Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BitCoinMiner makes my computer slow


  • This topic is locked This topic is locked
7 replies to this topic

#1 wervers05

wervers05

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 24 July 2013 - 02:08 AM

My computer is running slow because of this virus. I already run malwarebytes anti-malware and detect this PUP file. In my process list I saw cm.exe(coin-miner) that has 50 cpu usage. This one makes my netbook slow. 

Here is my DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Foebe at 13:46:42 on 2013-07-24
#Option MBR scan  is disabled.
Microsoft Windows 7 Starter   6.1.7601.1.1252.63.1033.18.2037.571 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\Windows\security\ami.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\security\ami.exe
C:\Program Files\mutualpublic\Monitor.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\SFB\SmartRestarter.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\igfxext.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k iissvcs
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN14751203273302199&UM=1&ctid=CT3289075
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows 7 Starter Helper: {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [BitTorrent] "c:\users\foebe\appdata\roaming\bittorrent\BitTorrent.exe"  /MINIMIZED
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7AA99EA0-BE02-4AB0-B94B-678085FDF60A}\34963736F61313237303 : DHCPNameServer = 192.168.100.1 198.41.0.4
TCP: Interfaces\{7AA99EA0-BE02-4AB0-B94B-678085FDF60A}\45147455D4051495 : DHCPNameServer = 192.168.100.1 198.41.0.4
TCP: Interfaces\{D8418473-8093-4959-8750-657C0692E610} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\foebe\appdata\roaming\mozilla\firefox\profiles\ip752u4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI=UN16886606791346914&UM=1&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - 
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-21 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-21 369584]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2011-3-29 10752]
R2 AmmyyAdmin;Ammyy Admin;c:\windows\security\ami.exe [2013-3-21 730960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-21 46808]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-26 89888]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-18 701512]
R2 Mutual Monitor;Mutual Monitor;c:\program files\mutualpublic\monitor.exe run --> c:\program files\mutualpublic\Monitor.exe run [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-16 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-16 171928]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2013-3-21 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-3-21 33320]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-3-30 116008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-18 22856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-8-30 315680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-14 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-14 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-7-14 27136]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2013-7-14 14416]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-07-24 02:35:24 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8f68b35b-9a9f-400d-ba2d-a9e8c10ca0a8}\mpengine.dll
2013-07-20 00:17:29 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-19 05:36:54 -------- d-----w- c:\users\foebe\appdata\local\temp
2013-07-19 05:17:33 -------- d-----w- c:\programdata\AMMYY
2013-07-19 03:37:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-18 13:40:50 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-18 13:40:49 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-18 13:40:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-18 11:05:56 -------- d-----w- c:\users\foebe\appdata\roaming\Malwarebytes
2013-07-18 11:05:26 -------- d-----w- c:\programdata\Malwarebytes
2013-07-18 11:05:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-18 11:05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-16 13:47:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-16 13:46:37 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-16 13:46:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-16 02:04:32 154624 ----a-w- c:\windows\system32\iisRtl.dll
2013-07-16 02:04:28 50688 ----a-w- c:\windows\system32\admwprox.dll
2013-07-16 02:04:20 15360 ----a-w- c:\windows\system32\iisreset.exe
2013-07-16 02:04:16 26624 ----a-w- c:\windows\system32\ahadmin.dll
2013-07-16 02:04:14 10752 ----a-w- c:\windows\system32\wamregps.dll
2013-07-16 02:04:12 8192 ----a-w- c:\windows\system32\iisrstap.dll
2013-07-15 18:21:13 -------- d-----w- c:\windows\system32\BestPractices
2013-07-15 18:21:09 -------- d-----w- C:\inetpub
2013-07-15 17:44:38 -------- d-----w- c:\users\foebe\appdata\local\Razer
2013-07-14 22:24:08 247808 ----a-w- c:\windows\system32\schannel.dll
2013-07-14 22:24:07 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-14 22:24:07 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-14 22:24:06 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-14 22:23:55 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-07-14 11:38:29 -------- d-----w- c:\users\foebe\appdata\roaming\360desktop
2013-07-14 11:05:31 -------- d-----w- c:\users\foebe\appdata\local\http___www.julien-manici
2013-07-14 10:53:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-07-14 10:53:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-07-14 10:53:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-07-14 10:53:01 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-07-14 10:19:42 -------- d-----w- c:\users\foebe\appdata\local\Programs
2013-07-14 09:41:17 -------- d-----r- c:\program files\Skype
2013-07-14 09:24:58 -------- d-----w- c:\program files\CCleaner
2013-07-14 05:56:56 -------- d-----w- c:\users\foebe\appdata\local\ElevatedDiagnostics
2013-07-14 05:44:01 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-14 05:37:54 -------- d-----w- c:\windows\system32\MRT
2013-07-11 19:41:46 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 19:41:39 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 19:41:37 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 19:41:34 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 19:41:23 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-11 19:40:42 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-11 19:40:41 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-11 19:40:41 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-07-04 04:58:06 -------- d-----w- c:\users\foebe\appdata\local\Deployment
2013-07-04 04:58:06 -------- d-----w- c:\users\foebe\appdata\local\Apps
2013-07-03 11:38:55 -------- d-----w- c:\users\foebe\appdata\local\{657F719A-B2CA-4920-B2DE-F87D60566673}
2013-07-03 11:38:39 -------- d-----w- c:\users\foebe\appdata\local\{ABCB9302-8D2E-4662-958B-2B2F2E67AF51}
2013-07-01 09:02:08 -------- d-----w- c:\users\foebe\appdata\roaming\DefaultTab
2013-07-01 09:00:35 -------- d-----w- c:\program files\OApps
2013-07-01 08:37:46 -------- d-----w- c:\program files\Universal Math Solver
2013-06-30 08:07:28 -------- d-----w- c:\windows\system32\Extensions
2013-06-30 08:07:13 -------- d-----w- c:\windows\system32\searchplugins
2013-06-29 19:40:33 -------- d-----w- c:\program files\Cheat Engine 6.3
2013-06-27 09:02:54 -------- d-----w- c:\users\foebe\appdata\roaming\systweak
2013-06-27 09:01:26 -------- d-----w- c:\program files\mutualpublic
2013-06-27 08:58:34 -------- d-----w- c:\users\foebe\appdata\local\WMTools Downloaded Files
2013-06-27 08:58:05 -------- d-----w- c:\programdata\Babylon
2013-06-27 08:58:04 -------- d-----w- c:\users\foebe\appdata\roaming\Babylon
2013-06-27 08:57:42 518064 ----a-w- c:\windows\system32\framework.ocx
.
==================== Find3M  ====================
.
2013-07-21 14:08:50 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-21 14:08:50 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-16 11:31:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-16 11:31:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-22 09:35:23 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-02 12:28:19 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-06-02 12:28:19 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-01 18:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
============= FINISH: 13:48:40.33 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 24 July 2013 - 02:39 PM

Good evening. :)

Did you instruct Malware Bytes to remove this infection and if so, did it?


So long, and thanks for all the fish.

 

 


#3 wervers05

wervers05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 25 July 2013 - 01:49 AM

Yes, after it display the scan results it says the detection will be deleted on reboot. But after I reboot, my computer still running slow because of the CM.exe (coin-miner) that is still in the process list.



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 25 July 2013 - 01:34 PM

Good evening. :)

Run MBAM and select the Logs Tab.
Each log has the time and date attached to it - let me have one that shows the detection in question.


So long, and thanks for all the fish.

 

 


#5 wervers05

wervers05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 25 July 2013 - 07:48 PM

Hi. This is what I'm talking about. :)

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.21.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Foebe :: ZUDOTOZI-NB [administrator]
 
Protection: Enabled
 
7/21/2013 8:14:06 PM
mbam-log-2013-07-21 (20-14-06).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331723
Time elapsed: 1 hour(s), 43 minute(s), 8 second(s)
 
Memory Processes Detected: 1
C:\Program Files\mutualpublic\cm.exe (PUP.BitCoinMiner) -> 4888 -> Delete on reboot.
 
Memory Modules Detected: 3
C:\Program Files\mutualpublic\miner.dll (PUP.BitCoinMiner) -> Delete on reboot.
C:\Program Files\mutualpublic\usft_ext.dll (PUP.BitCoinMiner) -> Delete on reboot.
C:\Program Files\mutualpublic\coinutil.dll (PUP.BitcoinMiner) -> Delete on reboot.
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\Program Files\mutualpublic\cm.exe (PUP.BitCoinMiner) -> Delete on reboot.
C:\Program Files\mutualpublic\miner.dll (PUP.BitCoinMiner) -> Delete on reboot.
C:\Program Files\mutualpublic\usft_ext.dll (PUP.BitCoinMiner) -> Delete on reboot.
C:\Program Files\mutualpublic\coinutil.dll (PUP.BitcoinMiner) -> Delete on reboot.
 
(end)


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 26 July 2013 - 01:33 PM

Good evening. :)

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop:
 

  • Linky #1
  • Linky #2
     
  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:


    :dir
     
    C:\Program Files\mutualpublic
    

     

     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan - the log can also be found on your Desktop entitled SystemLook.txt
  • Please post the contents of this log in your next reply.

 

 

 

 


So long, and thanks for all the fish.

 

 


#7 wervers05

wervers05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 27 July 2013 - 11:48 AM

Good Day sir! :)

 

Thank you for you effort in responding about my problems. I really appreciated it. I already fix my problem about my computer. I remember that my computer doesn't have any important file. I just run system restore and re-install my disk c: to its initial state. Then the virus already gone. Thank you for your time. God bless! :) 



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 PM

Posted 27 July 2013 - 03:17 PM

Good evening. :)

That would fix the problem - top job.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users