Denzel
Members-
Posts
7 -
Joined
-
Last visited
Reputation
0 Neutral-
Please help me get rid of Trojan.Dropper.BCMiner
Denzel replied to Denzel's topic in Resolved Malware Removal Logs
"The scan completed successfully. No malicious items were detected." You have been SUCH a huge help! No problems so far, thank you so much. -
Please help me get rid of Trojan.Dropper.BCMiner
Denzel replied to Denzel's topic in Resolved Malware Removal Logs
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01 Ran by SYSTEM at 2012-07-14 11:27:11 Run:1 Running from H:\ ============================================== C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} moved successfully. C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L not found. C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U not found. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} moved successfully. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ not found. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L not found. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U not found. ==== End of Fixlog ==== -
Please help me get rid of Trojan.Dropper.BCMiner
Denzel replied to Denzel's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01 Ran by SYSTEM at 14-07-2012 11:07:39 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-02] (IDT, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [161304 2011-05-04] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-05-04] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2011-05-04] (Intel Corporation) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-10-24] (Yuna Software) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software) HKU\anyone\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation) HKU\anyone\...\Run: [Google Update] "C:\Users\anyone\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-22] (Google Inc.) HKU\anyone\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-07] (Valve Corporation) HKU\anyone\...\Run: [F.lux] "C:\Users\anyone\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] () HKU\anyone\...\Run: [Hyperdesktop] C:\Users\anyone\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [219564 2012-05-13] (Hyperdesktop) HKU\anyone\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.) HKU\Denzel\...\Run: [F.lux] "C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] () HKU\Denzel\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.) HKU\Denzel\...\Run: [Hyperdesktop] C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [219564 2012-07-05] (Hyperdesktop) HKU\Denzel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [3872080 2010-04-16] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X] Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Stardock MyColors.lnk ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe () Startup: C:\Users\anyone\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) Startup: C:\Users\Denzel\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) ==================== Services (Whitelisted) ====== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software) 2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [400368 2010-06-12] (CinemaNow, Inc.) 2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.) 3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.) 2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-06-08] (LogMeIn, Inc.) 4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-06-08] (LogMeIn, Inc.) 4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-06-08] (Intel Corporation) 2 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation) ========================== Drivers (Whitelisted) ============= 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software) 3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-06-24] (Windows ® Win 7 DDK provider) 3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.) 2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.) 2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 4 LMIRfsClientNP; [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-14 11:07 - 2012-07-14 11:07 - 00000000 ____D C:\FRST 2012-07-14 09:23 - 2012-07-14 09:23 - 01436595 ____A (Farbar) C:\Users\Denzel\Downloads\FRST64.exe 2012-07-14 09:22 - 2010-11-06 00:09 - 02277040 ____A C:\Users\Denzel\Desktop\caddy.psd 2012-07-14 09:14 - 2012-07-14 09:14 - 00002327 ____A C:\Users\Denzel\Desktop\RKreport[2].txt 2012-07-14 08:45 - 2012-07-14 08:45 - 00172516 ____A C:\ComboFix.txt 2012-07-14 07:37 - 2012-07-14 09:11 - 00000985 ____A C:\Users\Denzel\Desktop\malware.txt 2012-07-14 07:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-14 07:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-14 07:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-14 07:19 - 2012-07-14 07:19 - 04577833 ____R (Swearware) C:\Users\Denzel\Desktop\ComboFix.exe 2012-07-14 07:11 - 2012-07-14 08:45 - 00000000 ____D C:\Qoobox 2012-07-14 07:10 - 2012-07-14 08:44 - 00000000 ____D C:\Windows\erdnt 2012-07-14 06:47 - 2012-07-14 06:47 - 00002670 ____A C:\Users\Denzel\Desktop\RKreport[1].txt 2012-07-14 06:47 - 2012-07-14 06:47 - 00000000 ____D C:\Users\Denzel\Desktop\RK_Quarantine 2012-07-14 06:46 - 2012-07-14 06:46 - 01558528 ____A C:\Users\Denzel\Downloads\RogueKiller.exe 2012-07-13 22:53 - 2012-07-13 22:53 - 00023565 ____A C:\Users\Denzel\Desktop\DDS.txt 2012-07-13 22:53 - 2012-07-13 22:53 - 00008695 ____A C:\Users\Denzel\Desktop\Attach.txt 2012-07-13 22:45 - 2012-07-13 22:45 - 00607260 ____R (Swearware) C:\Users\Denzel\Downloads\dds.scr 2012-07-13 21:10 - 2012-07-13 21:10 - 00000000 ____D C:\Users\Denzel\Downloads\FirefoxPortable 2012-07-13 21:09 - 2012-07-13 21:10 - 18263664 ____A (PortableApps.com) C:\Users\Denzel\Downloads\FirefoxPortable_13.0.1_English.paf.exe 2012-07-13 03:46 - 2012-07-13 03:46 - 00999771 ____A C:\Users\Denzel\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar 2012-07-11 02:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 01:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 01:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 01:25 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 01:25 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 01:25 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 01:25 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 01:25 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 01:25 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 01:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 01:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 01:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 01:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 01:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 01:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 01:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 01:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 01:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 01:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 01:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-09 16:12 - 2012-07-13 03:48 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\.minecraft 2012-07-08 08:52 - 2012-07-08 22:05 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDenzel.job 2012-07-08 08:52 - 2012-07-08 08:52 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Hewlett-Packard 2012-07-08 03:25 - 2012-07-08 03:25 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Audacity 2012-07-08 03:08 - 2012-07-08 03:44 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\vlc 2012-07-07 13:50 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Denzel\Desktop\Space Funeral 2012-07-07 03:06 - 2012-07-07 03:07 - 00000000 ____D C:\Users\Denzel\Documents\TurnOffLCDv101 2012-07-06 20:51 - 2012-07-08 08:49 - 00000000 ____D C:\Users\Denzel\AppData\Local\Hewlett-Packard 2012-07-06 20:30 - 2012-07-07 02:09 - 00000000 ____D C:\Users\Denzel\AppData\Local\Firestorm 2012-07-06 20:30 - 2012-07-06 20:30 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Firestorm 2012-07-05 23:46 - 2012-07-11 18:19 - 00000000 ____D C:\Users\Denzel\AppData\Local\Adobe 2012-07-05 21:14 - 2012-07-05 21:14 - 00219564 ____A (Hyperdesktop) C:\Users\Denzel\Downloads\hyperdesktop.exe 2012-07-05 21:14 - 2012-07-05 21:14 - 00000880 ____A C:\Users\Denzel\Desktop\Hyperdesktop.lnk 2012-07-05 16:44 - 2011-08-25 17:51 - 159898907 ____A C:\Users\Denzel\Downloads\Mahou Shoujo Isuka - 03.mkv 2012-07-05 16:33 - 2012-07-05 16:41 - 159899011 ____A C:\Users\Denzel\Downloads\08-26-11M.rar 2012-07-05 16:02 - 2012-07-09 16:39 - 00000000 ____D C:\Users\Denzel\Documents\My Received Files 2012-07-05 15:56 - 2012-07-05 15:56 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____D C:\Users\All Users\AVAST Software 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____D C:\Program Files\AVAST Software 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-05 15:56 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-05 15:56 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-07-05 15:56 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-05 15:56 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-05 15:51 - 2012-07-05 15:54 - 89340632 ____A C:\Users\Denzel\Downloads\avast_free_antivirus_setup.exe 2012-07-05 15:30 - 2012-07-14 08:49 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\skypePM 2012-07-05 15:27 - 2012-07-05 15:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-07-05 15:27 - 2012-07-05 15:27 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-07-05 15:08 - 2012-07-13 20:21 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-05 15:08 - 2012-07-13 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-05 15:08 - 2012-07-05 15:08 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Malwarebytes 2012-07-05 15:08 - 2012-07-05 15:08 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-05 15:08 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-05 15:07 - 2012-07-05 15:07 - 00000000 ____D C:\Users\Denzel\Documents\Messenger Plus 2012-07-05 15:06 - 2012-07-05 15:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Denzel\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-05 14:56 - 2012-07-05 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-07-05 14:51 - 2012-07-05 14:51 - 20810120 ____A (Skype Technologies S.A.) C:\Users\Denzel\Downloads\SkypeSetup_5.0.0.152.exe 2012-07-05 14:48 - 2012-07-05 14:48 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom(1).exe 2012-07-05 14:47 - 2012-07-05 14:47 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-05 14:43 - 2012-07-05 14:43 - 00000000 ____D C:\Users\anyone\AppData\Local\LogMeIn Hamachi 2012-07-05 14:43 - 2012-07-05 14:43 - 00000000 ____D C:\Users\anyone\AppData\Local\LogMeIn 2012-07-05 14:34 - 2012-07-05 14:34 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom.exe 2012-07-05 12:30 - 2012-07-14 09:57 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Skype 2012-07-05 12:27 - 2012-07-14 09:05 - 00000000 ____D C:\Users\Denzel\Tracing 2012-07-05 12:24 - 2012-07-05 12:24 - 00559424 ____A C:\Users\Denzel\Downloads\flux-setup.exe 2012-07-05 12:24 - 2012-07-05 12:24 - 00000000 ____D C:\Users\Denzel\AppData\Local\Apps\F.lux 2012-07-05 12:17 - 2012-07-11 18:19 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Adobe 2012-07-05 12:17 - 2012-07-05 12:17 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Macromedia 2012-07-05 12:17 - 2012-07-05 12:17 - 00000000 ____D C:\Users\Denzel\AppData\Local\Macromedia 2012-07-05 12:10 - 2012-07-13 21:27 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Mozilla 2012-07-05 12:10 - 2012-07-05 12:10 - 00000000 ____D C:\Users\Denzel\AppData\Local\Mozilla 2012-07-05 12:08 - 2012-07-05 12:08 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\ATI 2012-07-05 12:08 - 2012-07-05 12:08 - 00000000 ____D C:\Users\Denzel\AppData\Local\ATI 2012-07-05 12:07 - 2012-07-14 09:13 - 00000000 ____D C:\Users\Denzel\AppData\Local\LogMeIn Hamachi 2012-07-05 12:07 - 2012-07-05 12:07 - 00111952 ____A C:\Users\Denzel\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-05 12:07 - 2012-07-05 12:07 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Intel Corporation 2012-07-05 12:07 - 2012-07-05 12:07 - 00000000 ____D C:\Users\Denzel\AppData\Local\LogMeIn 2012-07-05 12:06 - 2012-07-08 08:52 - 00000000 ____D C:\users\Denzel 2012-07-05 12:06 - 2012-07-05 12:06 - 00000020 ___SH C:\Users\Denzel\ntuser.ini 2012-07-05 12:06 - 2012-07-05 12:06 - 00000000 ____D C:\Users\Denzel\AppData\Local\VirtualStore 2012-07-05 10:50 - 2012-07-05 10:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-07-04 15:00 - 2012-07-04 15:12 - 03145772 ____A C:\Users\anyone\Desktop\Nyxus wings blank copy.tga 2012-07-04 14:56 - 2012-07-04 14:56 - 03145746 ____A C:\Users\anyone\Desktop\Nyxus wings blank.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy copy.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 04769850 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2.psd 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2 copy.tga 2012-07-04 14:23 - 2012-07-04 14:23 - 01830882 ____A C:\Users\anyone\Desktop\chilly head.psd 2012-07-04 14:23 - 2012-07-04 14:23 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_beak.tga 2012-07-04 14:22 - 2012-07-04 14:22 - 01572908 ____A C:\Users\anyone\Desktop\chilly head copy.tga 2012-07-04 14:22 - 2012-07-04 14:22 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_jaw.tga 2012-07-04 14:11 - 2012-07-04 14:11 - 01572882 ____A C:\Users\anyone\Desktop\chilly head.tga 2012-07-04 13:48 - 2012-07-04 14:23 - 00650722 ____A C:\Users\anyone\Downloads\felisgryph_beak.psd 2012-07-04 13:47 - 2012-07-04 14:22 - 00637913 ____A C:\Users\anyone\Downloads\felisgryph_jaw.psd 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants white.tga 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants colored.tga 2012-07-01 18:04 - 2012-07-01 18:14 - 04194348 ____A C:\Users\anyone\Desktop\pants copy.tga 2012-07-01 18:02 - 2012-07-01 18:02 - 03145746 ____A C:\Users\anyone\Desktop\pants.tga 2012-07-01 15:11 - 2012-07-01 15:13 - 03145772 ____A C:\Users\anyone\Desktop\anus.tga 2012-07-01 15:10 - 2012-07-01 15:10 - 00786450 ____A C:\Users\anyone\Desktop\lower copy.tga 2012-06-20 16:44 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-20 16:44 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-20 16:44 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-20 16:44 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-20 16:44 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-20 16:44 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-20 16:44 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-20 16:43 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-20 16:43 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-15 02:26 - 2012-06-16 02:17 - 00000836 ____A C:\Users\anyone\Desktop\rares.txt 2012-06-15 00:30 - 2012-06-15 00:30 - 32160136 ____A C:\Users\anyone\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe 2012-06-14 16:22 - 2012-07-13 14:34 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2012-06-14 16:22 - 2012-06-15 00:33 - 00001024 ____A C:\Users\Public\Desktop\World of Warcraft.lnk 2012-06-14 16:21 - 2012-06-14 16:22 - 32157120 ____A C:\Users\anyone\Downloads\WOW-4.0.0.12911-enUS-Trial.exe ============ 3 Months Modified Files ======================== 2012-07-14 10:04 - 2010-11-12 11:04 - 01424426 ____A C:\Windows\WindowsUpdate.log 2012-07-14 09:44 - 2011-04-22 01:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929366102-1455998418-2292055116-1000UA.job 2012-07-14 09:24 - 2009-07-13 21:13 - 00802496 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-14 09:23 - 2012-07-14 09:23 - 01436595 ____A (Farbar) C:\Users\Denzel\Downloads\FRST64.exe 2012-07-14 09:20 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-14 09:20 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-14 09:14 - 2012-07-14 09:14 - 00002327 ____A C:\Users\Denzel\Desktop\RKreport[2].txt 2012-07-14 09:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-14 09:12 - 2009-07-13 20:51 - 00050800 ____A C:\Windows\setupact.log 2012-07-14 09:11 - 2012-07-14 07:37 - 00000985 ____A C:\Users\Denzel\Desktop\malware.txt 2012-07-14 09:06 - 2012-04-12 07:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-14 08:45 - 2012-07-14 08:45 - 00172516 ____A C:\ComboFix.txt 2012-07-14 08:42 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-07-14 07:51 - 2010-11-12 11:14 - 00485782 ____A C:\Windows\PFRO.log 2012-07-14 07:19 - 2012-07-14 07:19 - 04577833 ____R (Swearware) C:\Users\Denzel\Desktop\ComboFix.exe 2012-07-14 06:47 - 2012-07-14 06:47 - 00002670 ____A C:\Users\Denzel\Desktop\RKreport[1].txt 2012-07-14 06:46 - 2012-07-14 06:46 - 01558528 ____A C:\Users\Denzel\Downloads\RogueKiller.exe 2012-07-13 22:53 - 2012-07-13 22:53 - 00023565 ____A C:\Users\Denzel\Desktop\DDS.txt 2012-07-13 22:53 - 2012-07-13 22:53 - 00008695 ____A C:\Users\Denzel\Desktop\Attach.txt 2012-07-13 22:45 - 2012-07-13 22:45 - 00607260 ____R (Swearware) C:\Users\Denzel\Downloads\dds.scr 2012-07-13 21:10 - 2012-07-13 21:09 - 18263664 ____A (PortableApps.com) C:\Users\Denzel\Downloads\FirefoxPortable_13.0.1_English.paf.exe 2012-07-13 20:36 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-13 20:21 - 2012-07-05 15:08 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-13 12:44 - 2011-04-22 01:44 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929366102-1455998418-2292055116-1000Core.job 2012-07-13 03:46 - 2012-07-13 03:46 - 00999771 ____A C:\Users\Denzel\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar 2012-07-11 22:06 - 2012-04-12 07:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 22:06 - 2011-08-17 00:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 06:53 - 2009-07-13 20:45 - 02349992 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 02:01 - 2010-11-12 11:58 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-08 22:05 - 2012-07-08 08:52 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDenzel.job 2012-07-08 08:51 - 2011-04-18 18:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-07-06 13:41 - 2011-04-22 01:45 - 00002557 ____A C:\Users\anyone\Desktop\Google Chrome.lnk 2012-07-05 21:14 - 2012-07-05 21:14 - 00219564 ____A (Hyperdesktop) C:\Users\Denzel\Downloads\hyperdesktop.exe 2012-07-05 21:14 - 2012-07-05 21:14 - 00000880 ____A C:\Users\Denzel\Desktop\Hyperdesktop.lnk 2012-07-05 16:41 - 2012-07-05 16:33 - 159899011 ____A C:\Users\Denzel\Downloads\08-26-11M.rar 2012-07-05 15:56 - 2012-07-05 15:56 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-05 15:54 - 2012-07-05 15:51 - 89340632 ____A C:\Users\Denzel\Downloads\avast_free_antivirus_setup.exe 2012-07-05 15:27 - 2012-07-05 15:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-07-05 15:06 - 2012-07-05 15:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Denzel\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-05 14:56 - 2010-07-21 12:03 - 00092045 ____A C:\Windows\DirectX.log 2012-07-05 14:51 - 2012-07-05 14:51 - 20810120 ____A (Skype Technologies S.A.) C:\Users\Denzel\Downloads\SkypeSetup_5.0.0.152.exe 2012-07-05 14:48 - 2012-07-05 14:48 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom(1).exe 2012-07-05 14:34 - 2012-07-05 14:34 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom.exe 2012-07-05 12:24 - 2012-07-05 12:24 - 00559424 ____A C:\Users\Denzel\Downloads\flux-setup.exe 2012-07-05 12:07 - 2012-07-05 12:07 - 00111952 ____A C:\Users\Denzel\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-05 12:06 - 2012-07-05 12:06 - 00000020 ___SH C:\Users\Denzel\ntuser.ini 2012-07-04 15:12 - 2012-07-04 15:00 - 03145772 ____A C:\Users\anyone\Desktop\Nyxus wings blank copy.tga 2012-07-04 14:56 - 2012-07-04 14:56 - 03145746 ____A C:\Users\anyone\Desktop\Nyxus wings blank.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy copy.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 04769850 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2.psd 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2 copy.tga 2012-07-04 14:51 - 2012-06-07 00:42 - 04769518 ____A C:\Users\anyone\Downloads\CHIMERA_torso_v2.psd 2012-07-04 14:23 - 2012-07-04 14:23 - 01830882 ____A C:\Users\anyone\Desktop\chilly head.psd 2012-07-04 14:23 - 2012-07-04 14:23 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_beak.tga 2012-07-04 14:23 - 2012-07-04 13:48 - 00650722 ____A C:\Users\anyone\Downloads\felisgryph_beak.psd 2012-07-04 14:22 - 2012-07-04 14:22 - 01572908 ____A C:\Users\anyone\Desktop\chilly head copy.tga 2012-07-04 14:22 - 2012-07-04 14:22 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_jaw.tga 2012-07-04 14:22 - 2012-07-04 13:47 - 00637913 ____A C:\Users\anyone\Downloads\felisgryph_jaw.psd 2012-07-04 14:11 - 2012-07-04 14:11 - 01572882 ____A C:\Users\anyone\Desktop\chilly head.tga 2012-07-03 12:46 - 2012-07-05 15:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-03 08:21 - 2012-07-05 15:56 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-07-03 08:21 - 2012-07-05 15:56 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-03 08:21 - 2012-07-05 15:56 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-02 00:22 - 2012-05-27 08:29 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForanyone.job 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants white.tga 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants colored.tga 2012-07-01 18:14 - 2012-07-01 18:04 - 04194348 ____A C:\Users\anyone\Desktop\pants copy.tga 2012-07-01 18:02 - 2012-07-01 18:02 - 03145746 ____A C:\Users\anyone\Desktop\pants.tga 2012-07-01 15:13 - 2012-07-01 15:11 - 03145772 ____A C:\Users\anyone\Desktop\anus.tga 2012-07-01 15:10 - 2012-07-01 15:10 - 00786450 ____A C:\Users\anyone\Desktop\lower copy.tga 2012-06-19 02:41 - 2011-04-22 15:36 - 00001867 ____A C:\Users\anyone\Documents\neopass.txt 2012-06-16 02:17 - 2012-06-15 02:26 - 00000836 ____A C:\Users\anyone\Desktop\rares.txt 2012-06-15 00:33 - 2012-06-14 16:22 - 00001024 ____A C:\Users\Public\Desktop\World of Warcraft.lnk 2012-06-15 00:30 - 2012-06-15 00:30 - 32160136 ____A C:\Users\anyone\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe 2012-06-14 16:22 - 2012-06-14 16:21 - 32157120 ____A C:\Users\anyone\Downloads\WOW-4.0.0.12911-enUS-Trial.exe 2012-06-11 19:08 - 2012-07-11 02:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-10 22:52 - 2012-06-10 22:52 - 00786476 ____A C:\Users\anyone\Desktop\torso copy.tga 2012-06-10 22:49 - 2012-06-10 22:49 - 00786450 ____A C:\Users\anyone\Desktop\Space Torso.tga 2012-06-08 21:43 - 2012-07-11 01:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 01:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-08 05:34 - 2012-06-08 05:34 - 00786450 ____A C:\Users\anyone\Desktop\torso.tga 2012-06-07 00:42 - 2012-06-07 00:42 - 02053600 ____A C:\Users\anyone\Downloads\CHIMERA_legs_v2.psd 2012-06-05 22:06 - 2012-07-11 01:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 01:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 01:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 01:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 01:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 01:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-20 16:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:19 - 2012-06-20 16:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-20 16:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-20 16:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:15 - 2012-06-20 16:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:50 - 2012-07-11 01:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 01:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 01:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 01:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 01:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 01:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 01:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 01:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 01:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-27 08:28 - 2011-10-26 00:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-05-04 03:06 - 2012-06-12 15:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-12 15:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-12 15:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-03 01:30 - 2012-05-03 01:30 - 00025088 ____A C:\Users\anyone\Downloads\Book List.dat 2012-05-03 01:21 - 2012-04-14 09:12 - 00000113 ____A C:\Users\anyone\Desktop\tags.txt 2012-04-30 21:40 - 2012-06-12 15:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 19:55 - 2012-06-12 15:59 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 21:41 - 2012-06-12 16:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-12 16:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-12 16:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 15:06 - 2012-04-24 15:06 - 00001013 ____A C:\Users\anyone\Downloads\salem-pdx.jnlp 2012-04-23 21:37 - 2012-06-12 15:59 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-06-12 15:59 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-06-12 15:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-06-12 15:59 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-06-12 15:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-06-12 15:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-20 23:06 - 2012-03-26 06:54 - 00000439 ____A C:\Users\anyone\Documents\paisley.txt 2012-04-16 21:31 - 2012-06-12 16:00 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-04-16 20:34 - 2012-06-12 16:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll ZeroAccess: C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U ZeroAccess: C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 13% Total physical RAM: 5941.61 MB Available physical RAM: 5138.4 MB Total Pagefile: 5939.76 MB Available Pagefile: 5133.82 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:123.74 GB) (Free:11.76 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:25.01 GB) (Free:3.63 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 5 Drive h: () (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 1886 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 123 GB 200 MB Partition 3 Primary 25 GB 123 GB Partition 4 Primary 102 MB 148 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 123 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 25 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1884 MB 67 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT Removable 1884 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-08 08:13 ======================= End Of Log ========================== -
Please help me get rid of Trojan.Dropper.BCMiner
Denzel replied to Denzel's topic in Resolved Malware Removal Logs
First, the MBAM log, with zero objects detected(!): Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Denzel :: RAPHAEL [administrator] 7/14/2012 10:08:00 AM mbam-log-2012-07-14 (10-08-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234674 Time elapsed: 2 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Next, the RogueKiller report: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Denzel [Admin rights] Mode: Scan -- Date: 07/14/2012 10:14:11 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] hyperdesktop.exe -- C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-929366102-1455998418-2292055116-1001[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9160412AS +++++ --- User --- [MBR] 3371368c25ccd8eba1b0e01c9e72fcb8 [bSP] 3f745d7c353ffb516981a2f2545bea19 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 126713 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 259917824 | Size: 25611 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt -
Please help me get rid of Trojan.Dropper.BCMiner
Denzel replied to Denzel's topic in Resolved Malware Removal Logs
Hi, just ran ComboFix. It gave me a warning that avast! was running, though I disabled all eight kinds of shields, as well as going into the avast! troubleshooting settings and disabling its self-defense module. Let me know if this impacted the results, and if so, how to disable avast! further. Here is the ComboFix.txt file, attached due to length. ComboFix.txt -
Please help me get rid of Trojan.Dropper.BCMiner
Denzel replied to Denzel's topic in Resolved Malware Removal Logs
Hi, thanks a lot for the quick response. My RogueKiller report is as follows: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Denzel [Admin rights] Mode: Scan -- Date: 07/14/2012 07:47:42 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] hyperdesktop.exe -- C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-929366102-1455998418-2292055116-1001[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9160412AS +++++ --- User --- [MBR] 3371368c25ccd8eba1b0e01c9e72fcb8 [bSP] 3f745d7c353ffb516981a2f2545bea19 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 126713 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 259917824 | Size: 25611 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt -
I've been experiencing weird issues lately, like tabs opening by themselves in Firefox and sudden redirects (including redirects when clicking links in Google). Malwarebytes says I have Trojan.Dropper.BCMiner. I've removed it a few times, but it's back every time. As per the instructions in "I'm Infected - What do I do now?", I ran DDS.scr. I've attached the two files it produced to this post. It looks like I'm not the only one infected by this thing. Thanks so much for the help! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Denzel at 23:50:01 on 2012-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3225 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe C:\Program Files (x86)\Stardock\MyColors\WBVista.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\RunDll32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [F.lux] "C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Hyperdesktop] C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\Denzel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\StartUp\ICONPA~1.LNK - C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{58B6AD9D-3AE4-41D8-9F08-5F8233255407}\25564684F6273756D27657563747 : DhcpNameServer = 192.168.1.254 192.168.33.1 TCP: Interfaces\{C207EB8B-B48D-4251-A1CB-69701CC2FE11} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Denzel\AppData\Roaming\Mozilla\Firefox\Profiles\5uovi1i7.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-12 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-12 13336] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-12 2533400] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-07-11 10:03:20 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 00:12:37 -------- d-----w- C:\Users\Denzel\AppData\Roaming\.minecraft 2012-07-07 04:51:19 -------- d-----w- C:\Users\Denzel\AppData\Local\Hewlett-Packard 2012-07-07 04:30:10 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Firestorm 2012-07-07 04:30:09 -------- d-----w- C:\Users\Denzel\AppData\Local\Firestorm 2012-07-06 07:46:46 -------- d-----w- C:\Users\Denzel\AppData\Local\Adobe 2012-07-06 05:14:25 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Hyperdesktop 2012-07-05 23:56:46 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-07-05 23:56:46 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-05 23:56:45 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-07-05 23:56:26 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-05 23:56:12 -------- d-----w- C:\ProgramData\AVAST Software 2012-07-05 23:56:12 -------- d-----w- C:\Program Files\AVAST Software 2012-07-05 23:27:29 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-05 23:08:58 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Malwarebytes 2012-07-05 23:08:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-05 23:08:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-05 23:08:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-05 22:56:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-07-05 22:56:24 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-07-05 22:47:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-05 20:28:04 15128 ----a-w- C:\Users\Denzel\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll 2012-07-05 20:27:53 -------- d-----w- C:\Users\Denzel\Tracing 2012-07-05 20:24:23 -------- d-----w- C:\Users\Denzel\AppData\Local\Apps 2012-07-05 20:17:48 -------- d-----w- C:\Users\Denzel\AppData\Local\Macromedia 2012-07-05 20:10:13 -------- d-----w- C:\Users\Denzel\AppData\Local\Mozilla 2012-07-05 20:08:14 -------- d-----w- C:\Users\Denzel\AppData\Local\ATI 2012-07-05 20:07:15 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Intel Corporation 2012-07-05 20:07:14 -------- d-----w- C:\Users\Denzel\AppData\Local\LogMeIn Hamachi 2012-07-05 20:07:14 -------- d-----w- C:\Users\Denzel\AppData\Local\LogMeIn 2012-07-05 18:50:36 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-07-03 23:36:24 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58E62502-22B5-46F4-8293-42EE746DC50C}\mpengine.dll 2012-06-21 00:44:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 00:44:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 00:43:58 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 00:43:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-15 00:22:20 -------- d-----w- C:\Program Files (x86)\World of Warcraft . ==================== Find3M ==================== . 2012-07-12 06:06:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 06:06:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 23:51:02.57 =============== Attach.txt DDS.txt