowsLogon\usft_ext.exe.vbs
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{126DBCA3-AAD7-48F6-855B-969F071414E7} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{443561B1-14F6-4744-A439-05A2981691AD} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{DE4A9C36-781B-4C21-BB8B-56486E662F34} : DHCPNameServer = 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1365094235470
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/04 21:42:12];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-9-19 147704]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-1-4 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-1-4 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-1-4 295440]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-1-4 83704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-3-7 619904]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-3-7 13728]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-21 646248]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-3-7 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-3-7 15776]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-22 1432400]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-21 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-21 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-21 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-21 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 60 ================
.
2013-06-12 02:46:11 -------- d-----w- C:\Windows\pss
2013-06-12 02:42:22 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-12 02:35:15 -------- d-----w- C:\ComboFix
2013-06-12 02:04:01 -------- d-----w- C:\Users\Steven\AppData\Roaming\WindowsLogon
2013-06-12 02:03:10 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A7861EA-A846-4BF5-B7DD-AA11CDA07D92}\mpengine.dll
2013-06-12 01:42:20 98816 ----a-w- C:\Windows\sed.exe
2013-06-12 01:42:20 256000 ----a-w- C:\Windows\PEV.exe
2013-06-12 01:42:20 208896 ----a-w- C:\Windows\MBR.exe
2013-06-12 01:24:45 -------- d-----w- C:\Program Files\Unlocker
2013-06-12 01:15:29 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-10 12:23:42 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-09 12:47:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 12:47:17 -------- d-----w- C:\Program Files\iTunes
2013-06-09 12:47:17 -------- d-----w- C:\Program Files\iPod
2013-06-07 01:33:49 -------- d-----w- C:\Program Files (x86)\AMD
2013-06-06 16:12:09 -------- d-----w- C:\Users\Steven\AppData\Local\enchant
2013-06-06 06:48:16 -------- d-----w- C:\Users\Steven\AppData\Roaming\Hobbyist Software
2013-06-04 03:27:01 -------- d-----w- C:\Program Files (x86)\Audacity
2013-06-03 08:30:12 -------- d-----w- C:\Users\Steven\AppData\Roaming\foobar2000
2013-06-03 08:30:08 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-06-03 05:55:23 -------- d-----w- C:\Users\Steven\AppData\Local\clone.AD
2013-06-03 05:34:56 -------- d-----w- C:\ProgramData\clone.AD
2013-06-03 05:34:21 -------- d-----w- C:\Program Files (x86)\rebox
2013-06-02 23:51:10 29184 ----a-r- C:\Users\Steven\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2013-06-02 23:51:06 -------- d-----w- C:\Program Files (x86)\mkv2vob
2013-05-25 07:01:59 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-05-25 07:01:59 77312 ----a-w- C:\Windows\System32\tdc.ocx
2013-05-25 07:01:59 570880 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-05-25 07:01:59 51200 ----a-w- C:\Windows\System32\imgutil.dll
2013-05-25 07:01:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2013-05-25 07:01:59 481280 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-05-25 07:01:59 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
2013-05-25 07:01:59 194048 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll
2013-05-25 07:01:59 135680 ----a-w- C:\Windows\System32\IEAdvpack.dll
2013-05-21 11:43:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97C243C7-E6ED-4261-8281-AB41A287D9D1}\gapaengine.dll
2013-05-17 05:23:29 -------- d-----w- C:\Users\Steven\AppData\Roaming\crawl
2013-05-17 05:21:12 -------- d-----w- C:\Program Files (x86)\Crawl
2013-05-16 04:32:07 -------- d-----w- C:\Program Files (x86)\DoomRL
2013-05-15 06:24:52 -------- d-----w- C:\Users\Steven\AppData\Roaming\Mathematica
2013-05-15 06:24:52 -------- d-----w- C:\Users\Steven\AppData\Local\Mathematica
2013-05-15 06:24:31 -------- d-----w- C:\Program Files\Common Files\Wolfram Research
2013-05-15 06:24:30 -------- d-----w- C:\ProgramData\Mathematica
2013-05-15 06:24:30 -------- d-----w- C:\Program Files\Extras
2013-05-15 06:24:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research
2013-05-15 06:24:30 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft
2013-05-15 06:22:19 -------- d-----w- C:\ProgramData\Package Cache
2013-05-15 06:20:25 -------- d-----w- C:\Program Files\Wolfram Research
2013-05-14 20:12:50 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-14 20:12:50 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-14 20:12:50 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-14 20:12:48 70656 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-14 20:12:48 1931776 ----a-w- C:\Windows\System32\authui.dll
2013-05-14 20:12:48 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-14 20:12:48 111976 ----a-w- C:\Windows\System32\consent.exe
2013-05-14 20:12:47 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-05-14 08:34:35 -------- d-----w- C:\Users\Steven\AppData\Local\ArcSoft
2013-05-14 08:34:35 -------- d-----w- C:\ProgramData\ArcSoft
2013-05-14 08:34:34 4096 ----a-w- C:\Windows\System32\drivers\VirtualizerDDK.sys
2013-05-14 08:32:34 -------- d-----w- C:\Users\Steven\AppData\Local\Downloaded Installations
2013-05-14 08:26:52 -------- d-----w- C:\Program Files\MPC-HC
2013-05-14 08:21:59 -------- d-----w- C:\Users\Steven\AppData\Local\MediaShow
2013-05-14 08:16:30 -------- d-----w- C:\Program Files\VideoLAN
2013-05-14 08:15:48 -------- d-----w- C:\Users\Steven\AppData\Roaming\aacs
2013-05-14 08:15:48 -------- d-----w- C:\Users\Steven\AppData\Local\aacs
2013-05-14 07:58:52 -------- d-----w- C:\Users\Steven\AppData\Roaming\mIRC
2013-05-14 07:58:51 -------- d-----w- C:\Program Files (x86)\mIRC
2013-05-14 04:24:29 -------- d-----w- C:\Users\Steven\VirtualBox VMs
2013-05-11 04:40:01 -------- d-----w- C:\Users\Steven\AppData\Roaming\CDisplayEx
2013-05-11 04:39:51 -------- d-----w- C:\Program Files\CDisplayEx
2013-05-09 11:16:39 -------- d-----w- C:\Windows\Migration
2013-05-08 07:47:10 -------- d-----w- C:\Program Files (x86)\SRWare Iron
2013-05-08 07:45:55 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-03 01:17:00 -------- d-----w- C:\Program Files\AutoHotkey
2013-05-02 06:19:53 -------- d-----w- C:\Users\Steven\AppData\Local\Ubisoft Game Launcher
2013-04-25 20:59:15 -------- d-----w- C:\Users\Steven\AppData\Roaming\Feathercoin
2013-04-24 08:17:57 1686888 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-19 04:47:47 -------- d-----w- C:\Program Files (x86)\HydraIRC
2013-04-19 03:42:36 -------- d-----w- C:\Program Files (x86)\TunnelBear
.
==================== Find6M  ====================
.
2013-06-12 01:12:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:12:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-09 12:11:35 1430464 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2013-05-25 07:00:52 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-08 07:45:52 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-08 07:45:52 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-31 19:04:43 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-03-22 16:06:59 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:25:43 5553496 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:16:21 34304 ----a-w- C:\Windows\System32\appidsvc.dll
2013-03-19 05:16:20 58368 ----a-w- C:\Windows\System32\appidapi.dll
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 04:41:10 3972440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 04:41:07 3916632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:30:52 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2013-03-19 03:37:46 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2013-03-19 03:37:34 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2013-03-19 03:37:33 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-10 00:10:57 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-10 00:10:57 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-09 21:47:41 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2013-03-09 21:47:41 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-18 15:00:11 2953448 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-18 12:15:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-01-05 02:55:04 315392 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2013-01-04 05:47:43 1901416 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-04 05:47:39 376664 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-01-04 05:47:31 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 08:17:48 55688 ----a-w- C:\Windows\System32\LMouFiltCoInst.dll
2013-01-03 08:17:48 43400 ----a-w- C:\Windows\System32\drivers\LUsbFilt.sys
2013-01-03 08:17:38 77192 ----a-w- C:\Windows\System32\drivers\LHidFilt.Sys
2013-01-03 08:17:38 61832 ----a-w- C:\Windows\System32\drivers\LMouFilt.Sys
2013-01-03 08:17:38 1846664 ----a-w- C:\Windows\System32\LkmdfCoInst.dll
2012-12-29 20:59:38 28664 ----a-w- C:\Windows\SysWow64\speedfan.sys
2012-12-29 08:38:59 25 ----a-w- C:\Users\Steven\close_chrome.bat
2012-12-19 19:48:44 237992 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-12-19 19:47:20 204200 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-12-19 19:47:20 146856 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-12-19 19:47:20 132008 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-12-19 19:47:20 120232 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-03 04:09:32 59840 --sh--w- C:\Windows\dtmn.exe
.
============= FINISH: 22:49:02.72 ===============
 
Attached File  attach.txt   10.46KB   0 downloads
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 15 June 2013 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 21 June 2013 - 07:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users