Jump to content

PUP.BitMiner and redirects.


Ulver
 Share

Recommended Posts

Recently my computer started acting funny. I kept finding PING.exe running and using up quite a bit of memory. Ending the process helped, but it comes back after a while. I'm also experiencing some redirects and popups (I haven't seen a pop-up in a long time!) usually from Google. Malwarebytes' found some things, but there's one in particular that doesn't seem to go away: PUP.BitMiner. I just did a third scan/removal (this time in safemode), and things seem to be back to normal, but I'd like some professional help to ensure there are no more issues. Thanks!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25

Run by KVLT_Pirate at 18:12:08 on 2011-11-29

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2736 [GMT -6:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Tunngle\TnglCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = local

mWinlogon: Userinit=userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r

mRun: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun

mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

TCP: Interfaces\{4A8CC1D3-33A4-45BD-8099-39E1849BC779} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4A8CC1D3-33A4-45BD-8099-39E1849BC779}\35F6D6D656276656C646 : DhcpNameServer = 99.144.182.1

TCP: Interfaces\{4A8CC1D3-33A4-45BD-8099-39E1849BC779}\C696E6B6379737 : DhcpNameServer = 71.155.242.1

TCP: Interfaces\{4A8CC1D3-33A4-45BD-8099-39E1849BC779}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{50B66753-B340-49FF-9444-2F9AF1DC5179} : DhcpNameServer = 7.254.254.254

TCP: Interfaces\{54A40554-5059-48DD-AAE2-7BD675A2AAF2} : DhcpNameServer = 99.141.216.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r

mRun-x64: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 208.69.57.87 game01.us.segaonline.jp

Hosts: 208.69.57.87 patch01.us.segaonline.jp

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\KVLT_Pirate\AppData\Roaming\Mozilla\Firefox\Profiles\pbq487mb.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\KVLT_Pirate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 ASWLCCSvc;ASUS Wireless Card Service;C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [2011-4-26 172032]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]

R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-6-9 736504]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

R3 ksaud;Creative USB Audio Driver;C:\Windows\system32\drivers\ksaud.sys --> C:\Windows\system32\drivers\ksaud.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-3 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-26 79360]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]

.

=============== Created Last 30 ================

.

2011-11-29 23:53:03 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2011-11-29 23:53:02 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2011-11-29 05:14:00 -------- d-----we C:\Windows\system64

2011-11-28 12:17:58 -------- d-----w- C:\Windows\SysWow64\xlive

2011-11-28 12:17:52 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2011-11-28 10:59:11 526392 ----a-w- C:\Windows\System32\drivers\sptd.sys

2011-11-28 10:58:56 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro

2011-11-28 10:58:46 -------- d-----w- C:\Users\KVLT_Pirate\AppData\Roaming\DAEMON Tools Pro

2011-11-28 10:58:46 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2011-11-26 02:31:27 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

2011-11-26 02:31:27 -------- d-----w- C:\Program Files\CPUID

2011-11-23 05:11:16 49152 ----a-r- C:\Users\KVLT_Pirate\AppData\Roaming\Microsoft\Installer\{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}\NewShortcut1_FD1E17BC29564AD7B937D23F06F1A5E8.exe

2011-11-23 04:02:18 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-23 04:01:07 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-11-23 04:01:04 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-23 04:01:04 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-23 03:59:30 -------- d-----w- C:\Program Files\ATI

2011-11-23 03:47:08 -------- d-----w- C:\Program Files (x86)\Driver Sweeper

2011-11-16 23:14:31 -------- d-----w- C:\FLAV

2011-11-12 01:35:57 -------- d-----w- C:\Users\KVLT_Pirate\AppData\Local\SWTOR

2011-11-10 18:50:29 -------- d-----w- C:\Users\KVLT_Pirate\AppData\Local\Skyrim

2011-11-10 18:41:00 -------- d-----w- C:\Program Files (x86)\Bethesda

2011-11-10 05:09:14 -------- d-----w- C:\Program Files (x86)\THQ

2011-11-09 20:12:27 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2011-11-03 01:45:52 -------- d-----w- C:\Program Files (x86)\SpeedFan

2011-11-02 20:38:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-02 20:38:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

.

==================== Find3M ====================

.

2011-11-29 05:25:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes804.dll

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes412.dll

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes411.dll

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes40D.dll

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes407.dll

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes404.dll

2011-11-20 13:19:07 380928 ----a-w- C:\Windows\apppatch\ALRes401.dll

2011-10-29 11:07:21 280576 ----a-w- C:\Users\KVLT_Pirate\AppData\Roaming\koeva.exe

2011-10-26 03:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-10-26 03:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-10-26 03:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll

2011-10-26 03:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll

2011-10-26 03:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll

2011-10-26 03:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll

2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll

2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe

2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll

2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-10-07 03:29:04 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-10-07 03:29:00 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-29 21:25:59 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-09-29 21:25:49 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-09-29 21:25:47 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-28 23:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll

2011-09-28 23:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

2011-09-14 16:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 16:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 16:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 16:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

.

============= FINISH: 18:12:35.99 ===============

Attach.txt

Link to post
Share on other sites

Hello Ulver! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.