Jump to content

Trojan.BitcoinMiner Please help =/

Izzi

By Izzi
in Resolved Malware Removal Logs

 Share

Recommended Posts

Izzi

Izzi

Posted
Posted

So today i turned on my PC and didnt use it for a couple of hours. then went to play a game and my framerate was average 20FPS. Looked at MSI Afterburner and MY GPU was steady away at 98%!!

 

looked around on the net and found a few things, now im sure that svchost.exe was useing all my gpu resources since when i end the process the gpu goes back to normal.

 

Ive ran Mbytes and it detected Trojan.BitcoinMiner, ofc i deleted the treats. I also ran AdwCleaner / OTL / aswMBR

but im not savvy enough to know what "fix" to use with OTL so didnt really do anything for me.

 

below are results from Mbytes after deletion. DDS.txt rand Attach.txt below that. Thanks in advance for your time.

 

DDS.txt
26/10/2013 16:34:26
mbam-log-2013-10-26 (16-34-26).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366031
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Detected: 1
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> 788 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by Izzy at 20:01:26 on 2013-10-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8144.6285 [GMT 1:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Izzy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\schtasks.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank


mStart Page = about:blank

mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [spotify] "C:\Users\Izzy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "C:\Users\Izzy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{426BDA46-75D3-48B8-97BD-0E7A54224C79} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Izzy\AppData\Roaming\Mozilla\Firefox\Profiles\4slhnhso.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Izzy\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-17 19264]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-28 46368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-29 283200]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-17 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-17 789824]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-14 24176]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-9-13 142008]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-14 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-17 49152]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-8 31800]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-17 677480]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Games\Smite\HiPatchService.exe [2013-1-24 9216]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-14 398184]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-29 4308320]
.
=============== Created Last 30 ================
.
2013-10-26 15:28:37    --------    d-----w-    C:\AdwCleaner
2013-10-26 13:20:44    494776    ----a-w-    C:\Windows\SysWow64\phatk121016Pitcairnv1w256l4.bin
2013-10-17 22:22:38    --------    d-----w-    C:\ProgramData\Oracle
2013-10-17 22:22:31    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-30 19:54:58    --------    d-----w-    C:\Users\Izzy\AppData\Local\ZAMNetworkLLC
2013-09-27 15:51:47    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-09-27 15:47:17    --------    d-----w-    C:\ProgramData\Package Cache
2013-09-27 11:25:06    799744    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
.
==================== Find3M  ====================
.
2013-10-10 11:39:50    29280    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2013-10-10 11:39:50    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2013-10-10 11:39:49    7717984    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2013-10-09 01:14:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:14:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-02 16:36:56    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-09-19 02:09:42    57344    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2013-09-19 02:09:42    154112    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2013-09-19 02:09:38    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2013-09-19 02:09:36    296448    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
2013-09-13 05:49:50    142008    ----a-w-    C:\Windows\System32\drivers\rzudd.sys
2013-08-31 00:14:10    156712    ----a-w-    C:\Windows\System32\amdhcp64.dll
2013-08-31 00:14:10    141256    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2013-08-31 00:14:08    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2013-08-31 00:14:08    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2013-08-31 00:14:06    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2013-08-31 00:14:06    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2013-08-31 00:14:00    142792    ----a-w-    C:\Windows\System32\atiuxp64.dll
2013-08-31 00:14:00    125824    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2013-08-31 00:13:58    97984    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2013-08-31 00:13:58    114488    ----a-w-    C:\Windows\System32\atiu9p64.dll
2013-08-31 00:13:56    1233080    ----a-w-    C:\Windows\System32\aticfx64.dll
2013-08-31 00:13:54    1027544    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2013-08-31 00:13:50    9464840    ----a-w-    C:\Windows\System32\atidxx64.dll
2013-08-31 00:13:46    8215992    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2013-08-31 00:13:42    6176008    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2013-08-31 00:13:38    6189416    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2013-08-31 00:13:32    6767240    ----a-w-    C:\Windows\System32\atiumd6a.dll
2013-08-31 00:13:30    7256496    ----a-w-    C:\Windows\System32\atiumd64.dll
2013-08-31 00:11:28    12528640    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2013-08-30 23:48:44    127488    ----a-w-    C:\Windows\System32\coinst_13.152.dll
2013-08-30 23:48:04    229376    ----a-w-    C:\Windows\System32\clinfo.exe
2013-08-30 23:47:46    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2013-08-30 23:47:40    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2013-08-30 23:47:36    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2013-08-30 23:47:30    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2013-08-30 23:47:14    28192256    ----a-w-    C:\Windows\System32\amdocl64.dll
2013-08-30 23:45:04    23760896    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2013-08-30 23:43:12    63488    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-08-30 23:43:08    57344    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-08-30 23:35:00    25387520    ----a-w-    C:\Windows\System32\atio6axx.dll
2013-08-30 23:18:20    368640    ----a-w-    C:\Windows\System32\atiapfxx.exe
2013-08-30 23:18:12    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2013-08-30 23:18:10    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2013-08-30 23:18:02    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2013-08-30 23:18:00    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2013-08-30 23:17:46    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2013-08-30 23:14:36    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2013-08-30 23:13:58    21400064    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2013-08-30 22:59:02    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2013-08-30 22:58:50    26112    ----a-w-    C:\Windows\System32\atimuixx.dll
2013-08-30 22:58:44    571904    ----a-w-    C:\Windows\System32\atieclxx.exe
2013-08-30 22:57:54    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2013-08-30 22:56:30    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2013-08-30 22:37:32    96256    ----a-w-    C:\Windows\System32\amdave64.dll
2013-08-30 22:37:24    90624    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2013-08-30 22:37:10    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2013-08-30 22:37:02    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2013-08-30 22:33:22    784384    ----a-w-    C:\Windows\System32\atiadlxx.dll
2013-08-30 22:33:12    594944    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2013-08-30 22:33:08    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2013-08-30 22:32:58    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2013-08-30 22:32:54    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2013-08-30 22:32:54    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2013-08-30 22:32:50    100352    ----a-w-    C:\Windows\System32\atig6txx.dll
2013-08-30 22:32:42    96768    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2013-08-30 22:32:32    618496    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2013-08-30 18:58:50    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2013-08-30 18:53:48    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2013-07-28 19:12:55    178448    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2013-07-28 19:12:54    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-07-28 19:12:54    54368    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
.
============= FINISH: 20:01:30.80 ===============

 

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/01/2013 15:16:26
System Uptime: 26/10/2013 19:25:49 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | P8Z77-V LX
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/102mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 16.912 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 383.509 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_84CA1043&REV_04\3&11583659&0&B0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&11EB9DBD&0&00E4
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&11EB9DBD&0&00E4
Service: RTL8167
.
==== System Restore Points ===================
.
RP202: 26/10/2013 00:02:14 - Revo Uninstaller Pro's restore point - Lego Marvel Super Heroes
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
ASUS VGA Driver
µTorrent
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Black Ops II version 1.0.0.1
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Classic Menu for Office Enterprise 2010
D3DX10
DAEMON Tools Lite
DayZ Commander
Dead Space™ 3
DMC Devi May Cry © Capcom version 1
Dolby Axon - 1.5.1.0
ESN Sonar
FINAL FANTASY XIV - A Realm Reborn
Firefall
Google Chrome
Google Update Helper
Grid 2
Hi-Rez Studios Authenticate and Update Service
Horizon v2.5.11.1
HydraVision
InfraRecorder
Intel® USB 3.0 eXtensible Host Controller Driver
Java 7 Update 45
Java Auto Updater
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 1.70.0.1100
Mass Effect™ 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Mozilla Firefox 24.0 (x86 en-GB)
Mozilla Maintenance Service
MSI Afterburner 2.3.1
MSI Kombustor 2.5.0
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mumble 1.2.3
Neverwinter
Notepad++
NVIDIA PhysX
Office Tab
Origin
Pando Media Booster
Photo Common
PunkBuster Services
QuickTime
RaidCall
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.2
Skype™ 6.9
Smite
Spotify
Steam
TeamSpeak 3 Client
TeamViewer 8
Ventrilo Client for Windows x64
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.8
VSO ConvertXToDVD
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Wirecast
.
==== Event Viewer Messages From Past Week ========
.
26/10/2013 19:26:08, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
26/10/2013 15:19:16, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/10/2013 13:27:56, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================


 

 

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Izzi and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, generate a new fresh DDS log files.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.