Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit

Featured Deal: Get 92% off The Complete Cisco Network Certification Training Bundle

SVC miner, trojan

Started by rm540 , Jul 05 2017 01:32 PM

This topic is locked

20 replies to this topic

#1 rm540

Members
13 posts
OFFLINE

Local time:03:56 AM

Posted 05 July 2017 - 01:32 PM

Hi, I recently removed a bunch of bad stuff via MBAM, MBR, MSE, etc. and I'm trying to see if I'm still at risk/clean everything completely.

Here's the dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.18698

Run by editor at 14:13:12 on 2017-07-05

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.24500.15520 [GMT -4:00]

AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}

SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvwmi64.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

C:\Program Files\Tablet\Wacom\WacomHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

C:\Program Files\AJA\windows\Applications\ajadaemon.exe

C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe

C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe

C:\Program Files\Avid\ISIS Client\Utilities\Benchmark Utility\BenchmarkAgent.exe

C:\Windows\system32\AvidFos_Service.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Google\Chrome Remote Desktop\59.0.3071.47\remoting_host.exe

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

C:\Program Files (x86)\Google\Chrome Remote Desktop\59.0.3071.47\remoting_host.exe

C:\Windows\System32\svchost.exe -k utcsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\system32\RAPID\SamsungRapidSvc.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe

C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\nvwmi64.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\Dwm.exe

C:\Program Files\Tablet\Wacom\WacomHost.exe

C:\Windows\Explorer.EXE

C:\USERS\EDITOR\DOWNLOADS\PROCEXP.EXE

C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe

C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe

C:\Users\editor\AppData\Local\Microsoft\OneDrive\OneDrive.exe

C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe

C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe

C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe

C:\Users\editor\AppData\Local\slack\app-2.6.3\slack.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

C:\Program Files\Avid\Avid Media Composer\AvidBackgroundServicesManager.exe

C:\Program Files\Avid\ISIS Client\Client Manager\ISISClientManager.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Users\editor\AppData\Local\slack\app-2.6.3\slack.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\editor\AppData\Local\slack\app-2.6.3\slack.exe

C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe

C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe

C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe

C:\Users\editor\AppData\Local\slack\app-2.6.3\slack.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe

C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Users\editor\AppData\Local\Temp\PROCEXP64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

C:\Windows\system32\prevhost.exe

C:\Windows\SysWOW64\prevhost.exe