Denzel

Members

View Profile See their activity

Posts
7
Joined
July 14, 2012
Last visited
July 14, 2012

Reputation

0 Neutral

Denzel

MrCharlie
Thanks so much for helping me get rid of my little trojan problem. The volunteers here are some of the best tech support I've ever dealt with. I sent you a small donation, you definitely deserve it.
- July 14, 2012
Please help me get rid of Trojan.Dropper.BCMiner

Denzel replied to Denzel's topic in Resolved Malware Removal Logs

"The scan completed successfully. No malicious items were detected." You have been SUCH a huge help! No problems so far, thank you so much.
- July 14, 2012
- 14 replies
Please help me get rid of Trojan.Dropper.BCMiner

Denzel replied to Denzel's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01 Ran by SYSTEM at 2012-07-14 11:27:11 Run:1 Running from H:\ ============================================== C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} moved successfully. C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L not found. C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U not found. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} moved successfully. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ not found. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L not found. C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U not found. ==== End of Fixlog ====
- July 14, 2012
- 14 replies
Please help me get rid of Trojan.Dropper.BCMiner

Denzel replied to Denzel's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01 Ran by SYSTEM at 14-07-2012 11:07:39 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-02] (IDT, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [161304 2011-05-04] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-05-04] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2011-05-04] (Intel Corporation) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-10-24] (Yuna Software) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software) HKU\anyone\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation) HKU\anyone\...\Run: [Google Update] "C:\Users\anyone\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-22] (Google Inc.) HKU\anyone\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-07] (Valve Corporation) HKU\anyone\...\Run: [F.lux] "C:\Users\anyone\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] () HKU\anyone\...\Run: [Hyperdesktop] C:\Users\anyone\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [219564 2012-05-13] (Hyperdesktop) HKU\anyone\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.) HKU\Denzel\...\Run: [F.lux] "C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] () HKU\Denzel\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.) HKU\Denzel\...\Run: [Hyperdesktop] C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [219564 2012-07-05] (Hyperdesktop) HKU\Denzel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [3872080 2010-04-16] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X] Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Stardock MyColors.lnk ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe () Startup: C:\Users\anyone\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) Startup: C:\Users\Denzel\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation) ==================== Services (Whitelisted) ====== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software) 2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [400368 2010-06-12] (CinemaNow, Inc.) 2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.) 3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.) 2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-06-08] (LogMeIn, Inc.) 4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-06-08] (LogMeIn, Inc.) 4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.) 2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-06-08] (Intel Corporation) 2 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation) ========================== Drivers (Whitelisted) ============= 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software) 3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-06-24] (Windows ® Win 7 DDK provider) 3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.) 2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.) 2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 4 LMIRfsClientNP; [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-14 11:07 - 2012-07-14 11:07 - 00000000 ____D C:\FRST 2012-07-14 09:23 - 2012-07-14 09:23 - 01436595 ____A (Farbar) C:\Users\Denzel\Downloads\FRST64.exe 2012-07-14 09:22 - 2010-11-06 00:09 - 02277040 ____A C:\Users\Denzel\Desktop\caddy.psd 2012-07-14 09:14 - 2012-07-14 09:14 - 00002327 ____A C:\Users\Denzel\Desktop\RKreport[2].txt 2012-07-14 08:45 - 2012-07-14 08:45 - 00172516 ____A C:\ComboFix.txt 2012-07-14 07:37 - 2012-07-14 09:11 - 00000985 ____A C:\Users\Denzel\Desktop\malware.txt 2012-07-14 07:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-14 07:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-14 07:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-14 07:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-14 07:19 - 2012-07-14 07:19 - 04577833 ____R (Swearware) C:\Users\Denzel\Desktop\ComboFix.exe 2012-07-14 07:11 - 2012-07-14 08:45 - 00000000 ____D C:\Qoobox 2012-07-14 07:10 - 2012-07-14 08:44 - 00000000 ____D C:\Windows\erdnt 2012-07-14 06:47 - 2012-07-14 06:47 - 00002670 ____A C:\Users\Denzel\Desktop\RKreport[1].txt 2012-07-14 06:47 - 2012-07-14 06:47 - 00000000 ____D C:\Users\Denzel\Desktop\RK_Quarantine 2012-07-14 06:46 - 2012-07-14 06:46 - 01558528 ____A C:\Users\Denzel\Downloads\RogueKiller.exe 2012-07-13 22:53 - 2012-07-13 22:53 - 00023565 ____A C:\Users\Denzel\Desktop\DDS.txt 2012-07-13 22:53 - 2012-07-13 22:53 - 00008695 ____A C:\Users\Denzel\Desktop\Attach.txt 2012-07-13 22:45 - 2012-07-13 22:45 - 00607260 ____R (Swearware) C:\Users\Denzel\Downloads\dds.scr 2012-07-13 21:10 - 2012-07-13 21:10 - 00000000 ____D C:\Users\Denzel\Downloads\FirefoxPortable 2012-07-13 21:09 - 2012-07-13 21:10 - 18263664 ____A (PortableApps.com) C:\Users\Denzel\Downloads\FirefoxPortable_13.0.1_English.paf.exe 2012-07-13 03:46 - 2012-07-13 03:46 - 00999771 ____A C:\Users\Denzel\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar 2012-07-11 02:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 01:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 01:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 01:25 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 01:25 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 01:25 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 01:25 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 01:25 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 01:25 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 01:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 01:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 01:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 01:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 01:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 01:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 01:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 01:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 01:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 01:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 01:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-09 16:12 - 2012-07-13 03:48 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\.minecraft 2012-07-08 08:52 - 2012-07-08 22:05 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDenzel.job 2012-07-08 08:52 - 2012-07-08 08:52 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Hewlett-Packard 2012-07-08 03:25 - 2012-07-08 03:25 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Audacity 2012-07-08 03:08 - 2012-07-08 03:44 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\vlc 2012-07-07 13:50 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Denzel\Desktop\Space Funeral 2012-07-07 03:06 - 2012-07-07 03:07 - 00000000 ____D C:\Users\Denzel\Documents\TurnOffLCDv101 2012-07-06 20:51 - 2012-07-08 08:49 - 00000000 ____D C:\Users\Denzel\AppData\Local\Hewlett-Packard 2012-07-06 20:30 - 2012-07-07 02:09 - 00000000 ____D C:\Users\Denzel\AppData\Local\Firestorm 2012-07-06 20:30 - 2012-07-06 20:30 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Firestorm 2012-07-05 23:46 - 2012-07-11 18:19 - 00000000 ____D C:\Users\Denzel\AppData\Local\Adobe 2012-07-05 21:14 - 2012-07-05 21:14 - 00219564 ____A (Hyperdesktop) C:\Users\Denzel\Downloads\hyperdesktop.exe 2012-07-05 21:14 - 2012-07-05 21:14 - 00000880 ____A C:\Users\Denzel\Desktop\Hyperdesktop.lnk 2012-07-05 16:44 - 2011-08-25 17:51 - 159898907 ____A C:\Users\Denzel\Downloads\Mahou Shoujo Isuka - 03.mkv 2012-07-05 16:33 - 2012-07-05 16:41 - 159899011 ____A C:\Users\Denzel\Downloads\08-26-11M.rar 2012-07-05 16:02 - 2012-07-09 16:39 - 00000000 ____D C:\Users\Denzel\Documents\My Received Files 2012-07-05 15:56 - 2012-07-05 15:56 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____D C:\Users\All Users\AVAST Software 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____D C:\Program Files\AVAST Software 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-05 15:56 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-05 15:56 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-07-05 15:56 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-05 15:56 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-05 15:56 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-05 15:51 - 2012-07-05 15:54 - 89340632 ____A C:\Users\Denzel\Downloads\avast_free_antivirus_setup.exe 2012-07-05 15:30 - 2012-07-14 08:49 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\skypePM 2012-07-05 15:27 - 2012-07-05 15:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-07-05 15:27 - 2012-07-05 15:27 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-07-05 15:08 - 2012-07-13 20:21 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-05 15:08 - 2012-07-13 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-05 15:08 - 2012-07-05 15:08 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Malwarebytes 2012-07-05 15:08 - 2012-07-05 15:08 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-05 15:08 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-05 15:07 - 2012-07-05 15:07 - 00000000 ____D C:\Users\Denzel\Documents\Messenger Plus 2012-07-05 15:06 - 2012-07-05 15:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Denzel\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-05 14:56 - 2012-07-05 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-07-05 14:51 - 2012-07-05 14:51 - 20810120 ____A (Skype Technologies S.A.) C:\Users\Denzel\Downloads\SkypeSetup_5.0.0.152.exe 2012-07-05 14:48 - 2012-07-05 14:48 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom(1).exe 2012-07-05 14:47 - 2012-07-05 14:47 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-05 14:43 - 2012-07-05 14:43 - 00000000 ____D C:\Users\anyone\AppData\Local\LogMeIn Hamachi 2012-07-05 14:43 - 2012-07-05 14:43 - 00000000 ____D C:\Users\anyone\AppData\Local\LogMeIn 2012-07-05 14:34 - 2012-07-05 14:34 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom.exe 2012-07-05 12:30 - 2012-07-14 09:57 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Skype 2012-07-05 12:27 - 2012-07-14 09:05 - 00000000 ____D C:\Users\Denzel\Tracing 2012-07-05 12:24 - 2012-07-05 12:24 - 00559424 ____A C:\Users\Denzel\Downloads\flux-setup.exe 2012-07-05 12:24 - 2012-07-05 12:24 - 00000000 ____D C:\Users\Denzel\AppData\Local\Apps\F.lux 2012-07-05 12:17 - 2012-07-11 18:19 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Adobe 2012-07-05 12:17 - 2012-07-05 12:17 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Macromedia 2012-07-05 12:17 - 2012-07-05 12:17 - 00000000 ____D C:\Users\Denzel\AppData\Local\Macromedia 2012-07-05 12:10 - 2012-07-13 21:27 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Mozilla 2012-07-05 12:10 - 2012-07-05 12:10 - 00000000 ____D C:\Users\Denzel\AppData\Local\Mozilla 2012-07-05 12:08 - 2012-07-05 12:08 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\ATI 2012-07-05 12:08 - 2012-07-05 12:08 - 00000000 ____D C:\Users\Denzel\AppData\Local\ATI 2012-07-05 12:07 - 2012-07-14 09:13 - 00000000 ____D C:\Users\Denzel\AppData\Local\LogMeIn Hamachi 2012-07-05 12:07 - 2012-07-05 12:07 - 00111952 ____A C:\Users\Denzel\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-05 12:07 - 2012-07-05 12:07 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Intel Corporation 2012-07-05 12:07 - 2012-07-05 12:07 - 00000000 ____D C:\Users\Denzel\AppData\Local\LogMeIn 2012-07-05 12:06 - 2012-07-08 08:52 - 00000000 ____D C:\users\Denzel 2012-07-05 12:06 - 2012-07-05 12:06 - 00000020 ___SH C:\Users\Denzel\ntuser.ini 2012-07-05 12:06 - 2012-07-05 12:06 - 00000000 ____D C:\Users\Denzel\AppData\Local\VirtualStore 2012-07-05 10:50 - 2012-07-05 10:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-07-04 15:00 - 2012-07-04 15:12 - 03145772 ____A C:\Users\anyone\Desktop\Nyxus wings blank copy.tga 2012-07-04 14:56 - 2012-07-04 14:56 - 03145746 ____A C:\Users\anyone\Desktop\Nyxus wings blank.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy copy.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 04769850 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2.psd 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2 copy.tga 2012-07-04 14:23 - 2012-07-04 14:23 - 01830882 ____A C:\Users\anyone\Desktop\chilly head.psd 2012-07-04 14:23 - 2012-07-04 14:23 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_beak.tga 2012-07-04 14:22 - 2012-07-04 14:22 - 01572908 ____A C:\Users\anyone\Desktop\chilly head copy.tga 2012-07-04 14:22 - 2012-07-04 14:22 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_jaw.tga 2012-07-04 14:11 - 2012-07-04 14:11 - 01572882 ____A C:\Users\anyone\Desktop\chilly head.tga 2012-07-04 13:48 - 2012-07-04 14:23 - 00650722 ____A C:\Users\anyone\Downloads\felisgryph_beak.psd 2012-07-04 13:47 - 2012-07-04 14:22 - 00637913 ____A C:\Users\anyone\Downloads\felisgryph_jaw.psd 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants white.tga 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants colored.tga 2012-07-01 18:04 - 2012-07-01 18:14 - 04194348 ____A C:\Users\anyone\Desktop\pants copy.tga 2012-07-01 18:02 - 2012-07-01 18:02 - 03145746 ____A C:\Users\anyone\Desktop\pants.tga 2012-07-01 15:11 - 2012-07-01 15:13 - 03145772 ____A C:\Users\anyone\Desktop\anus.tga 2012-07-01 15:10 - 2012-07-01 15:10 - 00786450 ____A C:\Users\anyone\Desktop\lower copy.tga 2012-06-20 16:44 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-20 16:44 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-20 16:44 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-20 16:44 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-20 16:44 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-20 16:44 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-20 16:44 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-20 16:43 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-20 16:43 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-15 02:26 - 2012-06-16 02:17 - 00000836 ____A C:\Users\anyone\Desktop\rares.txt 2012-06-15 00:30 - 2012-06-15 00:30 - 32160136 ____A C:\Users\anyone\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe 2012-06-14 16:22 - 2012-07-13 14:34 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2012-06-14 16:22 - 2012-06-15 00:33 - 00001024 ____A C:\Users\Public\Desktop\World of Warcraft.lnk 2012-06-14 16:21 - 2012-06-14 16:22 - 32157120 ____A C:\Users\anyone\Downloads\WOW-4.0.0.12911-enUS-Trial.exe ============ 3 Months Modified Files ======================== 2012-07-14 10:04 - 2010-11-12 11:04 - 01424426 ____A C:\Windows\WindowsUpdate.log 2012-07-14 09:44 - 2011-04-22 01:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929366102-1455998418-2292055116-1000UA.job 2012-07-14 09:24 - 2009-07-13 21:13 - 00802496 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-14 09:23 - 2012-07-14 09:23 - 01436595 ____A (Farbar) C:\Users\Denzel\Downloads\FRST64.exe 2012-07-14 09:20 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-14 09:20 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-14 09:14 - 2012-07-14 09:14 - 00002327 ____A C:\Users\Denzel\Desktop\RKreport[2].txt 2012-07-14 09:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-14 09:12 - 2009-07-13 20:51 - 00050800 ____A C:\Windows\setupact.log 2012-07-14 09:11 - 2012-07-14 07:37 - 00000985 ____A C:\Users\Denzel\Desktop\malware.txt 2012-07-14 09:06 - 2012-04-12 07:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-14 08:45 - 2012-07-14 08:45 - 00172516 ____A C:\ComboFix.txt 2012-07-14 08:42 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-07-14 07:51 - 2010-11-12 11:14 - 00485782 ____A C:\Windows\PFRO.log 2012-07-14 07:19 - 2012-07-14 07:19 - 04577833 ____R (Swearware) C:\Users\Denzel\Desktop\ComboFix.exe 2012-07-14 06:47 - 2012-07-14 06:47 - 00002670 ____A C:\Users\Denzel\Desktop\RKreport[1].txt 2012-07-14 06:46 - 2012-07-14 06:46 - 01558528 ____A C:\Users\Denzel\Downloads\RogueKiller.exe 2012-07-13 22:53 - 2012-07-13 22:53 - 00023565 ____A C:\Users\Denzel\Desktop\DDS.txt 2012-07-13 22:53 - 2012-07-13 22:53 - 00008695 ____A C:\Users\Denzel\Desktop\Attach.txt 2012-07-13 22:45 - 2012-07-13 22:45 - 00607260 ____R (Swearware) C:\Users\Denzel\Downloads\dds.scr 2012-07-13 21:10 - 2012-07-13 21:09 - 18263664 ____A (PortableApps.com) C:\Users\Denzel\Downloads\FirefoxPortable_13.0.1_English.paf.exe 2012-07-13 20:36 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-13 20:21 - 2012-07-05 15:08 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-13 12:44 - 2011-04-22 01:44 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929366102-1455998418-2292055116-1000Core.job 2012-07-13 03:46 - 2012-07-13 03:46 - 00999771 ____A C:\Users\Denzel\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar 2012-07-11 22:06 - 2012-04-12 07:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 22:06 - 2011-08-17 00:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 06:53 - 2009-07-13 20:45 - 02349992 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 02:01 - 2010-11-12 11:58 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-08 22:05 - 2012-07-08 08:52 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDenzel.job 2012-07-08 08:51 - 2011-04-18 18:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-07-06 13:41 - 2011-04-22 01:45 - 00002557 ____A C:\Users\anyone\Desktop\Google Chrome.lnk 2012-07-05 21:14 - 2012-07-05 21:14 - 00219564 ____A (Hyperdesktop) C:\Users\Denzel\Downloads\hyperdesktop.exe 2012-07-05 21:14 - 2012-07-05 21:14 - 00000880 ____A C:\Users\Denzel\Desktop\Hyperdesktop.lnk 2012-07-05 16:41 - 2012-07-05 16:33 - 159899011 ____A C:\Users\Denzel\Downloads\08-26-11M.rar 2012-07-05 15:56 - 2012-07-05 15:56 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-07-05 15:54 - 2012-07-05 15:51 - 89340632 ____A C:\Users\Denzel\Downloads\avast_free_antivirus_setup.exe 2012-07-05 15:27 - 2012-07-05 15:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-07-05 15:06 - 2012-07-05 15:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Denzel\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-05 14:56 - 2010-07-21 12:03 - 00092045 ____A C:\Windows\DirectX.log 2012-07-05 14:51 - 2012-07-05 14:51 - 20810120 ____A (Skype Technologies S.A.) C:\Users\Denzel\Downloads\SkypeSetup_5.0.0.152.exe 2012-07-05 14:48 - 2012-07-05 14:48 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom(1).exe 2012-07-05 14:34 - 2012-07-05 14:34 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom.exe 2012-07-05 12:24 - 2012-07-05 12:24 - 00559424 ____A C:\Users\Denzel\Downloads\flux-setup.exe 2012-07-05 12:07 - 2012-07-05 12:07 - 00111952 ____A C:\Users\Denzel\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-05 12:06 - 2012-07-05 12:06 - 00000020 ___SH C:\Users\Denzel\ntuser.ini 2012-07-04 15:12 - 2012-07-04 15:00 - 03145772 ____A C:\Users\anyone\Desktop\Nyxus wings blank copy.tga 2012-07-04 14:56 - 2012-07-04 14:56 - 03145746 ____A C:\Users\anyone\Desktop\Nyxus wings blank.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy.tga 2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy copy.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 04769850 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2.psd 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2.tga 2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2 copy.tga 2012-07-04 14:51 - 2012-06-07 00:42 - 04769518 ____A C:\Users\anyone\Downloads\CHIMERA_torso_v2.psd 2012-07-04 14:23 - 2012-07-04 14:23 - 01830882 ____A C:\Users\anyone\Desktop\chilly head.psd 2012-07-04 14:23 - 2012-07-04 14:23 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_beak.tga 2012-07-04 14:23 - 2012-07-04 13:48 - 00650722 ____A C:\Users\anyone\Downloads\felisgryph_beak.psd 2012-07-04 14:22 - 2012-07-04 14:22 - 01572908 ____A C:\Users\anyone\Desktop\chilly head copy.tga 2012-07-04 14:22 - 2012-07-04 14:22 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_jaw.tga 2012-07-04 14:22 - 2012-07-04 13:47 - 00637913 ____A C:\Users\anyone\Downloads\felisgryph_jaw.psd 2012-07-04 14:11 - 2012-07-04 14:11 - 01572882 ____A C:\Users\anyone\Desktop\chilly head.tga 2012-07-03 12:46 - 2012-07-05 15:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-07-03 08:21 - 2012-07-05 15:56 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-07-03 08:21 - 2012-07-05 15:56 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-07-03 08:21 - 2012-07-05 15:56 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-07-03 08:21 - 2012-07-05 15:56 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-07-02 00:22 - 2012-05-27 08:29 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForanyone.job 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants white.tga 2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants colored.tga 2012-07-01 18:14 - 2012-07-01 18:04 - 04194348 ____A C:\Users\anyone\Desktop\pants copy.tga 2012-07-01 18:02 - 2012-07-01 18:02 - 03145746 ____A C:\Users\anyone\Desktop\pants.tga 2012-07-01 15:13 - 2012-07-01 15:11 - 03145772 ____A C:\Users\anyone\Desktop\anus.tga 2012-07-01 15:10 - 2012-07-01 15:10 - 00786450 ____A C:\Users\anyone\Desktop\lower copy.tga 2012-06-19 02:41 - 2011-04-22 15:36 - 00001867 ____A C:\Users\anyone\Documents\neopass.txt 2012-06-16 02:17 - 2012-06-15 02:26 - 00000836 ____A C:\Users\anyone\Desktop\rares.txt 2012-06-15 00:33 - 2012-06-14 16:22 - 00001024 ____A C:\Users\Public\Desktop\World of Warcraft.lnk 2012-06-15 00:30 - 2012-06-15 00:30 - 32160136 ____A C:\Users\anyone\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe 2012-06-14 16:22 - 2012-06-14 16:21 - 32157120 ____A C:\Users\anyone\Downloads\WOW-4.0.0.12911-enUS-Trial.exe 2012-06-11 19:08 - 2012-07-11 02:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-10 22:52 - 2012-06-10 22:52 - 00786476 ____A C:\Users\anyone\Desktop\torso copy.tga 2012-06-10 22:49 - 2012-06-10 22:49 - 00786450 ____A C:\Users\anyone\Desktop\Space Torso.tga 2012-06-08 21:43 - 2012-07-11 01:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 01:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-08 05:34 - 2012-06-08 05:34 - 00786450 ____A C:\Users\anyone\Desktop\torso.tga 2012-06-07 00:42 - 2012-06-07 00:42 - 02053600 ____A C:\Users\anyone\Downloads\CHIMERA_legs_v2.psd 2012-06-05 22:06 - 2012-07-11 01:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 01:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 01:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 01:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 01:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 01:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-20 16:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-20 16:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:19 - 2012-06-20 16:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-20 16:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-20 16:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:15 - 2012-06-20 16:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:50 - 2012-07-11 01:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 01:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 01:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 01:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 01:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 01:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 01:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 01:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 01:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-27 08:28 - 2011-10-26 00:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-05-04 03:06 - 2012-06-12 15:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-12 15:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-12 15:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-03 01:30 - 2012-05-03 01:30 - 00025088 ____A C:\Users\anyone\Downloads\Book List.dat 2012-05-03 01:21 - 2012-04-14 09:12 - 00000113 ____A C:\Users\anyone\Desktop\tags.txt 2012-04-30 21:40 - 2012-06-12 15:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 19:55 - 2012-06-12 15:59 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 21:41 - 2012-06-12 16:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-12 16:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-12 16:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 15:06 - 2012-04-24 15:06 - 00001013 ____A C:\Users\anyone\Downloads\salem-pdx.jnlp 2012-04-23 21:37 - 2012-06-12 15:59 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-06-12 15:59 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-06-12 15:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-06-12 15:59 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-06-12 15:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-06-12 15:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-20 23:06 - 2012-03-26 06:54 - 00000439 ____A C:\Users\anyone\Documents\paisley.txt 2012-04-16 21:31 - 2012-06-12 16:00 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-04-16 20:34 - 2012-06-12 16:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll ZeroAccess: C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U ZeroAccess: C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 13% Total physical RAM: 5941.61 MB Available physical RAM: 5138.4 MB Total Pagefile: 5939.76 MB Available Pagefile: 5133.82 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:123.74 GB) (Free:11.76 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:25.01 GB) (Free:3.63 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 5 Drive h: () (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 1886 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 123 GB 200 MB Partition 3 Primary 25 GB 123 GB Partition 4 Primary 102 MB 148 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 123 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 25 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1884 MB 67 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT Removable 1884 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-08 08:13 ======================= End Of Log ==========================
- July 14, 2012
- 14 replies
Please help me get rid of Trojan.Dropper.BCMiner

Denzel replied to Denzel's topic in Resolved Malware Removal Logs

First, the MBAM log, with zero objects detected(!): Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Denzel :: RAPHAEL [administrator] 7/14/2012 10:08:00 AM mbam-log-2012-07-14 (10-08-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234674 Time elapsed: 2 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Next, the RogueKiller report: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Denzel [Admin rights] Mode: Scan -- Date: 07/14/2012 10:14:11 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] hyperdesktop.exe -- C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-929366102-1455998418-2292055116-1001[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9160412AS +++++ --- User --- [MBR] 3371368c25ccd8eba1b0e01c9e72fcb8 [bSP] 3f745d7c353ffb516981a2f2545bea19 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 126713 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 259917824 | Size: 25611 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
- July 14, 2012
- 14 replies
Please help me get rid of Trojan.Dropper.BCMiner

Denzel replied to Denzel's topic in Resolved Malware Removal Logs

Hi, just ran ComboFix. It gave me a warning that avast! was running, though I disabled all eight kinds of shields, as well as going into the avast! troubleshooting settings and disabling its self-defense module. Let me know if this impacted the results, and if so, how to disable avast! further. Here is the ComboFix.txt file, attached due to length. ComboFix.txt
- July 14, 2012
- 14 replies
Please help me get rid of Trojan.Dropper.BCMiner

Denzel replied to Denzel's topic in Resolved Malware Removal Logs

Hi, thanks a lot for the quick response. My RogueKiller report is as follows: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Denzel [Admin rights] Mode: Scan -- Date: 07/14/2012 07:47:42 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] hyperdesktop.exe -- C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-929366102-1455998418-2292055116-1001[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9160412AS +++++ --- User --- [MBR] 3371368c25ccd8eba1b0e01c9e72fcb8 [bSP] 3f745d7c353ffb516981a2f2545bea19 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 126713 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 259917824 | Size: 25611 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
- July 14, 2012
- 14 replies
Please help me get rid of Trojan.Dropper.BCMiner

Denzel posted a topic in Resolved Malware Removal Logs

I've been experiencing weird issues lately, like tabs opening by themselves in Firefox and sudden redirects (including redirects when clicking links in Google). Malwarebytes says I have Trojan.Dropper.BCMiner. I've removed it a few times, but it's back every time. As per the instructions in "I'm Infected - What do I do now?", I ran DDS.scr. I've attached the two files it produced to this post. It looks like I'm not the only one infected by this thing. Thanks so much for the help! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Denzel at 23:50:01 on 2012-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3225 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe C:\Program Files (x86)\Stardock\MyColors\WBVista.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\RunDll32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [F.lux] "C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Hyperdesktop] C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\Denzel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\StartUp\ICONPA~1.LNK - C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{58B6AD9D-3AE4-41D8-9F08-5F8233255407}\25564684F6273756D27657563747 : DhcpNameServer = 192.168.1.254 192.168.33.1 TCP: Interfaces\{C207EB8B-B48D-4251-A1CB-69701CC2FE11} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Denzel\AppData\Roaming\Mozilla\Firefox\Profiles\5uovi1i7.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-12 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-12 13336] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-12 2533400] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-07-11 10:03:20 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 00:12:37 -------- d-----w- C:\Users\Denzel\AppData\Roaming\.minecraft 2012-07-07 04:51:19 -------- d-----w- C:\Users\Denzel\AppData\Local\Hewlett-Packard 2012-07-07 04:30:10 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Firestorm 2012-07-07 04:30:09 -------- d-----w- C:\Users\Denzel\AppData\Local\Firestorm 2012-07-06 07:46:46 -------- d-----w- C:\Users\Denzel\AppData\Local\Adobe 2012-07-06 05:14:25 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Hyperdesktop 2012-07-05 23:56:46 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-07-05 23:56:46 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-05 23:56:45 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-07-05 23:56:26 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-05 23:56:12 -------- d-----w- C:\ProgramData\AVAST Software 2012-07-05 23:56:12 -------- d-----w- C:\Program Files\AVAST Software 2012-07-05 23:27:29 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-05 23:08:58 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Malwarebytes 2012-07-05 23:08:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-05 23:08:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-05 23:08:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-05 22:56:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-07-05 22:56:24 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-07-05 22:47:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-05 20:28:04 15128 ----a-w- C:\Users\Denzel\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll 2012-07-05 20:27:53 -------- d-----w- C:\Users\Denzel\Tracing 2012-07-05 20:24:23 -------- d-----w- C:\Users\Denzel\AppData\Local\Apps 2012-07-05 20:17:48 -------- d-----w- C:\Users\Denzel\AppData\Local\Macromedia 2012-07-05 20:10:13 -------- d-----w- C:\Users\Denzel\AppData\Local\Mozilla 2012-07-05 20:08:14 -------- d-----w- C:\Users\Denzel\AppData\Local\ATI 2012-07-05 20:07:15 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Intel Corporation 2012-07-05 20:07:14 -------- d-----w- C:\Users\Denzel\AppData\Local\LogMeIn Hamachi 2012-07-05 20:07:14 -------- d-----w- C:\Users\Denzel\AppData\Local\LogMeIn 2012-07-05 18:50:36 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-07-03 23:36:24 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58E62502-22B5-46F4-8293-42EE746DC50C}\mpengine.dll 2012-06-21 00:44:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 00:44:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 00:43:58 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 00:43:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-15 00:22:20 -------- d-----w- C:\Program Files (x86)\World of Warcraft . ==================== Find3M ==================== . 2012-07-12 06:06:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 06:06:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 23:51:02.57 =============== Attach.txt DDS.txt
- July 14, 2012
- 14 replies

Sign In

Denzel

Posts

Joined

Last visited

Reputation

Denzel

MrCharlie

Please help me get rid of Trojan.Dropper.BCMiner

Please help me get rid of Trojan.Dropper.BCMiner

Please help me get rid of Trojan.Dropper.BCMiner

Please help me get rid of Trojan.Dropper.BCMiner

Please help me get rid of Trojan.Dropper.BCMiner

Please help me get rid of Trojan.Dropper.BCMiner

Please help me get rid of Trojan.Dropper.BCMiner

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information