holyknightsky

Members

View Profile See their activity

Posts
4
Joined
July 13, 2012
Last visited
July 20, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by holyknightsky

infected with Trojan.Dropper.BCMiner please help

holyknightsky replied to holyknightsky's topic in Resolved Malware Removal Logs

I have had any issues in the past few days. Thank you so much for all your help. I appreciate all the hard work you did to help me get rid of the virus on my computer. Thank you again.
infected with Trojan.Dropper.BCMiner please help

holyknightsky replied to holyknightsky's topic in Resolved Malware Removal Logs

Here are the results of the two scans you asked for. I will test the computer thoroughly and see if there are any remaining issues. Thank you so much for you help thus far. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-16 02:36:26 # local_time=2012-07-16 10:36:26 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 0 93991797 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=346003 # found=4 # cleaned=4 # scan_time=1038 C:\Qoobox\Quarantine\C\Windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\80000000.@.vir Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\80000064.@.vir Win64/Sirefef.AN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 32 Java version out of Date! Adobe Reader X (10.1.3) Mozilla Firefox (13.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 21% Defragment your hard drive soon! ````````````````````End of Log``````````````````````
infected with Trojan.Dropper.BCMiner please help

holyknightsky replied to holyknightsky's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.13.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 James :: JAMES-PC [administrator] 7/12/2012 10:01:23 PM mbam-log-2012-07-12 (22-01-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206411 Time elapsed: 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32 Run by James at 22:12:28 on 2012-07-12 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.6638 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\notepad.exe C:\Windows\system32\sppsvc.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A56ED5BD-B689-4E63-B236-412DD7381401} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cihwndj7.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cihwndj7.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech QuickCam S7500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-13 02:10:17 -------- d-----w- C:\$RECYCLE.BIN 2012-07-13 02:05:55 98816 ----a-w- C:\Windows\sed.exe 2012-07-13 02:05:55 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-13 02:05:55 256000 ----a-w- C:\Windows\PEV.exe 2012-07-13 02:05:55 208896 ----a-w- C:\Windows\MBR.exe 2012-07-12 15:54:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-11 15:31:54 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 14:07:21 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-10 14:04:58 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7F28263-4527-4892-884A-45F72DF39C34}\mpengine.dll 2012-07-08 15:54:10 -------- d-----w- C:\Users\James\AppData\Local\Macromedia 2012-07-03 02:00:15 -------- d-----w- C:\Users\James\AppData\Roaming\TS3Client 2012-07-03 02:00:07 -------- d-----w- C:\Program Files\TeamSpeak 3 Client 2012-06-21 10:35:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 10:34:59 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 10:34:58 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 10:34:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-19 15:15:28 -------- d-----w- C:\Users\James\AppData\Local\CRE 2012-06-19 15:15:26 -------- d-----w- C:\Users\James\AppData\Local\Conduit 2012-06-19 15:15:26 -------- d-----w- C:\Program Files (x86)\Conduit 2012-06-15 22:44:50 -------- d-----w- C:\Program Files (x86)\SquareEnix 2012-06-14 14:15:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 14:15:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 14:15:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 14:15:08 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 14:15:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 14:15:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 14:15:07 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 14:15:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 14:15:01 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 14:15:01 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 14:14:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 14:14:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 14:14:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 14:14:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 14:14:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 14:14:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-07-12 19:39:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 19:39:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-09 15:59:14 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-05-09 15:59:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-05-04 19:58:09 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-04 19:58:09 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-04 18:03:06 0 ----a-w- C:\Windows\ativpsrm.bin 2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr . ============= FINISH: 22:12:36.24 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/4/2012 1:15:39 PM System Uptime: 7/12/2012 10:10:06 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A77D Processor: AMD Phenom II X6 1090T Processor | AM2 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 110.279 GiB free. D: is FIXED (NTFS) - 466 GiB total, 372.532 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP29: 6/16/2012 10:50:50 PM - Scheduled Checkpoint RP30: 6/19/2012 10:13:07 AM - Windows Update RP31: 6/21/2012 6:34:54 AM - Windows Update RP32: 6/26/2012 10:35:29 AM - Windows Update RP33: 7/3/2012 3:09:00 PM - Windows Update RP34: 7/6/2012 7:16:51 PM - Windows Update RP35: 7/8/2012 1:03:55 PM - Restore Operation RP36: 7/8/2012 1:08:25 PM - Windows Update RP37: 7/11/2012 11:30:20 AM - Windows Update . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Apple Application Support Apple Software Update Borderlands Diablo III FINAL FANTASY XIV Java Auto Updater Java 6 Update 32 League of Legends Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Mumble 1.2.3 NVIDIA PhysX v8.10.29 Pando Media Booster Picasa 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.9 StarCraft II Steam Trillian UltraISO Premium V9.52 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 WinPcap 4.1.2 Wireshark 1.6.7 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 7/7/2012 10:00:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer Z-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A56ED5BD-B689-4E63-B236-412DD7381401}. The master browser is stopping or an election is being forced. 7/5/2012 6:35:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MIKE-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A56ED5BD-B689-4E63-B236-412DD7381401}. The master browser is stopping or an election is being forced. 7/12/2012 8:27:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 7/12/2012 8:27:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 7/12/2012 8:27:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 7/12/2012 10:11:39 PM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 7/12/2012 10:10:16 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 7/12/2012 10:09:41 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/12/2012 10:09:28 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/12/2012 10:05:13 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 7/12/2012 10:05:12 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 . ==== End Of File =========================== ComboFix 12-07-12.02 - James 07/12/2012 22:06:29.1.6 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.7028 [GMT -4:00] Running from: c:\users\James\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\@ c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\L\00000004.@ c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\L\1afb2d56 c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\L\201d3dde c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\00000004.@ c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\000000cb.@ c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\80000000.@ c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\80000032.@ c:\windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\80000064.@ c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-12 15:54 . 2012-07-12 15:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-11 15:31 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:07 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 14:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7F28263-4527-4892-884A-45F72DF39C34}\mpengine.dll 2012-07-08 15:54 . 2012-07-08 15:54 -------- d-----w- c:\users\James\AppData\Local\Macromedia 2012-07-03 02:00 . 2012-07-13 00:38 -------- d-----w- c:\users\James\AppData\Roaming\TS3Client 2012-07-03 02:00 . 2012-07-03 02:00 -------- d-----w- c:\program files\TeamSpeak 3 Client 2012-06-21 10:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 10:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 10:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 10:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 10:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 10:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 10:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 10:34 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 10:34 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 17:05 . 2012-07-12 21:39 -------- d-----w- c:\users\James\AppData\Roaming\vlc 2012-06-19 15:15 . 2012-06-19 15:15 -------- d-----w- c:\users\James\AppData\Local\CRE 2012-06-19 15:15 . 2012-06-19 15:16 -------- d-----w- c:\users\James\AppData\Local\Conduit 2012-06-19 15:15 . 2012-06-19 15:15 -------- d-----w- c:\program files (x86)\Conduit 2012-06-15 22:44 . 2012-06-15 22:44 -------- d-----w- c:\program files (x86)\SquareEnix 2012-06-14 14:15 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 14:15 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 14:15 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 14:15 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 14:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 14:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 14:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 14:15 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 14:15 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 14:15 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 14:14 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 14:14 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 14:14 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 14:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 14:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 14:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 19:39 . 2012-05-04 19:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 19:39 . 2012-05-04 19:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-03 17:46 . 2012-05-04 20:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-09 15:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-05-09 15:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-05-04 19:58 . 2012-05-04 19:58 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-04 19:58 . 2012-05-04 19:58 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 18:06 . 2012-05-04 18:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-05-04 18:06 . 2012-05-04 18:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-05-04 18:06 . 2012-05-04 18:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-05-04 18:06 . 2012-05-04 18:06 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-05-04 18:06 . 2012-05-04 18:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-05-04 18:06 . 2012-05-04 18:06 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-05-04 18:06 . 2012-05-04 18:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-05-04 18:06 . 2012-05-04 18:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-05-04 18:06 . 2012-05-04 18:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-05-04 18:06 . 2012-05-04 18:06 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-05-04 18:06 . 2012-05-04 18:06 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-05-04 18:06 . 2012-05-04 18:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-05-04 18:06 . 2012-05-04 18:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-04 18:06 . 2012-05-04 18:06 448512 ----a-w- c:\windows\system32\html.iec 2012-05-04 18:06 . 2012-05-04 18:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-05-04 18:06 . 2012-05-04 18:06 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-05-04 18:06 . 2012-05-04 18:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-05-04 18:06 . 2012-05-04 18:06 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-04 18:06 . 2012-05-04 18:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-05-04 18:06 . 2012-05-04 18:06 222208 ----a-w- c:\windows\system32\msls31.dll 2012-05-04 18:06 . 2012-05-04 18:06 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-05-04 18:06 . 2012-05-04 18:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-05-04 18:06 . 2012-05-04 18:06 160256 ----a-w- c:\windows\system32\wextract.exe 2012-05-04 18:06 . 2012-05-04 18:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-05-04 18:06 . 2012-05-04 18:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-05-04 18:06 . 2012-05-04 18:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-05-04 18:06 . 2012-05-04 18:06 12288 ----a-w- c:\windows\system32\mshta.exe 2012-05-04 18:06 . 2012-05-04 18:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-05-04 18:06 . 2012-05-04 18:06 114176 ----a-w- c:\windows\system32\admparse.dll 2012-05-04 18:06 . 2012-05-04 18:06 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-04 18:06 . 2012-05-04 18:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-05-04 18:06 . 2012-05-04 18:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-25 4786048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-04 1255736] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Contents of the 'Scheduled Tasks' folder . 2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 19:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cihwndj7.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe . ************************************************************************** . Completion time: 2012-07-12 22:12:06 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-13 02:12 . Pre-Run: 118,510,780,416 bytes free Post-Run: 118,349,873,152 bytes free . - - End Of File - - 479B402B68CC1784AA02647E859BB8C9
infected with Trojan.Dropper.BCMiner please help

holyknightsky posted a topic in Resolved Malware Removal Logs

Repeated attempts to remove usine Malwarebytes have failed and it keeps coming back... Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 James :: JAMES-PC [administrator] 7/12/2012 8:41:28 PM mbam-log-2012-07-12 (20-41-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205691 Time elapsed: 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{74461bbb-1e20-cfb1-ce0f-e68089805b17}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32 Run by James at 21:00:09 on 2012-07-12 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5497 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A56ED5BD-B689-4E63-B236-412DD7381401} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cihwndj7.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\cihwndj7.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech QuickCam S7500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-12 15:54:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-11 15:31:54 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 14:07:21 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-10 14:04:58 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7F28263-4527-4892-884A-45F72DF39C34}\mpengine.dll 2012-07-08 15:54:10 -------- d-----w- C:\Users\James\AppData\Local\Macromedia 2012-07-03 02:00:15 -------- d-----w- C:\Users\James\AppData\Roaming\TS3Client 2012-07-03 02:00:07 -------- d-----w- C:\Program Files\TeamSpeak 3 Client 2012-06-21 10:35:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 10:34:59 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 10:34:58 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 10:34:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-19 15:15:28 -------- d-----w- C:\Users\James\AppData\Local\CRE 2012-06-19 15:15:26 -------- d-----w- C:\Users\James\AppData\Local\Conduit 2012-06-19 15:15:26 -------- d-----w- C:\Program Files (x86)\Conduit 2012-06-15 22:44:50 -------- d-----w- C:\Program Files (x86)\SquareEnix 2012-06-14 14:15:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 14:15:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 14:15:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 14:15:08 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 14:15:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 14:15:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 14:15:07 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 14:15:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 14:15:01 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 14:15:01 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 14:14:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 14:14:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 14:14:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 14:14:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 14:14:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 14:14:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-07-12 19:39:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 19:39:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-09 15:59:14 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-05-09 15:59:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-05-04 19:58:09 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-04 19:58:09 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-04 18:03:06 0 ----a-w- C:\Windows\ativpsrm.bin 2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr . ============= FINISH: 21:00:18.95 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/4/2012 1:15:39 PM System Uptime: 7/12/2012 8:26:59 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A77D Processor: AMD Phenom II X6 1090T Processor | AM2 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 110.139 GiB free. D: is FIXED (NTFS) - 466 GiB total, 372.532 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP29: 6/16/2012 10:50:50 PM - Scheduled Checkpoint RP30: 6/19/2012 10:13:07 AM - Windows Update RP31: 6/21/2012 6:34:54 AM - Windows Update RP32: 6/26/2012 10:35:29 AM - Windows Update RP33: 7/3/2012 3:09:00 PM - Windows Update RP34: 7/6/2012 7:16:51 PM - Windows Update RP35: 7/8/2012 1:03:55 PM - Restore Operation RP36: 7/8/2012 1:08:25 PM - Windows Update RP37: 7/11/2012 11:30:20 AM - Windows Update . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Apple Application Support Apple Software Update Borderlands Diablo III FINAL FANTASY XIV Java Auto Updater Java 6 Update 32 League of Legends Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Mumble 1.2.3 NVIDIA PhysX v8.10.29 Pando Media Booster Picasa 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.9 StarCraft II Steam Trillian UltraISO Premium V9.52 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 WinPcap 4.1.2 Wireshark 1.6.7 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 7/7/2012 10:00:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer Z-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A56ED5BD-B689-4E63-B236-412DD7381401}. The master browser is stopping or an election is being forced. 7/5/2012 6:35:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MIKE-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A56ED5BD-B689-4E63-B236-412DD7381401}. The master browser is stopping or an election is being forced. 7/12/2012 8:27:17 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 7/12/2012 8:27:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 7/12/2012 8:27:09 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 7/12/2012 8:27:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 7/12/2012 8:27:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. . ==== End Of File ===========================

Sign In

holyknightsky

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by holyknightsky

infected with Trojan.Dropper.BCMiner please help

infected with Trojan.Dropper.BCMiner please help

infected with Trojan.Dropper.BCMiner please help

infected with Trojan.Dropper.BCMiner please help

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information