PDA

View Full Version : bmufa-64 Bitcoin Miner removal assistance v2



Dalamir
2012-05-18, 22:44
Hey all,

This piece of junk is claiming 50% cpu whenever is leave my Win7 alone for a few minutes. Google is very silent regarding this software, Spybot did not pick it up during a scan.
I can find 2 entries in my registry seemingly related to the software:
HKLM\Software\Microsoft\Tracing\bmufa-64_RASAPI32
HKLM\Software\Microsoft\Tracing\bmufa-64_RASMANCS

Thus far I've tried CCleaner, Malware Bytes and Spybot to remedy the situation.

Can anybody shed a light on this?

Thanks in advance for any insight/help.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dalamir at 20:20:06 on 2012-05-18
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1033.18.16338.12767 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Users\Dalamir\AppData\Roaming\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [RAVCpl64.exe] C:\Users\Dalamir\AppData\Roaming\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A9F186E2-3AF3-4376-A8C5-B6133BDF05F6} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dalamir\AppData\Roaming\Mozilla\Firefox\Profiles\6xogbo5d.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 iaStorA;iaStorA;C:\Windows\system32\DRIVERS\iaStorA.sys --> C:\Windows\system32\DRIVERS\iaStorA.sys [?]
R0 iaStorF;iaStorF;C:\Windows\system32\DRIVERS\iaStorF.sys --> C:\Windows\system32\DRIVERS\iaStorF.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-4-18 7168]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-18 2348352]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-5-18 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-5-18 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-5-18 166528]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-4-20 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-4-20 14136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2012-4-20 24576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 129976]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7735v160\NTIOLib_X64.sys [2011-1-6 11888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-18 14:38:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-18 14:38:09 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-05-18 14:38:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-05-16 06:01:25 -------- d-----w- C:\Windows\System32\SPReview
2012-05-13 14:01:10 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\Foxit Software
2012-05-13 12:28:52 -------- d-----w- C:\ProgramData\RELOADED
2012-05-13 12:26:39 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\Realtek Semiconductor
2012-05-13 10:04:30 -------- d-----w- C:\Program Files\CCleaner
2012-05-09 21:18:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-05-09 21:18:18 -------- d-----w- C:\Program Files (x86)\Steam
2012-05-08 05:57:55 -------- d-----w- C:\Users\Dalamir\AppData\Local\ElevatedDiagnostics
2012-05-05 15:12:32 -------- d-----w- C:\Users\Dalamir\AppData\Local\World in Conflict
2012-05-05 15:06:42 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\The Creative Assembly
2012-05-05 14:40:26 -------- d-----w- C:\ProgramData\Media Center Programs
2012-05-05 14:00:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 12:52:00 -------- d-----w- C:\Users\Dalamir\AppData\Local\My Games
2012-05-03 23:34:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 23:34:06 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 23:34:06 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-01 04:40:05 -------- d-----w- C:\Program Files (x86)\Setup Files
2012-04-24 17:15:15 -------- d-----w- C:\Windows\CheckSur
2012-04-23 20:36:20 -------- d-----w- C:\Windows\System32\EventProviders
2012-04-23 20:36:03 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-21 08:24:26 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-04-20 20:51:46 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-04-20 20:51:46 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-04-20 20:35:35 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\NVIDIA
2012-04-20 20:29:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2012-04-20 20:14:03 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-04-20 20:14:03 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-20 20:14:03 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-04-20 20:14:03 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-04-20 20:14:03 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-20 20:10:16 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-20 20:10:16 -------- d-----w- C:\Windows\System32\Wat
2012-04-20 17:36:54 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-04-20 17:36:54 648808 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-04-19 06:57:49 -------- d-----w- C:\Windows\Panther
2012-04-19 06:21:24 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-04-19 06:21:24 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-04-19 06:10:51 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-04-19 06:10:51 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-04-19 06:10:51 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-04-19 06:10:51 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-04-19 06:10:51 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-04-19 06:10:51 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-04-19 06:10:51 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-04-19 06:10:51 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-04-19 06:10:51 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-04-19 06:10:51 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-04-19 06:10:25 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-04-19 06:01:58 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-19 06:01:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-19 06:01:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-19 06:01:58 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-19 06:01:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-19 06:01:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-19 06:01:58 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-19 06:01:17 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-04-19 04:24:37 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 04:24:37 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 01:08:59 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-04-19 01:07:45 633856 ----a-w- C:\Windows\System32\comctl32.dll
2012-04-19 01:06:56 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2012-04-19 01:05:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-04-19 01:04:59 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-04-19 01:03:51 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-19 01:03:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-18 21:42:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-18 21:32:24 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-04-18 21:31:51 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\BitTorrent
2012-04-18 21:30:58 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\Malwarebytes
2012-04-18 21:30:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-18 21:30:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-18 21:30:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-18 21:22:45 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-04-18 21:22:21 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-04-18 21:21:45 -------- d-----w- C:\Users\Dalamir\AppData\Local\Mozilla
2012-04-18 21:21:35 530488 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-04-18 21:21:12 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\DAEMON Tools Lite
2012-04-18 21:21:09 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-04-18 21:20:43 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-04-18 21:19:55 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\AVG2012
2012-04-18 21:19:37 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-18 21:19:35 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-04-18 21:19:35 -------- d-----w- C:\ProgramData\AVG2012
2012-04-18 21:19:27 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-18 21:15:43 -------- d-----w- C:\Users\Dalamir\AppData\Roaming\Intel Corporation
2012-04-18 21:14:00 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-04-18 21:14:00 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-04-18 21:14:00 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-04-18 21:14:00 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-04-18 21:14:00 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-04-18 21:14:00 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-04-18 21:13:56 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-04-18 21:13:53 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-18 21:13:48 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 21:13:48 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 21:13:48 1737536 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-04-18 21:13:48 1466176 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-04-18 21:13:48 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-18 21:13:35 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-04-18 21:13:22 -------- d-----w- C:\NVIDIA
2012-04-18 21:10:45 -------- d-----w- C:\Program Files\Realtek
2012-04-18 21:10:30 -------- d--h--w- C:\Program Files (x86)\Temp
2012-04-18 21:10:29 1698408 ----a-w- C:\Windows\RtlExUpd.dll
2012-04-18 21:09:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-04-18 21:09:20 -------- d-----w- C:\Program Files (x86)\Realtek
2012-04-18 21:08:22 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-04-18 21:08:15 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-29 11:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 20:20:15,86 ===============

I first noticed that my pc, when left unattented started using its fans a lot more than usual, so much so, I had to open a window in order to cool down my room in which my pc stands.
I finally found the cullprit by opening task manager, displaying the process tab and leaving the pc alone for a bit.
The bmufa-64 process would show up after about 1 minute.
If I use anything on the pc (say move the mouse cursor) the process will disappear...
Furthermore, I think another process conhost.exe is involved aswell. It to will appear around the time the first process starts running.

Dalamir
2012-05-26, 21:41
Decided to search for any files with the bmufa-64 name found the following in c:\windows\prefetch : BMUFA-64.EXE-347B5591.pf.
Is there a way to get some meaningfull info from this to to trace this program any further?
-----------------------------------------------------------------
-----------------------------------------------------------------


Edit
Post #3, "Resolution", was split off.


If someone posts instructions in their own topic, "this worked for me", it will be removed, possibly without notice. Just so you know. :)http://forums.spybot.info/showthread.php?t=288

FYI in case you need to request assistance again. :)

From the same sticky.




Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it.

The Waiting Room: Post here if waiting for help four days (http://forums.spybot.info/forumdisplay.php?f=37)


Best regards,