MuTron

Members

View Profile See their activity

Posts
6
Joined
June 24, 2012
Last visited
June 24, 2012

Reputation

0 Neutral

Another trojan.dropper.BCMiner

MuTron replied to MuTron's topic in Resolved Malware Removal Logs

Thank you, that appears to have done the trick. No more browser redirects, and I've tried several virus scanners, and they're all reporting clean.
- June 24, 2012
- 12 replies
Another trojan.dropper.BCMiner

MuTron replied to MuTron's topic in Resolved Malware Removal Logs

ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-24 04:41:47 # local_time=2012-06-24 05:41:47 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 69472 93018693 0 0 # compatibility_mode=8192 67108863 100 0 216 216 0 0 # scanned=210246 # found=6 # cleaned=6 # scan_time=2463 C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Rob\Downloads\Alcohol52_FE_2.0.2.3931.exe a variant of Win32/InstallCore.R application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\06242012_153927\C_Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\06242012_153927\C_Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
- June 24, 2012
- 12 replies
Another trojan.dropper.BCMiner

MuTron replied to MuTron's topic in Resolved Malware Removal Logs

ComboFix 12-06-23.06 - Rob 24/06/2012 16:37:06.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2043 [GMT 1:00] Running from: c:\users\Rob\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\E9FE930044.sys c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\SysWow64\avisynth.dll c:\windows\SysWow64\devil.dll c:\windows\SysWow64\muzapp.exe . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))) . . 2012-06-24 15:41 . 2012-06-24 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-24 14:35 . 2012-06-24 14:35 -------- d-----w- C:\_OTL 2012-06-24 10:32 . 2012-06-24 10:32 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-24 10:31 . 2012-06-24 10:31 -------- d-----w- c:\program files (x86)\Oracle 2012-06-24 10:30 . 2012-06-24 10:30 -------- d-----w- c:\program files (x86)\Java 2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes 2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\programdata\Malwarebytes 2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-24 10:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 20:56 . 2012-06-23 20:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-06-23 20:35 . 2012-06-23 20:35 -------- d-----w- c:\users\Rob\AppData\Local\Conceiva 2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\programdata\Conceiva 2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\program files (x86)\Conceiva 2012-06-23 12:18 . 2012-06-23 18:56 -------- d-----w- c:\program files (x86)\PS3 Media Server 2012-06-23 10:01 . 2012-05-04 18:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-23 09:58 . 2012-06-23 10:00 -------- d-----w- c:\program files\Java 2012-06-22 18:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C52C71CB-2644-4F26-BDFE-8CAB2E81437A}\mpengine.dll 2012-06-19 13:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 13:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 13:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 13:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 13:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 13:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 13:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 13:00 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 13:00 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-16 09:57 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-16 09:57 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-16 09:57 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-05 10:03 . 2010-11-11 17:40 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-06-05 10:03 . 2010-09-21 08:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-06-05 10:03 . 2012-06-05 10:03 -------- d-----w- c:\program files (x86)\ArcSoft 2012-06-05 09:41 . 2012-06-05 10:05 -------- d-----w- c:\users\Rob\AppData\Roaming\ArcSoft 2012-06-05 09:41 . 2012-06-05 09:45 -------- d-----w- c:\programdata\ArcSoft 2012-06-02 08:24 . 2012-06-02 08:24 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-06-01 22:19 . 2012-06-01 22:19 -------- d-----w- c:\programdata\BDJ 2012-06-01 22:15 . 2012-06-01 22:16 -------- d-----w- c:\users\Rob\AppData\Roaming\Corel 2012-06-01 22:15 . 2012-06-01 22:16 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2012-06-01 22:15 . 2012-06-01 22:15 -------- d-----w- c:\users\Rob\Corel 2012-06-01 22:14 . 2007-01-15 13:36 14112 ----a-w- c:\windows\system32\drivers\regi.sys 2012-06-01 22:13 . 2012-06-05 09:37 -------- d-----w- c:\programdata\Corel 2012-06-01 21:51 . 2012-06-01 21:51 -------- d-----w- c:\users\Rob\AppData\Local\MediaShow 2012-06-01 21:36 . 2012-06-01 21:36 -------- d-----w- c:\users\Rob\AppData\Local\MediaServer 2012-06-01 21:36 . 2012-06-01 21:53 -------- d-----w- c:\programdata\PDVD 2012-06-01 21:34 . 2012-06-01 21:34 -------- d-----w- c:\programdata\install_clap 2012-05-31 19:37 . 2012-06-06 20:20 -------- d-----w- c:\users\Rob\AppData\Local\CyberLink 2012-05-31 19:30 . 2012-06-06 20:20 -------- d-----w- c:\users\Public\CyberLink 2012-05-31 19:30 . 2012-05-31 19:30 -------- d-----w- c:\users\Rob\AppData\Local\PowerDVDCox 2012-05-31 19:30 . 2012-05-31 19:30 -------- d-----w- c:\users\Rob\AppData\Local\PowerDVDCinema 2012-05-31 19:30 . 2012-06-01 21:37 -------- d-----w- c:\users\Rob\AppData\Roaming\CyberLink 2012-05-31 19:26 . 2012-06-06 20:21 -------- d-----w- c:\programdata\CyberLink 2012-05-31 19:26 . 2012-05-31 19:26 -------- d-----w- c:\program files (x86)\Common Files\CyberLink 2012-05-31 19:24 . 2012-05-31 19:41 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2012-05-31 19:24 . 2006-07-11 16:35 503808 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-31 17:55 . 2012-05-31 17:59 -------- d-----w- c:\users\Rob\AppData\Roaming\aacs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 09:58 . 2012-05-12 14:47 955840 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-23 09:58 . 2012-05-12 14:47 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-22 18:11 . 2012-04-14 13:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-22 18:11 . 2012-04-14 13:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 17:29 . 2012-05-05 16:29 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 18:29 . 2012-04-14 10:23 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-02 11:26 . 2012-05-02 11:26 560184 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-04-23 17:33 . 2012-04-23 17:34 678746 ----a-w- c:\windows\unins000.exe 2012-04-14 11:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-04-14 11:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-14 09:54 . 2012-04-14 09:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-04-14 09:54 . 2012-04-14 09:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-04-14 09:54 . 2012-04-14 09:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-04-14 09:54 . 2012-04-14 09:54 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-04-14 09:54 . 2012-04-14 09:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-04-14 09:54 . 2012-04-14 09:54 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-14 09:54 . 2012-04-14 09:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-04-14 09:54 . 2012-04-14 09:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-04-14 09:54 . 2012-04-14 09:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-04-14 09:54 . 2012-04-14 09:54 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-04-14 09:54 . 2012-04-14 09:54 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-04-14 09:54 . 2012-04-14 09:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-04-14 09:54 . 2012-04-14 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-04-14 09:54 . 2012-04-14 09:54 448512 ----a-w- c:\windows\system32\html.iec 2012-04-14 09:54 . 2012-04-14 09:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-04-14 09:54 . 2012-04-14 09:54 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-04-14 09:54 . 2012-04-14 09:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-04-14 09:54 . 2012-04-14 09:54 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-14 09:54 . 2012-04-14 09:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-14 09:54 . 2012-04-14 09:54 222208 ----a-w- c:\windows\system32\msls31.dll 2012-04-14 09:54 . 2012-04-14 09:54 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-04-14 09:54 . 2012-04-14 09:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-04-14 09:54 . 2012-04-14 09:54 160256 ----a-w- c:\windows\system32\wextract.exe 2012-04-14 09:54 . 2012-04-14 09:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-04-14 09:54 . 2012-04-14 09:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-04-14 09:54 . 2012-04-14 09:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-04-14 09:54 . 2012-04-14 09:54 12288 ----a-w- c:\windows\system32\mshta.exe 2012-04-14 09:54 . 2012-04-14 09:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-04-14 09:54 . 2012-04-14 09:54 114176 ----a-w- c:\windows\system32\admparse.dll 2012-04-14 09:54 . 2012-04-14 09:54 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-04-14 09:54 . 2012-04-14 09:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-04-14 09:54 . 2012-04-14 09:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-04-08 23:47 . 2012-04-29 12:06 92160 ----a-w- c:\windows\system32\ff_vfw.dll 2012-04-08 23:45 . 2012-04-29 12:06 53760 ----a-w- c:\windows\system32\ff_acm.acm 2012-04-08 23:40 . 2012-04-29 12:07 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-04-08 23:39 . 2012-04-29 12:07 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm 2012-03-30 11:35 . 2012-05-12 06:57 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-28 21:11 . 2012-05-03 14:14 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2012-03-28 21:11 . 2012-03-28 21:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-03-28 21:11 . 2012-03-28 21:11 325552 ----a-w- c:\windows\MASetupCaller.dll 2012-03-28 21:11 . 2012-03-28 21:11 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-03-28 21:11 . 2012-03-28 21:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll 2012-03-28 21:11 . 2012-03-28 21:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll 2012-03-28 21:11 . 2012-03-28 21:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll 2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll 2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll 2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll 2012-03-28 21:11 . 2012-03-28 21:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax 2012-03-28 21:11 . 2012-03-28 21:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll 2012-03-28 21:11 . 2012-03-28 21:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll 2012-03-28 21:11 . 2012-03-28 21:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2012-03-28 21:11 . 2012-03-28 21:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll 2012-03-28 21:11 . 2012-03-28 21:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll 2012-03-28 21:11 . 2012-03-28 21:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll 2012-03-28 21:11 . 2012-03-28 21:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll 2012-03-28 21:11 . 2012-03-28 21:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax 2012-03-28 21:11 . 2012-03-28 21:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll 2012-03-28 21:11 . 2012-03-28 21:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe 2012-03-28 21:11 . 2012-03-28 21:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll 2012-03-28 21:11 . 2012-03-28 21:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll 2012-03-28 21:11 . 2012-03-28 21:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax 2012-03-28 21:11 . 2012-03-28 21:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll 2012-03-28 21:11 . 2012-03-28 21:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax 2012-03-28 21:11 . 2012-03-28 21:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax 2012-03-28 21:11 . 2012-03-28 21:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll 2012-03-28 21:11 . 2012-03-28 21:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax 2012-03-28 21:11 . 2012-05-03 14:14 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 regi;regi;c:\windows\system32\drivers\regi.sys [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 Mezzmo;Mezzmo;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2012-06-08 3114352] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5i9fi36f.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-24 16:48:26 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-24 15:48 . Pre-Run: 156,432,834,560 bytes free Post-Run: 156,257,230,848 bytes free . - - End Of File - - 33A63663F17DE2B1B8FA4FCC6C24BA81
- June 24, 2012
- 12 replies
Another trojan.dropper.BCMiner

MuTron replied to MuTron's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000008.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000032.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000064.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000000.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000004.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\000000cb.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\L\00000004.@ moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\@ moved successfully. C:\Users\Rob\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Rob\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Rob\AppData\Roaming\uTorrent folder moved successfully. ========== FILES ========== C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U folder moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f} scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Rob ->Temp folder emptied: 305469238 bytes ->Temporary Internet Files folder emptied: 360947558 bytes ->Java cache emptied: 10561 bytes ->FireFox cache emptied: 576862074 bytes ->Flash cache emptied: 72301 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 175788598 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,354.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.0 log created on 06242012_153927 Files\Folders moved on Reboot... C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U folder moved successfully. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f} folder moved successfully. C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f} not found! File C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rob :: ROB-PC [administrator] Protection: Enabled 24/06/2012 15:57:00 mbam-log-2012-06-24 (15-57-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202513 Time elapsed: 1 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- June 24, 2012
- 12 replies
Another trojan.dropper.BCMiner

MuTron replied to MuTron's topic in Resolved Malware Removal Logs

uTorrent is gone, and the results of the OTL logs are as follows: OTL logfile created on: 24/06/2012 15:01:23 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rob\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.30% Memory free 7.85 Gb Paging File | 5.94 Gb Available in Paging File | 75.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.62 Gb Total Space | 145.05 Gb Free Space | 31.15% Space Free | Partition Type: NTFS Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/24 15:01:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Downloads\OTL.exe PRC - [2012/06/08 12:55:56 | 003,114,352 | ---- | M] (Conceiva Pty. Ltd.) -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters) SRV - [2012/06/08 12:55:56 | 003,114,352 | ---- | M] (Conceiva Pty. Ltd.) [Auto | Running] -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe -- (Mezzmo) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/02 12:26:33 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/22 10:04:10 | 000,876,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011/06/02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/21 09:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec) DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/01/21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009/07/17 09:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009/07/01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009/06/10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2007/01/15 14:36:18 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2007/01/15 14:36:18 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (6077757b) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 49 25 2B 28 1A CD 01 [binary data] IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/19 17:11:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/19 17:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions [2012/05/02 22:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5i9fi36f.default\extensions [2012/06/24 11:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/13 05:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/13 05:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/13 05:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/06/24 13:47:32 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C05178-18CF-4675-A99E-3FE2BE2A9B0C}: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27715C20-15F9-450A-8252-BA8AA3C46827}: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88745F7A-1AC1-4BCF-95FF-7B301B05B89D}: DhcpNameServer = 192.168.250.253 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/24 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\RK_Quarantine [2012/06/24 11:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/06/24 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/06/24 11:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/06/24 11:18:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Malwarebytes [2012/06/24 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/24 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/24 11:18:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/24 11:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/23 21:56:34 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/23 21:35:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Conceiva [2012/06/23 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Conceiva [2012/06/23 21:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Conceiva [2012/06/23 21:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo [2012/06/23 21:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conceiva [2012/06/23 13:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server [2012/06/23 10:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/05 11:03:58 | 000,080,448 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysNative\MMCEDT5.exe [2012/06/05 11:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 5 [2012/06/05 11:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2012/06/05 10:44:59 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\ArcSoft [2012/06/05 10:41:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ArcSoft [2012/06/05 10:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft [2012/06/02 09:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/06/01 23:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BDJ [2012/06/01 23:15:05 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Corel [2012/06/01 23:15:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\Corel [2012/06/01 23:14:15 | 000,014,112 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys [2012/06/01 23:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012/06/01 22:51:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\MediaShow [2012/06/01 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\MediaServer [2012/06/01 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2012/06/01 22:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2012/06/01 22:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2012/05/31 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\CyberLink [2012/05/31 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\PowerDVDCox [2012/05/31 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\PowerDVDCinema [2012/05/31 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\CyberLink [2012/05/31 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\CyberLink [2012/05/31 20:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012/05/31 20:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2012/05/31 20:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012/05/31 18:55:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\aacs ========== Files - Modified Within 30 Days ========== [2012/06/24 12:54:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/24 12:54:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/24 12:46:57 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI [2012/06/24 12:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/24 12:46:36 | 3161,878,528 | -HS- | M] () -- C:\hiberfil.sys [2012/06/24 11:27:56 | 000,803,043 | ---- | M] () -- C:\Users\Rob\AppData\Local\census.cache [2012/06/24 11:27:52 | 000,102,979 | ---- | M] () -- C:\Users\Rob\AppData\Local\ars.cache [2012/06/24 11:21:07 | 001,012,656 | ---- | M] () -- C:\Users\Rob\Desktop\rkill.com [2012/06/24 11:18:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/23 23:23:11 | 3655,533,832 | ---- | M] () -- C:\Users\Rob\Desktop\rsg-holmes2-1080p.mp4 [2012/06/23 21:43:30 | 000,000,036 | ---- | M] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache [2012/06/23 21:35:17 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Mezzmo.lnk [2012/06/17 03:26:07 | 004,916,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/17 03:08:04 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/17 03:08:04 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/17 03:08:04 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/05 11:03:57 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk [2012/06/01 23:16:12 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012/06/01 23:15:04 | 000,000,008 | RHS- | M] () -- C:\ProgramData\E9FE930044.sys [2012/06/01 23:14:57 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr ========== Files Created - No Company Name ========== [2012/06/24 12:47:02 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000008.@ [2012/06/24 11:21:07 | 001,012,656 | ---- | C] () -- C:\Users\Rob\Desktop\rkill.com [2012/06/24 11:18:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/23 23:20:36 | 3655,533,832 | ---- | C] () -- C:\Users\Rob\Desktop\rsg-holmes2-1080p.mp4 [2012/06/23 21:58:23 | 000,803,043 | ---- | C] () -- C:\Users\Rob\AppData\Local\census.cache [2012/06/23 21:57:03 | 000,102,979 | ---- | C] () -- C:\Users\Rob\AppData\Local\ars.cache [2012/06/23 21:43:30 | 000,000,036 | ---- | C] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache [2012/06/23 21:42:30 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000032.@ [2012/06/23 21:42:30 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000064.@ [2012/06/23 21:42:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000000.@ [2012/06/23 21:42:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000004.@ [2012/06/23 21:42:30 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\000000cb.@ [2012/06/23 21:42:30 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\L\00000004.@ [2012/06/23 21:35:34 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI [2012/06/23 21:35:17 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Mezzmo.lnk [2012/06/05 11:03:58 | 000,312,184 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcSec.sys [2012/06/05 11:03:58 | 000,007,366 | ---- | C] () -- C:\Windows\SysNative\drivers\win7_64logo.cat [2012/06/05 11:03:58 | 000,002,239 | ---- | C] () -- C:\Windows\SysNative\drivers\win7Logo.inf [2012/06/05 11:03:57 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk [2012/06/01 23:15:04 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/06/01 23:15:04 | 000,000,008 | RHS- | C] () -- C:\ProgramData\E9FE930044.sys [2012/06/01 23:14:16 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr [2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabib.ini [2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabhm.ini [2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabec.ini [2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabap.ini [2012/05/14 15:45:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012/04/30 19:57:15 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\LTAW14FN.BIN [2012/04/30 19:57:15 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\FJLTAFOU.BIN [2012/04/29 13:07:31 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/04/29 13:01:58 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2012/04/29 13:01:58 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2012/04/24 21:58:02 | 000,000,005 | ---- | C] () -- C:\Windows\khohnodf.ini [2012/04/24 21:54:06 | 000,000,005 | ---- | C] () -- C:\Windows\khohnoch.ini [2012/04/24 21:49:59 | 000,000,005 | ---- | C] () -- C:\Windows\khohnoph.ini [2012/04/24 21:49:59 | 000,000,005 | ---- | C] () -- C:\Windows\khohnoje.ini [2012/04/24 21:45:08 | 000,000,005 | ---- | C] () -- C:\Windows\khohnokj.ini [2012/04/24 21:45:08 | 000,000,005 | ---- | C] () -- C:\Windows\khohnobj.ini [2012/04/24 21:45:07 | 000,000,005 | ---- | C] () -- C:\Windows\khohnomf.ini [2012/04/24 21:45:07 | 000,000,005 | ---- | C] () -- C:\Windows\khohnogk.ini [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\ssoleht.dll [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibkh.dll [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibjy.dll [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibfg.dll [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibeh.dll [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\slibff.dll [2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\slibddf.dll [2012/04/23 18:34:26 | 000,678,746 | ---- | C] () -- C:\Windows\unins000.exe [2012/04/23 18:34:26 | 000,019,599 | ---- | C] () -- C:\Windows\unins000.dat [2012/04/14 14:36:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012/04/14 10:15:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\@ [2012/04/14 08:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012/05/31 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\aacs [2012/04/14 16:23:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ableton [2012/05/22 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Audacity [2012/05/19 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/05/24 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Lite [2012/04/30 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Fujitsu [2012/04/14 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\iZotope [2012/04/15 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OpenOffice.org [2012/05/03 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Samsung [2012/04/14 15:49:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Synaptics [2012/06/24 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent [2012/05/28 15:47:08 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 24/06/2012 15:01:23 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rob\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.30% Memory free 7.85 Gb Paging File | 5.94 Gb Available in Paging File | 75.63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.62 Gb Total Space | 145.05 Gb Free Space | 31.15% Space Free | Partition Type: NTFS Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417000F0}" = Java 7 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit) "{2A837CDD-8FD6-4287-B82E-0664C90BB15A}" = Lexicon Omega Driver "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{73089240-023C-11E0-9AE3-2BA1DFD72085}" = M-Audio FastTrackPro Driver 6.0.7 (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "ffdshow64_is1" = ffdshow x64 v1.2.4422 [2012-04-09] "MediaInfo" = MediaInfo 0.7.57 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.02 "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}" = ATLAS Translation Standard V14.0 Trial Version "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5 "{9BE11DE3-4703-4482-BC77-A32D73951334}" = Mezzmo "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Audacity_is1" = Audacity 2.0 "AviSynth" = AviSynth 2.5 "Best Service Chris Hein Horns" = Best Service Chris Hein Horns "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "Foxit Reader_is1" = Foxit Reader 5.1 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5 "Lexicon Omega Driver" = Lexicon Omega Driver "Live 8.2" = Live 8.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MyTomTom" = MyTomTom 3.1.0.530 "Native Instruments B4 II" = Native Instruments B4 II "Neat Image_is1" = Neat Image v5.2 Pro+ "PS3 Media Server" = PS3 Media Server "Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 2.00 "The Grand" = Steinberg The Grand "VLC media player" = VLC media player 2.0.1 "Wave Arts Power Suite" = Wave Arts Power Suite ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/06/2012 14:50:10 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 12/06/2012 15:20:09 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 13:14:05 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 13:19:21 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 13:19:26 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 13:20:24 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 16:48:36 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 16:48:52 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 13/06/2012 16:50:36 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 24/06/2012 09:59:36 | Computer Name = Rob-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.53.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 784 Start Time: 01cd52110cd1e4b9 Termination Time: 4 Application Path: C:\Users\Rob\Downloads\OTL.exe Report Id: [ Broadcom Wireless LAN Events ] Error - 31/05/2012 13:36:21 | Computer Name = Rob-PC | Source = WLAN-Tray | ID = 0 Description = 18:36:21, Thu, May 31, 12 Error - Unable to gain access to user store Error - 31/05/2012 15:56:12 | Computer Name = Rob-PC | Source = WLAN-Tray | ID = 0 Description = 20:56:12, Thu, May 31, 12 Error - Unable to gain access to user store [ System Events ] Error - 24/06/2012 07:46:47 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 24/06/2012 07:46:48 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 24/06/2012 07:47:00 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 24/06/2012 07:47:00 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000 Description = The regi service failed to start due to the following error: %%2 Error - 24/06/2012 07:47:12 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 24/06/2012 07:47:12 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 24/06/2012 09:42:22 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 24/06/2012 09:42:22 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 24/06/2012 09:48:47 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 24/06/2012 09:48:47 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 < End of report >
- June 24, 2012
- 12 replies
Another trojan.dropper.BCMiner

MuTron posted a topic in Resolved Malware Removal Logs

I've stupidly got an infection that just won't go away. Here are the requested logs. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Rob at 13:28:53 on 2012-06-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2024 [GMT 1:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k swprv "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=userinit.exe, BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s uRun: [AdobeBridge] uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html LSP: mswsock.dll TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{21C05178-18CF-4675-A99E-3FE2BE2A9B0C} : DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{27715C20-15F9-450A-8252-BA8AA3C46827} : DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{27715C20-15F9-450A-8252-BA8AA3C46827}\6796277696E6D65646961623632343933353 : DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{88745F7A-1AC1-4BCF-95FF-7B301B05B89D} : DhcpNameServer = 192.168.250.253 BHO-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL BHO-X64: ATLAS Toolbar - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5i9fi36f.default\ FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R1 ArcSec;ArcSec;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 6077757b;6077757b;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2012-4-14 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-14 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-24 654408] R2 Mezzmo;Mezzmo;C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2012-6-23 3114352] R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?] R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?] R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-06-24 10:31:41 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-24 10:18:51 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes 2012-06-24 10:18:46 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-24 10:18:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-24 10:18:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-23 20:56:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-23 20:35:26 -------- d-----w- C:\Users\Rob\AppData\Local\Conceiva 2012-06-23 20:33:37 -------- d-----w- C:\ProgramData\Conceiva 2012-06-23 20:33:32 -------- d-----w- C:\Program Files (x86)\Conceiva 2012-06-23 12:18:38 -------- d-----w- C:\Program Files (x86)\PS3 Media Server 2012-06-23 10:01:21 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-22 18:15:11 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C52C71CB-2644-4F26-BDFE-8CAB2E81437A}\mpengine.dll 2012-06-19 13:00:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 13:00:37 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 13:00:21 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 13:00:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-16 09:57:07 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-16 09:57:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-16 09:57:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-05 10:03:58 80448 ----a-w- C:\Windows\System32\MMCEDT5.exe 2012-06-05 10:03:58 312184 ----a-w- C:\Windows\System32\drivers\ArcSec.sys 2012-06-05 09:41:01 -------- d-----w- C:\ProgramData\ArcSoft 2012-06-02 08:24:50 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-06-01 22:19:46 -------- d-----w- C:\ProgramData\BDJ 2012-06-01 22:15:04 8 --sh--r- C:\ProgramData\E9FE930044.sys 2012-06-01 22:15:04 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-06-01 22:15:03 -------- d-----w- C:\Users\Rob\Corel 2012-06-01 22:14:15 14112 ----a-w- C:\Windows\System32\drivers\regi.sys 2012-06-01 22:13:50 -------- d-----w- C:\ProgramData\Corel 2012-06-01 21:51:31 -------- d-----w- C:\Users\Rob\AppData\Local\MediaShow 2012-06-01 21:36:22 -------- d-----w- C:\Users\Rob\AppData\Local\MediaServer 2012-06-01 21:36:21 -------- d-----w- C:\ProgramData\PDVD 2012-06-01 21:34:56 -------- d-----w- C:\ProgramData\install_clap 2012-05-31 19:37:18 -------- d-----w- C:\Users\Rob\AppData\Local\CyberLink 2012-05-31 19:30:21 -------- d-----w- C:\Users\Rob\AppData\Local\PowerDVDCox 2012-05-31 19:30:20 -------- d-----w- C:\Users\Rob\AppData\Local\PowerDVDCinema 2012-05-31 19:26:12 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink 2012-05-31 19:24:49 503808 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-31 19:24:49 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2012-05-31 17:55:32 -------- d-----w- C:\Users\Rob\AppData\Roaming\aacs . ==================== Find3M ==================== . 2012-06-23 09:58:10 955840 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-06-23 09:58:10 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-22 18:11:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-22 18:11:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-05 17:29:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 18:29:22 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 11:26:33 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-30 18:57:15 256 ---ha-w- C:\Windows\SysWow64\LTAW14FN.BIN 2012-04-30 18:57:15 256 ---ha-w- C:\Windows\SysWow64\FJLTAFOU.BIN 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-23 17:33:48 678746 ----a-w- C:\Windows\unins000.exe 2012-04-14 11:09:08 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-04-14 11:09:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-04-14 07:36:51 0 ----a-w- C:\Windows\ativpsrm.bin 2012-04-08 23:47:14 92160 ----a-w- C:\Windows\System32\ff_vfw.dll 2012-04-08 23:45:52 53760 ----a-w- C:\Windows\System32\ff_acm.acm 2012-04-08 23:40:36 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll 2012-04-08 23:39:26 48128 ----a-w- C:\Windows\SysWow64\ff_acm.acm 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 13:29:07.17 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 14/04/2012 08:41:15 System Uptime: 24/06/2012 12:46:27 (1 hours ago) . Motherboard: Dell Inc. | | Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | U2E1 | 2400/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 145.321 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: regi Device ID: ROOT\LEGACY_REGI\0000 Manufacturer: Name: regi PNP Device ID: ROOT\LEGACY_REGI\0000 Service: regi . ==== System Restore Points =================== . RP60: 17/06/2012 03:00:12 - Windows Update RP61: 19/06/2012 14:00:05 - Windows Update RP62: 22/06/2012 19:14:39 - Windows Update RP63: 23/06/2012 10:57:29 - Installed Java 7 Update 5 (64-bit) RP64: 23/06/2012 10:59:56 - Installed Java 7 (64-bit) RP65: 23/06/2012 11:01:03 - Installed Java 7 RP66: 23/06/2012 21:33:11 - Installed Mezzmo RP67: 24/06/2012 11:29:28 - Installed Java 7 Update 5 RP68: 24/06/2012 11:31:13 - Installed JavaFX 2.1.1 . ==== Installed Programs ====================== . Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Photoshop CS6 ArcSoft TotalMedia Theatre 5 ATLAS Translation Standard V14.0 Trial Version µTorrent Audacity 2.0 AviSynth 2.5 Best Service Chris Hein Horns Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Combined Community Codec Pack 2011-11-11 ffdshow v1.2.4422 [2012-04-09] Foxit Reader 5.1 IDT Audio Intel® Rapid Storage Technology Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Lexicon Omega Driver Live 8.2 Malwarebytes Anti-Malware version 1.61.0.1400 Mezzmo Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 11.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyTomTom 3.1.0.530 Native Instruments B4 II Neat Image v5.2 Pro+ OpenOffice.org 3.3 PDF Settings CS6 PS3 Media Server REALTEK Wireless LAN Driver RICOH Media Driver ver.2.07.01.02 RICOH R5U8xx Media Driver ver.3.62.02 Samsung Kies Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Sonalksis Plug-Ins for Windows 2.00 Steinberg The Grand Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual Studio C++ 10.0 Runtime VLC media player 2.0.1 Wave Arts Power Suite . ==== Event Viewer Messages From Past Week ======== . 24/06/2012 12:47:12, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 24/06/2012 12:47:12, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 24/06/2012 12:47:00, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 24/06/2012 12:47:00, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified. 24/06/2012 12:46:48, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 24/06/2012 12:46:47, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 24/06/2012 12:46:44, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 24/06/2012 12:46:40, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 24/06/2012 12:46:40, Error: atikmdag [43029] - Display is not active 24/06/2012 11:51:11, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 24/06/2012 11:51:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 24/06/2012 11:51:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 24/06/2012 11:51:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 24/06/2012 11:51:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 24/06/2012 11:51:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 24/06/2012 11:51:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 24/06/2012 11:50:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ArcSec DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 24/06/2012 11:50:28, Error: sptd [4] - Driver detected an internal error in its data structures for . . ==== End Of File =========================== It'd be great if you could help without me having to nuke Windows and reinstall.
- June 24, 2012
- 12 replies

Sign In

MuTron

Posts

Joined

Last visited

Reputation

Another trojan.dropper.BCMiner

Another trojan.dropper.BCMiner

Another trojan.dropper.BCMiner

Another trojan.dropper.BCMiner

Another trojan.dropper.BCMiner

Another trojan.dropper.BCMiner

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information