Jump to content

Got a bitcoin mining virus on my PC. Gpu is under full load when idle.

gABBY
 Share

Recommended Posts

gABBY

gABBY

Posted
Posted

Hello dear people, Today all of a sudden my GPU started raising up in load en temp. 

 

Research got me here, but since it seems quite a bit of work to get it removed, I would like to have some help. I browsed the tutorial en here are my first results. 

 

 

This is the first report with dds.com

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16618
Run by gABBY at 19:20:24 on 2013-07-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1033.18.8146.5990 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
G:\gABBY\Stiem\Steam.exe
C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [steam] "G:\gABBY\Stiem\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\gABBY\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: C:\Users\gABBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gABBY\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{FE940914-2182-427D-ABE4-B20A871B09D3} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-28 283200]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-6-28 23680]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-28 769168]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-6-7 31232]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-6-7 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-7-9 10752]
S2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-6-29 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-6-28 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-7-9 32000]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-28 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-28 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-28 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-07-09 17:03:21 -------- d-----w- C:\Malware removel
2013-07-09 15:55:32 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-07-09 15:49:58 -------- d-----w- C:\Program Files\HitmanPro
2013-07-09 15:49:45 -------- d-----w- C:\ProgramData\HitmanPro
2013-07-09 14:51:19 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Malwarebytes
2013-07-09 14:51:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-09 14:51:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-09 14:51:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-09 14:39:45 -------- d-----w- C:\ProgramData\NVIDIA_Inspector
2013-07-09 14:04:29 -------- d-----w- C:\Users\gABBY\AppData\Roaming\MKKE
2013-07-09 12:52:00 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-07-09 12:52:00 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-07-09 12:52:00 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-07-09 12:52:00 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-07-09 12:52:00 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-07-09 12:52:00 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-07-09 12:52:00 10240 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-07-09 08:18:56 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38677760-460E-47D2-80AB-ECC8EFC63DC1}\mpengine.dll
2013-07-03 08:46:06 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-01 14:04:10 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB094481-049E-4D8E-AB1C-2473ECAA55EA}\gapaengine.dll
2013-06-29 16:48:30 -------- d-----r- C:\Users\gABBY\Dropbox
2013-06-29 16:47:32 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Dropbox
2013-06-29 12:29:33 -------- d-----w- C:\Users\gABBY\AppData\Local\Soulseek Chat Logs
2013-06-29 12:25:02 -------- d-----w- C:\Program Files (x86)\SoulseekQt
2013-06-29 12:18:08 -------- d-----w- C:\Users\gABBY\AppData\Local\QuickPar
2013-06-28 23:15:19 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Wargaming.net
2013-06-28 23:03:39 -------- d-----w- C:\Users\gABBY\AppData\Roaming\Windows Live Writer
2013-06-28 23:03:39 -------- d-----w- C:\Users\gABBY\AppData\Local\Windows Live Writer
2013-06-28 23:03:20 -------- d-----w- C:\Windows\SysWow64\xlive
2013-06-28 23:03:17 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-06-28 23:01:21 -------- d-----w- C:\Windows\nl
2013-06-28 23:01:06 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-28 23:00:52 -------- d-----w- C:\Windows\PCHEALTH
2013-06-28 22:57:34 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-06-28 22:57:34 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-06-28 22:57:25 385024 ----a-w- C:\Windows\System32\CNMLMAG.DLL
2013-06-28 22:54:04 -------- d-----w- C:\Users\gABBY\AppData\Roaming\NVIDIA
2013-06-28 22:40:17 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-28 22:40:17 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-28 22:39:58 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-28 22:39:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-28 22:39:52 -------- d-----w- C:\Users\gABBY\AppData\Local\PunkBuster
2013-06-28 22:39:31 -------- d-----w- C:\ProgramData\EA Core
2013-06-28 22:39:20 -------- d-----w- C:\ProgramData\EA Logs
2013-06-28 22:30:06 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2013-06-28 22:27:25 2906586 ------w- C:\Windows\SysWow64\Sens_oal.dll
2013-06-28 22:27:25 1944064 ------w- C:\Windows\System32\Sens_oal.dll
2013-06-28 22:27:23 647872 ------w- C:\Windows\SysWow64\Mscomct2.ocx
2013-06-28 22:27:23 53248 ------w- C:\Windows\Ctregrun.exe
2013-06-28 22:24:11 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll
2013-06-28 22:24:11 49664 ------w- C:\Windows\System32\CTChkAud.dll
2013-06-28 22:24:11 42496 ------w- C:\Windows\System32\AddCat.exe
2013-06-28 22:24:11 183296 ------w- C:\Windows\System32\CTOPT352.dll
2013-06-28 22:24:11 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll
2013-06-28 21:45:07 -------- d-----w- C:\Users\gABBY\AppData\Local\NVIDIA
2013-06-28 21:20:57 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-28 21:20:57 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-28 21:16:55 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-06-28 21:16:55 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-06-28 21:15:00 -------- d-----w- C:\ProgramData\Battle.net
2013-06-28 21:14:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-06-28 21:11:38 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-06-28 21:11:38 -------- d-----w- C:\Users\gABBY\AppData\Roaming\DAEMON Tools Pro
2013-06-28 21:11:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro
2013-06-28 21:11:09 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-06-28 21:08:53 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-28 20:56:55 -------- d-----w- C:\Program Files (x86)\ASUS
2013-06-28 20:54:52 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2013-06-28 20:39:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-28 20:39:12 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-28 20:39:11 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-28 20:39:11 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-28 20:25:30 6656 ----a-w- C:\Windows\System32\drivers\nl-NL\rdvgkmd.sys.mui
2013-06-28 20:25:30 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\rdpwd.sys.mui
2013-06-28 20:25:29 4608 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbhub.sys.mui
2013-06-28 20:25:29 3584 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbflt.sys.mui
2013-06-28 20:25:27 3072 ----a-w- C:\Windows\System32\drivers\nl-NL\Dot4usb.sys.mui
2013-06-28 20:23:22 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-28 20:23:21 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-28 20:23:21 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-28 20:23:21 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-28 20:23:21 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-28 20:23:20 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-06-28 20:23:18 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-28 20:23:18 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-28 20:23:18 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-28 20:23:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-28 20:23:17 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-28 20:23:17 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-28 20:08:10 -------- d-----w- C:\Windows\nl-NL
2013-06-28 20:01:50 -------- d-----w- C:\Users\gABBY\AppData\Local\Razer
2013-06-28 19:53:16 -------- d-----w- C:\Windows\System32\SPReview
2013-06-28 19:53:14 -------- d-----w- C:\Windows\System32\EventProviders
2013-06-28 19:53:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-28 19:52:59 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-28 19:19:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-06-28 18:54:56 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-28 18:54:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-28 18:54:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-28 18:54:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-28 18:49:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-06-28 18:48:59 6219088 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-06-28 18:48:58 9552976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB752D9D-BB05-496F-A2BC-BF4933E21717}\mpengine.dll
2013-06-28 18:42:42 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2013-06-28 18:42:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-06-28 18:42:38 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-06-28 18:41:02 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-28 18:41:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-28 18:41:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-28 18:41:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-28 18:41:02 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-28 18:41:02 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-28 18:40:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-28 18:40:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-28 18:40:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-28 18:40:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-28 18:40:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-28 18:40:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-28 18:40:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-28 18:38:05 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-06-28 18:38:05 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-06-28 18:38:05 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-06-28 18:38:05 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-06-28 18:38:05 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-06-28 18:38:05 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-06-28 18:38:05 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-06-28 18:38:05 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-06-28 18:38:05 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-06-28 18:38:05 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-06-28 18:38:01 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2013-06-28 18:38:01 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2013-06-28 18:36:46 -------- d-----w- C:\Users\gABBY\AppData\Local\Akamai
2013-06-28 18:35:58 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-06-28 18:34:23 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-28 18:33:59 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-28 18:32:36 -------- d-----w- C:\Program Files (x86)\QuickPar
2013-06-28 18:31:33 -------- d-----w- C:\Users\gABBY\AppData\Roaming\GrabIt
2013-06-28 18:31:08 -------- d-----w- C:\Program Files (x86)\GrabIt
2013-06-28 18:30:10 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2013-06-28 18:27:56 -------- d-----w- C:\Windows\Downloaded Installations
2013-06-28 18:26:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-06-28 18:26:13 -------- d-----w- C:\NVIDIA
2013-06-28 18:25:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-28 18:25:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-28 18:25:13 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-06-28 18:25:13 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-06-28 18:25:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-28 18:23:36 -------- d-----w- C:\Users\gABBY\AppData\Local\Google
2013-06-28 18:23:32 -------- d-----w- C:\Users\gABBY\AppData\Local\Deployment
2013-06-28 18:23:32 -------- d-----w- C:\Users\gABBY\AppData\Local\Apps
2013-06-28 18:23:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-28 18:21:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-28 18:21:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-28 18:21:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-28 18:21:18 769168 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-06-28 18:21:18 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-06-28 18:21:18 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-06-28 18:21:14 -------- d-----w- C:\Program Files (x86)\Realtek
2013-06-28 18:20:40 -------- d-----w- C:\gABBY
2013-06-28 18:12:36 -------- d-sh--we C:\Documents and Settings
2013-06-28 18:12:36 -------- d-sh--w- C:\Recovery
2013-06-24 11:20:22 768000 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2013-06-21 03:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-17 06:43:32 56832 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2013-06-17 06:43:32 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2013-06-17 06:43:28 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2013-06-17 06:43:26 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
.
==================== Find3M  ====================
.
2013-06-28 22:27:26 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-06-28 22:27:26 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-06-28 22:27:26 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-06-28 22:27:26 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-06-28 21:08:53 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-28 20:14:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-28 20:14:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-07 03:29:52 126464 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2013-06-07 03:29:50 31232 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 19:20:31,80 ===============
 
Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hello and Welcome to Malwarebytes

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.