Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MDM.exe


  • This topic is locked This topic is locked
6 replies to this topic

#1 reapah23

reapah23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 June 2015 - 11:28 PM

My computer isn't running slow or anything, but I keep seeing this file pop up that is using around 70% of my GPU resources. A simple end task on it does the trick but it leads me to believe theres more to it then I can see. I opened its location out of curiosity today and it looks like some kind of data miner? Theres about 15 other files in there with it as a .CL extension and then a config file talking about allowing a script to run, google states that it is a .NET debugger but it's in a weird location C:\Users\Curtis\AppData\Roaming\MK10\Caches. Could it possibly be a virus?

=====================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015

Ran by Curtis (administrator) on CURTISPC on 06-06-2015 23:58:40
Running from C:\Users\Curtis\Downloads
Loaded Profiles: Curtis (Available Profiles: Curtis)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Curtis\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-31] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Curtis\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\Run: [Spotify Web Helper] => C:\Users\Curtis\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\MountPoints2: {59aa1a43-ec9b-11e4-825d-0862669eb148} - "E:\setup.exe" 
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\MountPoints2: {91ffb27e-ff25-11e4-8270-fd4cf83021bf} - "F:\setup.exe" 
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\...\MountPoints2: {91ffb2a1-ff25-11e4-8270-fd4cf83021bf} - "G:\setup.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1679200867-2143882378-2360125764-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-21]
CHR Extension: (Dark Legends) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfbekphmapfjpdkfedomagjpccekhaa [2015-04-21]
CHR Extension: (Google Docs) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21]
CHR Extension: (Google Drive) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-21]
CHR Extension: (YouTube) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-21]
CHR Extension: (Pool) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-04-21]
CHR Extension: (Google Search) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-21]
CHR Extension: (Google Sheets) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-21]
CHR Extension: (AdBlock) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
CHR Extension: (Google Wallet) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-21]
CHR Extension: (Gmail) - C:\Users\Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-31] (Advanced Micro Devices, Inc.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [23504 2014-12-25] (Micro-Star Int'l Co., Ltd.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-20] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-28] (Disc Soft Ltd)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S5 WinDivert1.1;  <===== ATTENTION Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-06 23:58 - 2015-06-06 23:59 - 00009976 _____ C:\Users\Curtis\Downloads\FRST.txt
2015-06-06 23:58 - 2015-06-06 23:58 - 00000000 ____D C:\FRST
2015-06-06 23:39 - 2015-06-06 23:39 - 02108928 _____ (Farbar) C:\Users\Curtis\Downloads\FRST64.exe
2015-06-06 00:31 - 2015-06-06 00:32 - 00002590 _____ C:\Users\Curtis\Desktop\RS HTML5.lnk
2015-06-05 18:30 - 2015-06-05 18:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-05 18:30 - 2015-06-05 18:30 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-06-05 18:29 - 2015-06-05 18:29 - 00001206 _____ C:\Users\Public\Desktop\Metro Last Light Redux.lnk
2015-06-05 18:19 - 2015-06-05 18:29 - 00000000 ____D C:\Program Files (x86)\Metro Last Light Redux
2015-06-05 13:25 - 2015-06-05 13:25 - 00000000 ____D C:\Users\Curtis\Documents\4A Games
2015-06-05 13:20 - 2015-06-05 13:20 - 00000000 ____D C:\Users\Curtis\AppData\Local\4A Games
2015-06-05 13:11 - 2015-06-05 13:11 - 00001060 _____ C:\Users\Curtis\Desktop\Metro 2033 Redux.lnk
2015-06-05 13:11 - 2015-06-05 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro 2033 Redux
2015-06-05 13:02 - 2015-06-05 13:16 - 00000000 ____D C:\Program Files (x86)\Metro 2033 Redux
2015-06-05 11:20 - 2015-06-05 11:20 - 00001364 _____ C:\Users\Curtis\Desktop\The Last Remnant.lnk
2015-06-05 11:20 - 2015-06-05 11:20 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\The Last Remnant
2015-06-04 18:06 - 2015-06-04 18:06 - 00172775 _____ C:\Users\Curtis\Downloads\Guargian_Vintage_Striped_Walls.package
2015-06-03 08:39 - 2015-06-03 09:02 - 00000000 ____D C:\Users\Curtis\Documents\Assassin's Creed Unity
2015-06-03 07:25 - 2015-06-03 08:38 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed Unity
2015-06-03 07:25 - 2015-06-03 07:25 - 00000878 _____ C:\Users\Public\Desktop\Assassin's Creed Unity.lnk
2015-06-01 13:22 - 2015-06-01 13:22 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-06-01 13:21 - 2015-06-01 14:26 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-06-01 13:16 - 2015-06-01 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2015-06-01 13:16 - 2015-06-01 13:16 - 00000000 ____D C:\Program Files\HWiNFO64
2015-06-01 13:10 - 2015-06-01 13:10 - 00001103 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-06-01 12:52 - 2015-06-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-06-01 12:52 - 2015-06-01 13:10 - 00000000 ____D C:\Program Files\CPUID
2015-06-01 12:52 - 2015-06-01 12:52 - 00000885 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-06-01 09:32 - 2015-06-01 09:35 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\RadeonPro
2015-06-01 09:32 - 2015-06-01 09:32 - 00000000 ____D C:\Users\Curtis\Documents\RadeonPro Benchmarks
2015-06-01 09:30 - 2015-06-01 12:16 - 00000000 ____D C:\Program Files (x86)\RadeonPro
2015-06-01 08:01 - 2015-06-01 08:01 - 00000000 ____D C:\Users\Curtis\Documents\Assassin's Creed IV Black Flag
2015-06-01 07:49 - 2015-06-01 07:49 - 00002379 _____ C:\Users\Public\Desktop\Assassin's Creed Black Flag.lnk
2015-06-01 07:49 - 2015-06-01 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RiP by Fenixx
2015-06-01 07:29 - 2015-06-01 07:49 - 00000000 ____D C:\Program Files (x86)\Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.06 + 8 DLC
2015-06-01 06:34 - 2015-06-01 06:34 - 00000000 ____D C:\Users\Curtis\Documents\Assassin's Creed Rogue
2015-06-01 06:34 - 2015-06-01 06:34 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\uplay
2015-06-01 06:08 - 2015-06-01 06:08 - 00001221 _____ C:\Users\Curtis\Desktop\Uplay.lnk
2015-06-01 06:08 - 2015-06-01 06:08 - 00000133 _____ C:\Users\Public\Desktop\Assassin's Creed Rogue.url
2015-06-01 06:08 - 2015-06-01 06:08 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-05-29 14:55 - 2015-05-29 14:55 - 00001109 _____ C:\Users\Curtis\Downloads\steam_api.rar
2015-05-29 14:34 - 2015-05-29 15:50 - 00000000 ____D C:\Program Files (x86)\ Borderlands The Pre-Sequel
2015-05-29 14:34 - 2015-05-29 14:34 - 00001168 _____ C:\Users\Public\Desktop\ Borderlands The Pre-Sequel.lnk
2015-05-28 02:59 - 2015-05-28 02:59 - 00001203 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-05-28 02:59 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-05-28 02:03 - 2015-05-28 03:21 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2015-05-27 13:04 - 2015-05-27 13:04 - 00000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2015-05-27 13:03 - 2015-05-27 13:03 - 00000814 _____ C:\Users\Public\Desktop\Mass Effect 2.lnk
2015-05-27 13:03 - 2015-05-27 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
2015-05-26 17:35 - 2015-05-26 18:05 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Tera_Awesomium
2015-05-26 15:23 - 2015-05-27 13:11 - 00054294 _____ C:\Users\Curtis\Documents\Install Mass Effect 2.log
2015-05-26 14:46 - 2015-05-31 08:31 - 00000000 ____D C:\Program Files (x86)\AGB-GT
2015-05-26 09:59 - 2015-05-26 09:59 - 00001019 _____ C:\Users\Public\Desktop\Mass Effect 3.lnk
2015-05-26 09:59 - 2015-05-26 09:59 - 00000000 ____D C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2015-05-26 09:59 - 2015-05-26 09:59 - 00000000 ____D C:\Users\Curtis\AppData\Local\Game Updater
2015-05-26 09:59 - 2015-05-26 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
2015-05-26 06:59 - 2015-05-26 06:59 - 00000000 ____D C:\Users\Curtis\Documents\MercurySteam
2015-05-26 06:48 - 2015-06-03 06:07 - 00000000 ____D C:\Program Files (x86)\Castlevania Lords of Shadow 2
2015-05-26 05:20 - 2015-05-26 05:21 - 00000000 ____D C:\Users\Curtis\Documents\Thief
2015-05-25 00:54 - 2015-05-25 00:54 - 00000000 ____D C:\Users\Curtis\Documents\DyingLight
2015-05-24 16:44 - 2015-05-26 17:31 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-24 16:44 - 2015-05-24 16:44 - 00000000 ____D C:\Users\Curtis\AppData\Local\TERA
2015-05-23 00:40 - 2015-05-25 21:51 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 00:40 - 2015-05-23 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-23 00:39 - 2015-06-06 23:50 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 00:39 - 2015-06-06 22:23 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 00:39 - 2015-05-23 00:45 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-23 00:39 - 2015-05-23 00:45 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-23 00:39 - 2015-05-23 00:39 - 00000000 ____D C:\Users\Curtis\AppData\Local\Deployment
2015-05-23 00:39 - 2015-05-23 00:39 - 00000000 ____D C:\Users\Curtis\AppData\Local\Apps\2.0
2015-05-23 00:14 - 2015-05-23 00:14 - 00262144 ____N C:\Windows\Minidump\052315-28687-01.dmp
2015-05-21 21:59 - 2015-05-21 21:59 - 00000000 ____D C:\.jagex_cache_32
2015-05-21 04:42 - 2015-06-06 00:24 - 00000024 _____ C:\Users\Curtis\random.dat
2015-05-21 04:42 - 2015-06-06 00:13 - 00000024 _____ C:\Users\Curtis\jagexappletviewer.preferences
2015-05-21 04:42 - 2015-06-06 00:12 - 00000045 _____ C:\Users\Curtis\jagex_cl_runescape_LIVE.dat
2015-05-21 04:42 - 2015-05-21 04:42 - 00000000 ____D C:\Windows\.jagex_cache_32
2015-05-21 04:35 - 2015-05-21 04:42 - 00000000 ____D C:\Users\Curtis\jagexcache
2015-05-21 04:35 - 2015-05-21 04:35 - 00002118 _____ C:\Users\Curtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-05-21 04:35 - 2015-05-21 04:35 - 00002088 _____ C:\Users\Curtis\Desktop\RuneScape.lnk
2015-05-21 04:35 - 2015-05-21 04:35 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-05-20 16:47 - 2015-06-01 06:08 - 00000000 ____D C:\Users\Curtis\AppData\Local\Ubisoft Game Launcher
2015-05-20 15:54 - 2015-06-01 06:08 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-05-20 12:46 - 2014-11-24 21:30 - 00299008 _____ (easyhook.codeplex.com) C:\Windows\system32\EasyHook64.dll
2015-05-20 12:37 - 2015-06-03 08:39 - 00000000 ____D C:\ProgramData\Orbit
2015-05-20 11:35 - 2015-05-20 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-05-19 19:54 - 2015-05-26 17:29 - 00000000 ____D C:\Users\Curtis\Documents\The Witcher 3
2015-05-19 19:40 - 2015-05-19 19:40 - 00001975 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-05-19 19:40 - 2015-05-19 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt
2015-05-16 04:55 - 2015-05-16 04:55 - 00000000 ____D C:\Users\Curtis\Documents\Electronic Arts
2015-05-16 04:08 - 2015-05-16 04:08 - 00003228 _____ C:\Windows\System32\Tasks\MdmUpdateTaskMachineCore
2015-05-16 02:12 - 2015-05-16 03:12 - 00000000 ____D C:\Users\Curtis\Downloads\Insanity MAX 30
2015-05-15 20:28 - 2015-05-16 04:08 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\MK10
2015-05-11 00:18 - 2015-05-18 18:00 - 00000000 ____D C:\Users\Curtis\Documents\Diablo III
2015-05-10 23:08 - 2015-05-10 23:08 - 00001154 _____ C:\Users\Public\Desktop\Diablo III.lnk
2015-05-10 23:08 - 2015-05-10 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-05-10 22:53 - 2015-05-19 13:57 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-05-10 05:41 - 2015-05-10 05:41 - 00003226 _____ C:\Windows\System32\Tasks\{EBD2D0B8-D485-45D4-A999-5398F433193C}
2015-05-10 05:38 - 2015-05-10 05:38 - 00000299 _____ C:\Users\Curtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2015-05-09 04:19 - 2015-05-09 04:50 - 00000000 ____D C:\Program Files (x86)\NBA 2K15
2015-05-09 04:19 - 2015-05-09 04:19 - 00000812 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K15.lnk
2015-05-09 04:19 - 2015-05-09 04:19 - 00000800 _____ C:\Users\Public\Desktop\NBA 2K15.lnk
2015-05-09 00:05 - 2015-05-09 00:17 - 00000000 _____ C:\Recovery.txt
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-06 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-06 22:55 - 2015-04-04 15:00 - 01999859 _____ C:\Windows\WindowsUpdate.log
2015-06-06 22:25 - 2015-04-20 20:56 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Raptr
2015-06-06 22:25 - 2015-04-04 20:12 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 22:20 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 17:29 - 2015-04-04 14:49 - 00000000 ____D C:\Users\Curtis
2015-06-06 16:23 - 2015-04-22 17:26 - 00000031 _____ C:\Windows\UGGLauncher.INI
2015-06-06 16:16 - 2015-04-21 15:19 - 00000000 ____D C:\Users\Curtis\AppData\Local\Spotify
2015-06-06 16:16 - 2015-04-21 15:18 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Spotify
2015-06-06 14:00 - 2015-04-04 14:58 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1679200867-2143882378-2360125764-1001
2015-06-06 13:06 - 2015-04-04 14:42 - 00012154 _____ C:\Windows\PFRO.log
2015-06-06 13:05 - 2015-04-21 19:40 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\vlc
2015-06-06 01:34 - 2015-04-21 18:54 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\uTorrent
2015-06-05 20:15 - 2015-04-27 19:45 - 00000000 ____D C:\Users\Curtis\Documents\My Games
2015-06-05 13:15 - 2015-04-21 02:52 - 00000000 ____D C:\MSI
2015-06-05 11:20 - 2015-04-27 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-06-05 11:19 - 2015-04-04 06:09 - 00142051 _____ C:\Windows\DirectX.log
2015-06-02 17:07 - 2015-05-05 15:59 - 00000000 ____D C:\Users\Curtis\AppData\Local\Battle.net
2015-06-02 16:25 - 2015-05-05 15:59 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-01 22:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-01 14:26 - 2015-04-21 20:34 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-06-01 14:02 - 2015-04-21 20:49 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-06-01 13:22 - 2015-04-21 20:34 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-01 13:22 - 2015-04-21 20:34 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-06-01 13:21 - 2015-04-21 20:34 - 00001102 _____ C:\Users\Curtis\Desktop\MSI Afterburner.lnk
2015-06-01 12:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-01 11:35 - 2015-04-29 05:52 - 00002121 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2015-06-01 08:01 - 2015-04-28 15:55 - 00000000 ____D C:\ProgramData\Steam
2015-06-01 06:13 - 2013-08-22 10:44 - 00353856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 06:10 - 2015-04-20 20:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-31 20:46 - 2015-04-28 05:35 - 00000000 ____D C:\Users\Curtis\AppData\Local\SKIDROW
2015-05-30 00:13 - 2015-04-29 12:33 - 00000000 ____D C:\Users\Curtis\Documents\BioWare
2015-05-27 12:51 - 2015-04-28 14:59 - 00000000 ____D C:\Games
2015-05-26 07:57 - 2015-04-28 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-23 00:39 - 2015-04-21 07:17 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-23 00:14 - 2015-04-24 20:59 - 00000000 ____D C:\Windows\Minidump
2015-05-23 00:13 - 2013-08-22 10:46 - 00011223 _____ C:\Windows\setupact.log
2015-05-23 00:12 - 2015-04-20 20:52 - 00000000 ____D C:\Program Files\AMD
2015-05-18 18:23 - 2015-04-20 20:56 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-18 18:23 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-05-16 02:11 - 2015-04-04 14:50 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-10 05:36 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-05-09 04:21 - 2015-04-29 03:57 - 00000000 ____D C:\Program Files (x86)\Dragon Age Inquisition
2015-05-09 00:42 - 2013-08-22 15:11 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-05-09 00:42 - 2013-08-22 15:11 - 00000000 ____D C:\Windows\ShellNew
2015-05-09 00:42 - 2013-08-22 15:11 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 __RSD C:\Windows\Media
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___SD C:\Windows\system32\dsc
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\sppui
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\ras
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\MSDRM
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\zh-HK
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\uk-UA
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\tr-TR
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\th-TH
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sr-Latn-RS
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sppui
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sl-SI
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sk-SK
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\setup
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ro-RO
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ras
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\MSDRM
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\lv-LV
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\lt-LT
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\icsxml
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ias
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\hr-HR
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\he-IL
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\et-EE
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Com
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Bthprops
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\bg-BG
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\ar-SA
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system\Speech
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\MediaViewer
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\L2Schemas
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\IME
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\FileManager
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\addins
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-05-09 00:42 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\oobe
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Dism
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-09 00:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\servicing
2015-05-09 00:41 - 2015-05-05 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-09 00:41 - 2015-05-05 19:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-09 00:41 - 2015-05-05 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-05-09 00:41 - 2015-05-05 17:53 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-05-09 00:41 - 2015-05-05 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-05-09 00:41 - 2015-05-04 14:20 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-09 00:41 - 2015-04-27 19:37 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Dishonored - Game of the Year Edition
2015-05-09 00:41 - 2015-04-21 01:01 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-05-09 00:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2015-05-09 00:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
2015-05-09 00:28 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2015-05-08 22:09 - 2013-08-22 11:37 - 00002044 _____ C:\Windows\DtcInstall.log
2015-05-08 21:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
2015-05-08 10:24 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
 
Some files in TEMP:
====================
C:\Users\Curtis\AppData\Local\Temp\raptrpatch.exe
C:\Users\Curtis\AppData\Local\Temp\raptr_stub.exe
C:\Users\Curtis\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Curtis\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-04 04:15
 
==================== End of log ============================
*update* I ran the file through VirusTotal and my suspicions were right it's a bitcoin miner.
*update* I ran RogueKiller and got this report and then followed up with it by deleting the .exe and its entire folder successfully
====================
RogueKiller V10.8.1.0 [Jun  3 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Curtis [Administrator]
Started from : C:\Users\Curtis\Downloads\RogueKiller.exe
Mode : Delete -- Date : 06/07/2015  09:08:17
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path|VT.Trojan.Miner] \\MdmUpdateTaskMachineCore -- "C:\Users\Curtis\AppData\Roaming\MK10\Caches\mdm" (overbtc1234.) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] 61f254dc7f357a77c275d88c2d31ae80
[BSP] 2dd5e5541c6efa2d4b69d20c356ef33e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 476588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_06072015_090739.log

Attached Files


Edited by reapah23, 07 June 2015 - 08:30 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 11 June 2015 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Removed by RKILL

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path|VT.Trojan.Miner] \\MdmUpdateTaskMachineCore -- "C:\Users\Curtis\AppData\Roaming\MK10\Caches\mdm" (overbtc1234.) -> Deleted


This is related to Mortal Combat.
http://gameserrors.com/how-to-fix-mortal-kombat-x-errors-random-crashes-low-fps-not-starting/
---

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Curtis\AppData\Roaming\MK10
Task: {B99CED3C-9A91-41D2-8920-9C1AE9CE4C1A} - System32\Tasks\MdmUpdateTaskMachineCore => C:\Users\Curtis\AppData\Roaming\MK10\Caches\mdm [2015-05-16] () <==== ATTENTION
C:\Users\Curtis\AppData\Local\Temp\raptrpatch.exe
C:\Users\Curtis\AppData\Local\Temp\raptr_stub.exe
C:\Users\Curtis\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Curtis\AppData\Local\Temp\sfextra.dll

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 reapah23

reapah23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 12 June 2015 - 09:05 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Curtis at 2015-06-12 22:11:18 Run:1
Running from C:\Users\Curtis\Desktop
Loaded Profiles: Curtis (Available Profiles: Curtis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Curtis\AppData\Roaming\MK10
Task: {B99CED3C-9A91-41D2-8920-9C1AE9CE4C1A} - System32\Tasks\MdmUpdateTaskMachineCore => C:\Users\Curtis\AppData\Roaming\MK10\Caches\mdm [2015-05-16] () <==== ATTENTION
C:\Users\Curtis\AppData\Local\Temp\raptrpatch.exe
C:\Users\Curtis\AppData\Local\Temp\raptr_stub.exe
C:\Users\Curtis\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Curtis\AppData\Local\Temp\sfextra.dll
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
NTIOLib_1_0_4 => Service removed successfully
VBoxNetFlt => Service removed successfully
"C:\Users\Curtis\AppData\Roaming\MK10" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99CED3C-9A91-41D2-8920-9C1AE9CE4C1A} => key not found. 
C:\Windows\System32\Tasks\MdmUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MdmUpdateTaskMachineCore => key not found. 
C:\Users\Curtis\AppData\Local\Temp\raptrpatch.exe => moved successfully.
C:\Users\Curtis\AppData\Local\Temp\raptr_stub.exe => moved successfully.
C:\Users\Curtis\AppData\Local\Temp\sfamcc00001.dll => moved successfully.
C:\Users\Curtis\AppData\Local\Temp\sfextra.dll => moved successfully.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 22:11:43 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/12/2015
Scan Time: 10:28:51 PM
Logfile: test.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.12.07
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Curtis
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342785
Time Elapsed: 14 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Adware.KorAd, C:\Users\Curtis\Downloads\pangcal.zip, , [4493b7024941cc6a11998030eb1a659b], 
Adware.KorAd, C:\Users\Curtis\Desktop\New folder\mswinsck.exe, , [30a76b4e008abe789317e9c7fc09d62a], 
Adware.KorAd, C:\Users\Curtis\Desktop\New folder\vb6ko.exe, , [785f4e6b078343f39911d7d9050013ed], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
===================
 
The reason MDM was already gone is because I scanned with RogueKiller a few days ago and it deleted it. Thank you for the help, everything seems clean as I know what the 3 files are that the MAM scan found. I can't say if it is any faster or not as it was never slow just seemed like my pc was running hot randomly even when I idled, which the culprit was that MDM.exe as I watched the GPU usage in AMD Overdrive stay at 70% usage and then instantly drop to 0% as soon as I closed it. Haven't seen it since RogueKiller deleted it so all seems swell, I should probably turn on an antivirus but I really don't do much on the computer but play games and facebook or watch youtube and the occasional safe porn site. Feels good to know your precious hardware and information is safe! Your the best guys! And your right about the MK10 folder being a part of Mortal Kombat, I did have it but it ran extremely bad literally like 15 fps on the lowest settings possible using a MSI R9 280X and an AMD FX 6300 CPU, definitely need a better CPU but I don't think it was the lack of system requirements just a bad port or optimization on AMD GPU's,  so I uninstalled it. But that folder definitely had nothing about MK X in it, I'm guessing the game come packed with that bitcoin miner.

Edited by reapah23, 12 June 2015 - 10:04 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 13 June 2015 - 08:25 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
I strongly suggest you enable your Windows defender that comes with your Operating system.

#5 reapah23

reapah23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 13 June 2015 - 06:57 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
I strongly suggest you enable your Windows defender that comes with your Operating system.

All is definitely well, my porn sites are running as smooth as ever. How much better could it get? Definitely have plans to enable that Windows Defender. Thank you~



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 14 June 2015 - 07:16 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 20 June 2015 - 08:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users