Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange white box in chrome


  • Please log in to reply
8 replies to this topic

#1 XeLiOs

XeLiOs

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 09 May 2015 - 08:06 AM

Hello!

 

I've noticed a strange white box in web browsers. Not only in chrome but also in built-in browsers in games like Dota 2. Is this caused by malware?

 

Here's a screen shot of it. 

 

MdYWUbZ.png



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 AM

Posted 09 May 2015 - 09:23 AM

Adware...that's what I think is causing this. Use the programs below to find and remove. Use all of them.

 

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  •  
  •  
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 16 May 2015 - 10:29 PM

MBAM Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/15/2015
Scan Time: 7:55:59 PM
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.15.02
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jonathan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404670
Time Elapsed: 45 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.BitcoinMiner, C:\Windows\Temp\svchost.exe, , [5f8ff99adcaeba7cb0fe116b32d3bf41], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner
 
# AdwCleaner v4.203 - Logfile created 15/05/2015 at 20:58:57
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Jonathan - JAT-PC
# Running from : C:\Users\Jonathan\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : hshld
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
File Deleted : C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\cspt7nb3.default\user.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TransMac_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
[cspt7nb3.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "oursurfing");
[cspt7nb3.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/favicon.ico");
[cspt7nb3.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "oursurfing");
[cspt7nb3.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=ds&ts=1430562564&z=c5e448014c57e40c9d9c5feg8zdc0e1weq2o1wfqfz&from=amt&uid=ST2000DM001-1CH164_W1E45HC4XXXXW1E45HC4&q={[...]
 
-\\ Google Chrome v42.0.2311.152
 
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=0873002522FCDA29
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=PH&userid=18a08ab0-d60b-40fa-b7fa-ea42efcf37fe&searchtype=ds&q={searchTerms}&installDate={installDate}
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.oursurfing.com/web/?type=ds&ts=1430562564&z=c5e448014c57e40c9d9c5feg8zdc0e1weq2o1wfqfz&from=amt&uid=ST2000DM001-1CH164_W1E45HC4XXXXW1E45HC4&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4310 bytes] - [15/05/2015 20:57:49]
AdwCleaner[S0].txt - [4057 bytes] - [15/05/2015 20:58:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4116  bytes] ##########
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 8.1 Pro x64
Ran by Jonathan on Fri 05/15/2015 at 21:10:59.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-445093353-4053321811-4217746638-1001
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\users\public\desktop\hotspot shield.lnk
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Jonathan\AppData\Roaming\mozilla\firefox\profiles\cspt7nb3.default\prefs.js
 
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, amt);
user_pref(browser.search.searchengine.uid, ST2000DM001-1CH164_W1E45HC4XXXXW1E45HC4);
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/15/2015 at 21:13:49.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET
 
C:\Users\All Users\Origin\update.vbe    VBS/Kryptik.DC trojan   
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir    a variant of Win32/SpeedBit.F potentially unwanted application  deleted - quarantined
C:\ProgramData\Origin\update.vbe    VBS/Kryptik.DC trojan   cleaned by deleting - quarantined
C:\Users\Jonathan\Downloads\HSS-3.42-install-hss-561-conduit.exe    Win32/Toolbar.Conduit potentially unwanted application  deleted - quarantined
C:\Windows\Temp\lsass.exe   a variant of Win64/CoinMiner.X trojan   cleaned by deleting - quarantined
C:\Windows\Temp\svchost.exe Win64/CoinMiner.J trojan    cleaned by deleting - quarantined
D:\ipadbackup\Library\Downloads\v27 Win32/InstallMate.A potentially unwanted application    deleted - quarantined
D:\usb backups\usb back\Avast! IS 6.0.1091 Crack\ashBase.dll    a variant of Win32/Packed.Enigma.AAI trojan cleaned by deleting - quarantined

 



#4 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 AM

Posted 17 May 2015 - 05:29 AM

You had or may still have some serious malware. Is the box gone?

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 17 May 2015 - 08:37 PM

So far I haven't encountered it again. 

 

Yes HKCU:Run AdobeBridge
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run EADM Electronic Arts "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Yes HKCU:Run f.lux Flux Software LLC "C:\Users\Jonathan\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run AdobeCS6ServiceManager Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Yes HKLM:Run BigDog305 C:\Windows\VM305_STI.EXE USB PC Camera VC305
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
No HKLM:Run Razer Synapse Razer Inc. "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Yes HKLM:Run Samsung Link Copyright 2013 SAMSUNG "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes HKLM:Run SwitchBoard Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run vmware-tray.exe VMware, Inc. "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User Launchy.lnk C:\Program Files (x86)\Launchy\Launchy.exe
 
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task MATLAB R2012b Startup Accelerator C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
Yes Task Microsoft Office 15 Sync Maintenance for JAT-PC-Jonathan jat-pc Microsoft Corporation C:\Program Files\Microsoft Office\Office15\MsoSync.exe
No Task Optimize Start Menu Cache Files-S-1-5-21-445093353-4053321811-4217746638-1001
Yes Task Origin C:\ProgramData\Origin\update.vbe
Yes Task {614E27F1-B5E0-419A-857B-76DBA0D27C02} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Jonathan\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
 
Adobe After Effects CS6 Adobe Systems Incorporated 10/6/2014 2.25 GB 11
Adobe AIR Adobe Systems Incorporated 10/6/2014 3.1.0.4880
Adobe Flash Player 16 NPAPI Adobe Systems Incorporated 3/5/2015 6.00 MB 16.0.0.305
Adobe Help Manager Adobe Systems Incorporated 10/6/2014 4.0.244
Adobe Photoshop CS6 Adobe Systems Incorporated 7/27/2014 1.75 GB 13.0
Adobe Reader XI (11.0.11) Adobe Systems Incorporated 5/14/2015 185 MB 11.0.11
AllShare Framework DMS Samsung 7/25/2014 33.2 MB 1.3.23
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2/25/2015 26.7 MB 8.0.916.0
Android Studio Google Inc. 7/27/2014 1.0
Apple Application Support Apple Inc. 10/23/2014 95.2 MB 3.1
Apple Mobile Device Support Apple Inc. 10/23/2014 22.2 MB 8.0.5.6
Apple Software Update Apple Inc. 10/23/2014 2.38 MB 2.1.3.127
Assassin's Creed Liberation HD 12/26/2014
Assassin's Creed Unity 12/14/2014 40.8 GB 1.2.0
Assassins Creed Chronicles China 5/2/2015 1.48 MB
Battle.net Blizzard Entertainment 2/4/2015
Bing Bar Microsoft Corporation 7/25/2014 464 KB 7.1.355.0
Bonjour Apple Inc. 10/23/2014 2.08 MB 3.0.0.10
CCleaner Piriform 5/15/2015 5.05
Cheat Engine 6.4 Cheat Engine 12/14/2014 31.0 MB
Chief Architect Premier X6 (64 bit) Chief Architect 9/8/2014 622 MB 16.2.0.0
Chief Architect X1 Chief Architect Inc 9/9/2014 3.32 GB 11.0.6.41
Chief Architect X2 Chief Architect 9/11/2014 1.74 GB 12.1.2.29
Cisco Packet Tracer 6.0.1 Cisco Systems, Inc. 9/29/2014 250 MB
Cities: Skylines Colossal Order 3/11/2015
CodeBlocks The Code::Blocks Team 12/16/2014 13.12
Counter-Strike: Global Offensive Valve 12/22/2014
CPUID CPU-Z 1.70 9/16/2014 3.52 MB
Deadpool Activision 8/13/2014 6.36 GB 1.0
Dota 2 Valve 12/30/2014
Dota 2 Workshop Tools Alpha 9/18/2014
Dragon Age: Origins Electronic Arts 11/7/2014 15.5 GB 1.05.0.0
Dropbox Dropbox, Inc. 5/9/2015 3.4.6
ELDIM - EDIDViewer 3/21/2015
EPSON L120 Series Printer Uninstall SEIKO EPSON Corporation 8/11/2014
ESET Online Scanner v3 5/15/2015
Example Game Microsoft 10/8/2014 904 KB 1.0.0
f.lux 8/18/2014
FIFA 2015 1.00 TeRM!NaToR 10/9/2014 126 MB 1.00
FileZilla Client 3.9.0.1 Tim Kosse 7/25/2014 21.7 MB 3.9.0.1
GadgetWide Cloud Control Service GadgetWide 8/13/2014 6.05 MB 1.2.0.6
Game Dev Tycoon v1.5.11 (2014) Friends in War 9/23/2014 1.5.11
Geeks3D FurMark 1.15.0.0 Geeks3D 11/17/2014 7.72 MB
Git version 1.9.4-preview20140611 The Git Development Community 7/25/2014 82.7 MB 1.9.4-preview20140611
Goat Simulator R.G. Mechanics, markfiter 9/18/2014 1.37 GB
Google Chrome Google Inc. 7/24/2014 42.0.2311.152
Google Earth Google 11/26/2014 180 MB 7.1.2.2041
Hard Disk Sentinel PRO HDS 7/25/2014
HD Tune Pro 5.50 EFD Software 4/15/2015 4.16 MB
Heroes of the Storm Blizzard Entertainment 2/5/2015
Hotspot Shield 3.42 AnchorFree Inc. 12/8/2014 3.42
HP Customer Participation Program 14.0 HP 7/25/2014 14.0
HP Imaging Device Functions 14.0 HP 7/25/2014 14.0
HP Photo Creations HP Photo Creations Powered by RocketLife 7/25/2014 14.6 MB 1.0.0.2024
HP Photosmart Officejet and Deskjet All-In-One Driver Software HP 7/25/2014 14.0
HP Solution Center 14.0 HP 7/25/2014 14.0
HP Update Hewlett-Packard 7/25/2014 2.97 MB 5.002.006.003
HTC Driver Installer HTC Corporation 7/25/2014 1.27 MB 4.2.0.001
HWiNFO64 Version 4.46 Martin Malík - REALiX 11/17/2014 3.05 MB 4.46
Intel Android Device USB driver Intel 2/11/2015 1.1.5
Intel® Processor Graphics Intel Corporation 7/25/2014 9.17.10.3347
IP Camera Adapter Pavel Khlebovich 8/18/2014 5.21 MB 2.0.0.0
IPTInstaller HTC 7/25/2014 248 KB 4.0.8
iTunes Apple Inc. 10/23/2014 244 MB 12.0.1.26
Java 8 Update 25 (64-bit) Oracle Corporation 11/7/2014 85.3 MB 8.0.250
Java SE Development Kit 7 Update 55 (64-bit) Oracle 7/25/2014 207 MB 1.7.0.550
Java SE Development Kit 8 Update 20 (64-bit) Oracle Corporation 10/13/2014 314 MB 8.0.200.26
K-Lite Codec Pack 10.7.5 Standard 9/28/2014 80.9 MB 10.7.5
Launchy 2.5 Code Jelly 5/14/2015 14.0 MB
LinuxLive USB Creator Thibaut Lauziere 10/30/2014 2.8
Logitech Gaming Software 8.57 Logitech Inc. 1/29/2015 111 MB 8.57.145
Lua for Windows 5.1.4-46 The Lua for Windows Project and Lua and Tecgraf, PUC-Rio 5/1/2015 67.1 MB 5.1.4.46
Malwarebytes Anti-Malware version 2.1.6.1022 Malwarebytes Corporation 5/15/2015 57.6 MB 2.1.6.1022
MATLAB R2012b The MathWorks, Inc. 10/22/2014 8.0
Microsoft Office Professional Plus 2010 Microsoft Corporation 9/27/2014 14.0.4763.1000
Microsoft Office Professional Plus 2013 Microsoft Corporation 8/18/2014 15.0.4420.1017
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11/7/2014 4.47 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 7/27/2014 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 7/27/2014 7.32 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 7/27/2014 13.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10/22/2014 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 7/25/2014 6.68 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/27/2014 9.54 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/25/2014 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 3/12/2015 19.2 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 3/12/2015 1.56 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Corporation 1/31/2015 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/29/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 1/31/2015 17.3 MB 11.0.60610.1
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 9/7/2014 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 5/6/2015 17.1 MB 12.0.21005.1
Mortal Kombat X Premium Edition v.1.0 5/1/2015 2.18 MB
Mozilla Firefox 37.0.2 (x86 en-US) Mozilla 4/28/2015 83.8 MB 37.0.2
Mozilla Maintenance Service Mozilla 7/25/2014 225 KB 31.0
MSI Afterburner 4.0.0 MSI Co., LTD 11/21/2014 4.0.0
Neo4j Community 2.1.4 Neo Technology 10/14/2014 2.1.4
NetBeans IDE 8.0 NetBeans.org 7/25/2014 8.0
Neverwinter Cryptic Studios 1/16/2015
NVIDIA 3D Vision Controller Driver 347.09 NVIDIA Corporation 3/15/2015 347.09
NVIDIA 3D Vision Driver 347.52 NVIDIA Corporation 3/15/2015 347.52
NVIDIA GeForce Experience 2.4.1.21 NVIDIA Corporation 4/14/2015 2.4.1.21
NVIDIA Graphics Driver 347.52 NVIDIA Corporation 3/15/2015 347.52
NVIDIA HD Audio Driver 1.3.33.0 NVIDIA Corporation 3/15/2015 1.3.33.0
NVIDIA PhysX System Software 9.14.0702 NVIDIA Corporation 10/5/2014 9.14.0702
OCR Software by I.R.I.S. 14.0 HP 7/25/2014 14.0
Octave 11/27/2014 3.8.2
Only If Creability 8/9/2014
Oracle VM VirtualBox 4.3.18 Oracle Corporation 10/29/2014 157 MB 4.3.18
Origin Electronic Arts, Inc. 9/7/2014 9.4.22.2815
PC Link ASUSTEK 8/18/2014 34.8 MB 1.22.0.421
PC Link ASUSTEK 8/18/2014 35.0 MB 1.22.16.807
PyQt GPL v4.11.3 for Python v2.7 (x64) 4/19/2015 4.11.3
Python 2.7 matplotlib-1.4.1 (64-bit) 10/21/2014
Python 2.7 numpy-1.9.0 (64-bit) 10/21/2014
Python 2.7 pywin32-219 4/19/2015
Python 2.7 scikit-learn-0.15.2 (64-bit) 12/2/2014
Python 2.7 scipy-0.14.0 (64-bit) 12/2/2014
Python 2.7.8 (64-bit) Python Software Foundation 10/14/2014 55.3 MB 2.7.8150
Racer 8 30.06 Studios Ltd 1/16/2015
Razer Game Booster Razer Inc. 7/26/2014 62.1 MB 4.2.45.0
Razer Synapse 2.0 Razer Inc. 7/25/2014 17.0 MB 1.18.15.20888
Recuva Piriform 7/27/2014 1.51
RivaTuner Statistics Server 6.2.0 Unwinder 11/21/2014 6.2.0
Samsung Link 2.0.0.1503181422 Copyright 2013 SAMSUNG 5/15/2015 2.0.0.1503181422
Sandboxie 4.14 (64-bit) Sandboxie Holdings, LLC 2/18/2015 4.14
SaTScan 9.4 3/8/2015
SeaTools for Windows 1.4.0.2 Seagate Technology 5/6/2015 1.4.0.2
Setup - Hyperdimension Neptunia Re Birth1 © Idea Factory International ... Nippon Ichi Software 2/25/2015 4,095 GB ...
Shop for HP Supplies HP 7/25/2014 14.0
Sid Meier's Civilization Beyond Earth 2K 7/24/2014
Sid Meier's Civilization Beyond Earth R.G. Gamblers, Fanfar 1/31/2015
Skype Click to Call Microsoft Corporation 3/9/2015 7.14 MB 7.3.16540.9015
Skype™ 7.4 Skype Technologies S.A. 5/8/2015 79.3 MB 7.4.102
Spiral Knights Three Rings 1/22/2015
Steam Valve Corporation 7/25/2014
Sublime Text Build 3059 Sublime HQ Pty Ltd 7/25/2014 22.5 MB
TechPowerUp GPU-Z TechPowerUp 10/25/2014
The King Of Fighters XIII 9/22/2014 2.33 GB 1
The Legend of Korra Activision 10/23/2014 2.74 GB
TrueCrypt TrueCrypt Foundation 7/27/2014 7.2
Unity Web Player Unity Technologies ApS 8/19/2014 12.0 MB 4.5.3f3
Unity Web Player (x64) (All users) Unity Technologies ApS 1/8/2015 12.0 MB 4.6.1f1
Universal Adb Driver ClockworkMod 2/11/2015 8.81 MB 1.0.0
Vegas Pro 13.0 (64-bit) Sony 9/20/2014 794 MB 13.0.373
VLC media player VideoLAN 10/7/2014 2.1.5
VLC media player 2.1.3 VideoLAN 7/25/2014 2.1.3
VMware Workstation VMware, Inc 9/9/2014 3.25 GB 9.0.0
Win32DiskImager version 0.9.5 ImageWriter Developers 9/15/2014 44.8 MB 0.9.5
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) Google, Inc. 9/1/2014 01/27/2014 9.0.0000.00000
Windows Driver Package - SafeNet, Inc. USB  (03/09/2006 7.3.0.0) SafeNet, Inc. 9/9/2014 03/09/2006 7.3.0.0
Windows Speech Recognition Macros Microsoft Corporation 11/10/2014 1.25 MB 1.0.6862.19
WinRAR 5.20 (64-bit) win.rar GmbH 12/17/2014 5.20.0
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) 10/6/2014
XAMPP Bitnami 7/25/2014 0.95 GB 1.8.3-4
Zotero Standalone 4.0.23 (x86 en-US) Zotero 12/10/2014 77.4 MB 4.0.23
 
 
 
 


#6 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 AM

Posted 17 May 2015 - 09:12 PM

Remove these Tasks using CCleaner by clicking on each item to highlight then choose Remove/ uninstall on the right.

Yes Task Origin C:\ProgramData\Origin\update.vbe (BitCoin Miner trojan)
Yes Task {614E27F1-B5E0-419A-857B-76DBA0D27C02} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Jonathan\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt (adware)
 
Disable the other 6 Tasks using CCleaner by clicking on each item to highlight and then choose to Disable.
 
Please let me know of any other problem and suggest you rerun all the scans again after 3 days. Not sure if the malware is completely killed.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 18 May 2015 - 10:50 AM

Thank you so much. PC is running fine now. No more high cpu usage from the miner. I'll report if something comes up.



#8 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 20 May 2015 - 08:27 AM

I just noticed the white box started to appear again while viewing this thread. Tried to scan with MBAM but it found nothing.



#9 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:23 AM

Posted 20 May 2015 - 12:27 PM

Check Tasks using CCleaner and see if a new Task is there...if so disable.

 

Try this...If you don't have Adblock Plus installed, do that in both Firefox and Chrome. After install, click on its logo and choose filter preferences, uncheck allow some non-intrusive advertising

Adblock Plus :: Add-ons for Firefox

Adblock Plus - Chrome Web Store

 

Block Third Party cookies which are ad and tracking cookies: How To Disable Third-Party Cookies In All Major Browsers

After blocking the install of 3rd party cookies you should run CCleaner to remove the ones presently installed.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users