Jump to content
Denzel

Please help me get rid of Trojan.Dropper.BCMiner

Recommended Posts

I've been experiencing weird issues lately, like tabs opening by themselves in Firefox and sudden redirects (including redirects when clicking links in Google). Malwarebytes says I have Trojan.Dropper.BCMiner. I've removed it a few times, but it's back every time.

As per the instructions in "I'm Infected - What do I do now?", I ran DDS.scr. I've attached the two files it produced to this post.

It looks like I'm not the only one infected by this thing. Thanks so much for the help!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Denzel at 23:50:01 on 2012-07-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3225 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [F.lux] "C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Hyperdesktop] C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Denzel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\StartUp\ICONPA~1.LNK - C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{58B6AD9D-3AE4-41D8-9F08-5F8233255407}\25564684F6273756D27657563747 : DhcpNameServer = 192.168.1.254 192.168.33.1

TCP: Interfaces\{C207EB8B-B48D-4251-A1CB-69701CC2FE11} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Denzel\AppData\Roaming\Mozilla\Firefox\Profiles\5uovi1i7.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-12 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-12 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-12 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-11 10:03:20 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-10 00:12:37 -------- d-----w- C:\Users\Denzel\AppData\Roaming\.minecraft

2012-07-07 04:51:19 -------- d-----w- C:\Users\Denzel\AppData\Local\Hewlett-Packard

2012-07-07 04:30:10 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Firestorm

2012-07-07 04:30:09 -------- d-----w- C:\Users\Denzel\AppData\Local\Firestorm

2012-07-06 07:46:46 -------- d-----w- C:\Users\Denzel\AppData\Local\Adobe

2012-07-06 05:14:25 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Hyperdesktop

2012-07-05 23:56:46 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-05 23:56:46 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-05 23:56:45 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-05 23:56:26 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-05 23:56:12 -------- d-----w- C:\ProgramData\AVAST Software

2012-07-05 23:56:12 -------- d-----w- C:\Program Files\AVAST Software

2012-07-05 23:27:29 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-05 23:08:58 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Malwarebytes

2012-07-05 23:08:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-05 23:08:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-05 23:08:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-05 22:56:39 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-07-05 22:56:24 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-07-05 22:47:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-05 20:28:04 15128 ----a-w- C:\Users\Denzel\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

2012-07-05 20:27:53 -------- d-----w- C:\Users\Denzel\Tracing

2012-07-05 20:24:23 -------- d-----w- C:\Users\Denzel\AppData\Local\Apps

2012-07-05 20:17:48 -------- d-----w- C:\Users\Denzel\AppData\Local\Macromedia

2012-07-05 20:10:13 -------- d-----w- C:\Users\Denzel\AppData\Local\Mozilla

2012-07-05 20:08:14 -------- d-----w- C:\Users\Denzel\AppData\Local\ATI

2012-07-05 20:07:15 -------- d-----w- C:\Users\Denzel\AppData\Roaming\Intel Corporation

2012-07-05 20:07:14 -------- d-----w- C:\Users\Denzel\AppData\Local\LogMeIn Hamachi

2012-07-05 20:07:14 -------- d-----w- C:\Users\Denzel\AppData\Local\LogMeIn

2012-07-05 18:50:36 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-07-03 23:36:24 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58E62502-22B5-46F4-8293-42EE746DC50C}\mpengine.dll

2012-06-21 00:44:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 00:44:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 00:43:58 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 00:43:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-15 00:22:20 -------- d-----w- C:\Program Files (x86)\World of Warcraft

.

==================== Find3M ====================

.

2012-07-12 06:06:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 06:06:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 23:51:02.57 ===============

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

Then......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Hi, thanks a lot for the quick response. My RogueKiller report is as follows:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Denzel [Admin rights]

Mode: Scan -- Date: 07/14/2012 07:47:42

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] hyperdesktop.exe -- C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-929366102-1455998418-2292055116-1001[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160412AS +++++

--- User ---

[MBR] 3371368c25ccd8eba1b0e01c9e72fcb8

[bSP] 3f745d7c353ffb516981a2f2545bea19 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 126713 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 259917824 | Size: 25611 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Hi, just ran ComboFix. It gave me a warning that avast! was running, though I disabled all eight kinds of shields, as well as going into the avast! troubleshooting settings and disabling its self-defense module. Let me know if this impacted the results, and if so, how to disable avast! further. Here is the ComboFix.txt file, attached due to length.

ComboFix.txt

Share this post


Link to post
Share on other sites

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Reboot and run another RogueKiller scan and post the log (Don't Fix Anything!!)

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

First, the MBAM log, with zero objects detected(!):

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.14.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Denzel :: RAPHAEL [administrator]

7/14/2012 10:08:00 AM

mbam-log-2012-07-14 (10-08-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234674

Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Next, the RogueKiller report:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Denzel [Admin rights]

Mode: Scan -- Date: 07/14/2012 10:14:11

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] hyperdesktop.exe -- C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-929366102-1455998418-2292055116-1001[...]\Run : Hyperdesktop (C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\denzel\appdata\local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160412AS +++++

--- User ---

[MBR] 3371368c25ccd8eba1b0e01c9e72fcb8

[bSP] 3f745d7c353ffb516981a2f2545bea19 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 126713 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 259917824 | Size: 25611 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 312369152 | Size: 102 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Share this post


Link to post
Share on other sites

It's still there, we'll have to use a different tool now.......

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01

Ran by SYSTEM at 14-07-2012 11:07:39

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-02] (IDT, Inc.)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [161304 2011-05-04] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-05-04] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2011-05-04] (Intel Corporation)

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-24] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-10-24] (Yuna Software)

HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)

HKU\anyone\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)

HKU\anyone\...\Run: [Google Update] "C:\Users\anyone\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-22] (Google Inc.)

HKU\anyone\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-07] (Valve Corporation)

HKU\anyone\...\Run: [F.lux] "C:\Users\anyone\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()

HKU\anyone\...\Run: [Hyperdesktop] C:\Users\anyone\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [219564 2012-05-13] (Hyperdesktop)

HKU\anyone\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.)

HKU\Denzel\...\Run: [F.lux] "C:\Users\Denzel\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()

HKU\Denzel\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [14940040 2010-10-11] (Skype Technologies S.A.)

HKU\Denzel\...\Run: [Hyperdesktop] C:\Users\Denzel\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [219564 2012-07-05] (Hyperdesktop)

HKU\Denzel\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [3872080 2010-04-16] (Microsoft Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Stardock MyColors.lnk

ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()

Startup: C:\Users\anyone\Start Menu\Programs\Startup\MagicDisc.lnk

ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\IconPackager.lnk

ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\IconPackager.lnk

ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)

Startup: C:\Users\Denzel\Start Menu\Programs\Startup\IconPackager.lnk

ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)

2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [400368 2010-06-12] (CinemaNow, Inc.)

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)

3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.)

2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-06-08] (LogMeIn, Inc.)

4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-06-08] (LogMeIn, Inc.)

4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-06-08] (Intel Corporation)

2 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)

3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-06-24] (Windows ® Win 7 DDK provider)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)

3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.)

2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-14 11:07 - 2012-07-14 11:07 - 00000000 ____D C:\FRST

2012-07-14 09:23 - 2012-07-14 09:23 - 01436595 ____A (Farbar) C:\Users\Denzel\Downloads\FRST64.exe

2012-07-14 09:22 - 2010-11-06 00:09 - 02277040 ____A C:\Users\Denzel\Desktop\caddy.psd

2012-07-14 09:14 - 2012-07-14 09:14 - 00002327 ____A C:\Users\Denzel\Desktop\RKreport[2].txt

2012-07-14 08:45 - 2012-07-14 08:45 - 00172516 ____A C:\ComboFix.txt

2012-07-14 07:37 - 2012-07-14 09:11 - 00000985 ____A C:\Users\Denzel\Desktop\malware.txt

2012-07-14 07:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-14 07:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-14 07:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-14 07:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-14 07:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-14 07:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-14 07:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-14 07:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-14 07:19 - 2012-07-14 07:19 - 04577833 ____R (Swearware) C:\Users\Denzel\Desktop\ComboFix.exe

2012-07-14 07:11 - 2012-07-14 08:45 - 00000000 ____D C:\Qoobox

2012-07-14 07:10 - 2012-07-14 08:44 - 00000000 ____D C:\Windows\erdnt

2012-07-14 06:47 - 2012-07-14 06:47 - 00002670 ____A C:\Users\Denzel\Desktop\RKreport[1].txt

2012-07-14 06:47 - 2012-07-14 06:47 - 00000000 ____D C:\Users\Denzel\Desktop\RK_Quarantine

2012-07-14 06:46 - 2012-07-14 06:46 - 01558528 ____A C:\Users\Denzel\Downloads\RogueKiller.exe

2012-07-13 22:53 - 2012-07-13 22:53 - 00023565 ____A C:\Users\Denzel\Desktop\DDS.txt

2012-07-13 22:53 - 2012-07-13 22:53 - 00008695 ____A C:\Users\Denzel\Desktop\Attach.txt

2012-07-13 22:45 - 2012-07-13 22:45 - 00607260 ____R (Swearware) C:\Users\Denzel\Downloads\dds.scr

2012-07-13 21:10 - 2012-07-13 21:10 - 00000000 ____D C:\Users\Denzel\Downloads\FirefoxPortable

2012-07-13 21:09 - 2012-07-13 21:10 - 18263664 ____A (PortableApps.com) C:\Users\Denzel\Downloads\FirefoxPortable_13.0.1_English.paf.exe

2012-07-13 03:46 - 2012-07-13 03:46 - 00999771 ____A C:\Users\Denzel\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

2012-07-11 02:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 01:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 01:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 01:25 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 01:25 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 01:25 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 01:25 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 01:25 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 01:25 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-11 01:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 01:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 01:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 01:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 01:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 01:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 01:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 01:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 01:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-11 01:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 01:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-09 16:12 - 2012-07-13 03:48 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\.minecraft

2012-07-08 08:52 - 2012-07-08 22:05 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDenzel.job

2012-07-08 08:52 - 2012-07-08 08:52 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Hewlett-Packard

2012-07-08 03:25 - 2012-07-08 03:25 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Audacity

2012-07-08 03:08 - 2012-07-08 03:44 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\vlc

2012-07-07 13:50 - 2012-07-07 21:15 - 00000000 ____D C:\Users\Denzel\Desktop\Space Funeral

2012-07-07 03:06 - 2012-07-07 03:07 - 00000000 ____D C:\Users\Denzel\Documents\TurnOffLCDv101

2012-07-06 20:51 - 2012-07-08 08:49 - 00000000 ____D C:\Users\Denzel\AppData\Local\Hewlett-Packard

2012-07-06 20:30 - 2012-07-07 02:09 - 00000000 ____D C:\Users\Denzel\AppData\Local\Firestorm

2012-07-06 20:30 - 2012-07-06 20:30 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Firestorm

2012-07-05 23:46 - 2012-07-11 18:19 - 00000000 ____D C:\Users\Denzel\AppData\Local\Adobe

2012-07-05 21:14 - 2012-07-05 21:14 - 00219564 ____A (Hyperdesktop) C:\Users\Denzel\Downloads\hyperdesktop.exe

2012-07-05 21:14 - 2012-07-05 21:14 - 00000880 ____A C:\Users\Denzel\Desktop\Hyperdesktop.lnk

2012-07-05 16:44 - 2011-08-25 17:51 - 159898907 ____A C:\Users\Denzel\Downloads\Mahou Shoujo Isuka - 03.mkv

2012-07-05 16:33 - 2012-07-05 16:41 - 159899011 ____A C:\Users\Denzel\Downloads\08-26-11M.rar

2012-07-05 16:02 - 2012-07-09 16:39 - 00000000 ____D C:\Users\Denzel\Documents\My Received Files

2012-07-05 15:56 - 2012-07-05 15:56 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____D C:\Program Files\AVAST Software

2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-05 15:56 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-05 15:56 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-05 15:56 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-05 15:56 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-05 15:56 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-05 15:56 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-05 15:56 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-05 15:56 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-05 15:56 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-05 15:51 - 2012-07-05 15:54 - 89340632 ____A C:\Users\Denzel\Downloads\avast_free_antivirus_setup.exe

2012-07-05 15:30 - 2012-07-14 08:49 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\skypePM

2012-07-05 15:27 - 2012-07-05 15:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-07-05 15:27 - 2012-07-05 15:27 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-07-05 15:08 - 2012-07-13 20:21 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-05 15:08 - 2012-07-13 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-05 15:08 - 2012-07-05 15:08 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Malwarebytes

2012-07-05 15:08 - 2012-07-05 15:08 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-05 15:08 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-05 15:07 - 2012-07-05 15:07 - 00000000 ____D C:\Users\Denzel\Documents\Messenger Plus

2012-07-05 15:06 - 2012-07-05 15:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Denzel\Downloads\mbam-setup-1.61.0.1400.exe

2012-07-05 14:56 - 2012-07-05 14:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-07-05 14:51 - 2012-07-05 14:51 - 20810120 ____A (Skype Technologies S.A.) C:\Users\Denzel\Downloads\SkypeSetup_5.0.0.152.exe

2012-07-05 14:48 - 2012-07-05 14:48 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom(1).exe

2012-07-05 14:47 - 2012-07-05 14:47 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-05 14:43 - 2012-07-05 14:43 - 00000000 ____D C:\Users\anyone\AppData\Local\LogMeIn Hamachi

2012-07-05 14:43 - 2012-07-05 14:43 - 00000000 ____D C:\Users\anyone\AppData\Local\LogMeIn

2012-07-05 14:34 - 2012-07-05 14:34 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom.exe

2012-07-05 12:30 - 2012-07-14 09:57 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Skype

2012-07-05 12:27 - 2012-07-14 09:05 - 00000000 ____D C:\Users\Denzel\Tracing

2012-07-05 12:24 - 2012-07-05 12:24 - 00559424 ____A C:\Users\Denzel\Downloads\flux-setup.exe

2012-07-05 12:24 - 2012-07-05 12:24 - 00000000 ____D C:\Users\Denzel\AppData\Local\Apps\F.lux

2012-07-05 12:17 - 2012-07-11 18:19 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Adobe

2012-07-05 12:17 - 2012-07-05 12:17 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Macromedia

2012-07-05 12:17 - 2012-07-05 12:17 - 00000000 ____D C:\Users\Denzel\AppData\Local\Macromedia

2012-07-05 12:10 - 2012-07-13 21:27 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Mozilla

2012-07-05 12:10 - 2012-07-05 12:10 - 00000000 ____D C:\Users\Denzel\AppData\Local\Mozilla

2012-07-05 12:08 - 2012-07-05 12:08 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\ATI

2012-07-05 12:08 - 2012-07-05 12:08 - 00000000 ____D C:\Users\Denzel\AppData\Local\ATI

2012-07-05 12:07 - 2012-07-14 09:13 - 00000000 ____D C:\Users\Denzel\AppData\Local\LogMeIn Hamachi

2012-07-05 12:07 - 2012-07-05 12:07 - 00111952 ____A C:\Users\Denzel\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-05 12:07 - 2012-07-05 12:07 - 00000000 ____D C:\Users\Denzel\AppData\Roaming\Intel Corporation

2012-07-05 12:07 - 2012-07-05 12:07 - 00000000 ____D C:\Users\Denzel\AppData\Local\LogMeIn

2012-07-05 12:06 - 2012-07-08 08:52 - 00000000 ____D C:\users\Denzel

2012-07-05 12:06 - 2012-07-05 12:06 - 00000020 ___SH C:\Users\Denzel\ntuser.ini

2012-07-05 12:06 - 2012-07-05 12:06 - 00000000 ____D C:\Users\Denzel\AppData\Local\VirtualStore

2012-07-05 10:50 - 2012-07-05 10:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-07-04 15:00 - 2012-07-04 15:12 - 03145772 ____A C:\Users\anyone\Desktop\Nyxus wings blank copy.tga

2012-07-04 14:56 - 2012-07-04 14:56 - 03145746 ____A C:\Users\anyone\Desktop\Nyxus wings blank.tga

2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy.tga

2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy copy.tga

2012-07-04 14:51 - 2012-07-04 14:51 - 04769850 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2.psd

2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2.tga

2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2 copy.tga

2012-07-04 14:23 - 2012-07-04 14:23 - 01830882 ____A C:\Users\anyone\Desktop\chilly head.psd

2012-07-04 14:23 - 2012-07-04 14:23 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_beak.tga

2012-07-04 14:22 - 2012-07-04 14:22 - 01572908 ____A C:\Users\anyone\Desktop\chilly head copy.tga

2012-07-04 14:22 - 2012-07-04 14:22 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_jaw.tga

2012-07-04 14:11 - 2012-07-04 14:11 - 01572882 ____A C:\Users\anyone\Desktop\chilly head.tga

2012-07-04 13:48 - 2012-07-04 14:23 - 00650722 ____A C:\Users\anyone\Downloads\felisgryph_beak.psd

2012-07-04 13:47 - 2012-07-04 14:22 - 00637913 ____A C:\Users\anyone\Downloads\felisgryph_jaw.psd

2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants white.tga

2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants colored.tga

2012-07-01 18:04 - 2012-07-01 18:14 - 04194348 ____A C:\Users\anyone\Desktop\pants copy.tga

2012-07-01 18:02 - 2012-07-01 18:02 - 03145746 ____A C:\Users\anyone\Desktop\pants.tga

2012-07-01 15:11 - 2012-07-01 15:13 - 03145772 ____A C:\Users\anyone\Desktop\anus.tga

2012-07-01 15:10 - 2012-07-01 15:10 - 00786450 ____A C:\Users\anyone\Desktop\lower copy.tga

2012-06-20 16:44 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-20 16:44 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-20 16:44 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-20 16:44 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-20 16:44 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-20 16:44 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-20 16:44 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-20 16:43 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-20 16:43 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-15 02:26 - 2012-06-16 02:17 - 00000836 ____A C:\Users\anyone\Desktop\rares.txt

2012-06-15 00:30 - 2012-06-15 00:30 - 32160136 ____A C:\Users\anyone\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe

2012-06-14 16:22 - 2012-07-13 14:34 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2012-06-14 16:22 - 2012-06-15 00:33 - 00001024 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-06-14 16:21 - 2012-06-14 16:22 - 32157120 ____A C:\Users\anyone\Downloads\WOW-4.0.0.12911-enUS-Trial.exe

============ 3 Months Modified Files ========================

2012-07-14 10:04 - 2010-11-12 11:04 - 01424426 ____A C:\Windows\WindowsUpdate.log

2012-07-14 09:44 - 2011-04-22 01:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929366102-1455998418-2292055116-1000UA.job

2012-07-14 09:24 - 2009-07-13 21:13 - 00802496 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-14 09:23 - 2012-07-14 09:23 - 01436595 ____A (Farbar) C:\Users\Denzel\Downloads\FRST64.exe

2012-07-14 09:20 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-14 09:20 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-14 09:14 - 2012-07-14 09:14 - 00002327 ____A C:\Users\Denzel\Desktop\RKreport[2].txt

2012-07-14 09:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-14 09:12 - 2009-07-13 20:51 - 00050800 ____A C:\Windows\setupact.log

2012-07-14 09:11 - 2012-07-14 07:37 - 00000985 ____A C:\Users\Denzel\Desktop\malware.txt

2012-07-14 09:06 - 2012-04-12 07:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-14 08:45 - 2012-07-14 08:45 - 00172516 ____A C:\ComboFix.txt

2012-07-14 08:42 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-07-14 07:51 - 2010-11-12 11:14 - 00485782 ____A C:\Windows\PFRO.log

2012-07-14 07:19 - 2012-07-14 07:19 - 04577833 ____R (Swearware) C:\Users\Denzel\Desktop\ComboFix.exe

2012-07-14 06:47 - 2012-07-14 06:47 - 00002670 ____A C:\Users\Denzel\Desktop\RKreport[1].txt

2012-07-14 06:46 - 2012-07-14 06:46 - 01558528 ____A C:\Users\Denzel\Downloads\RogueKiller.exe

2012-07-13 22:53 - 2012-07-13 22:53 - 00023565 ____A C:\Users\Denzel\Desktop\DDS.txt

2012-07-13 22:53 - 2012-07-13 22:53 - 00008695 ____A C:\Users\Denzel\Desktop\Attach.txt

2012-07-13 22:45 - 2012-07-13 22:45 - 00607260 ____R (Swearware) C:\Users\Denzel\Downloads\dds.scr

2012-07-13 21:10 - 2012-07-13 21:09 - 18263664 ____A (PortableApps.com) C:\Users\Denzel\Downloads\FirefoxPortable_13.0.1_English.paf.exe

2012-07-13 20:36 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-13 20:21 - 2012-07-05 15:08 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-13 12:44 - 2011-04-22 01:44 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929366102-1455998418-2292055116-1000Core.job

2012-07-13 03:46 - 2012-07-13 03:46 - 00999771 ____A C:\Users\Denzel\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

2012-07-11 22:06 - 2012-04-12 07:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-11 22:06 - 2011-08-17 00:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-11 06:53 - 2009-07-13 20:45 - 02349992 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 02:01 - 2010-11-12 11:58 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-08 22:05 - 2012-07-08 08:52 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDenzel.job

2012-07-08 08:51 - 2011-04-18 18:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-07-06 13:41 - 2011-04-22 01:45 - 00002557 ____A C:\Users\anyone\Desktop\Google Chrome.lnk

2012-07-05 21:14 - 2012-07-05 21:14 - 00219564 ____A (Hyperdesktop) C:\Users\Denzel\Downloads\hyperdesktop.exe

2012-07-05 21:14 - 2012-07-05 21:14 - 00000880 ____A C:\Users\Denzel\Desktop\Hyperdesktop.lnk

2012-07-05 16:41 - 2012-07-05 16:33 - 159899011 ____A C:\Users\Denzel\Downloads\08-26-11M.rar

2012-07-05 15:56 - 2012-07-05 15:56 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-07-05 15:56 - 2012-07-05 15:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-05 15:54 - 2012-07-05 15:51 - 89340632 ____A C:\Users\Denzel\Downloads\avast_free_antivirus_setup.exe

2012-07-05 15:27 - 2012-07-05 15:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2012-07-05 15:06 - 2012-07-05 15:06 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Denzel\Downloads\mbam-setup-1.61.0.1400.exe

2012-07-05 14:56 - 2010-07-21 12:03 - 00092045 ____A C:\Windows\DirectX.log

2012-07-05 14:51 - 2012-07-05 14:51 - 20810120 ____A (Skype Technologies S.A.) C:\Users\Denzel\Downloads\SkypeSetup_5.0.0.152.exe

2012-07-05 14:48 - 2012-07-05 14:48 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom(1).exe

2012-07-05 14:34 - 2012-07-05 14:34 - 01247568 ____A (Microsoft Corporation) C:\Users\Denzel\Downloads\wlsetup-custom.exe

2012-07-05 12:24 - 2012-07-05 12:24 - 00559424 ____A C:\Users\Denzel\Downloads\flux-setup.exe

2012-07-05 12:07 - 2012-07-05 12:07 - 00111952 ____A C:\Users\Denzel\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-05 12:06 - 2012-07-05 12:06 - 00000020 ___SH C:\Users\Denzel\ntuser.ini

2012-07-04 15:12 - 2012-07-04 15:00 - 03145772 ____A C:\Users\anyone\Desktop\Nyxus wings blank copy.tga

2012-07-04 14:56 - 2012-07-04 14:56 - 03145746 ____A C:\Users\anyone\Desktop\Nyxus wings blank.tga

2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy.tga

2012-07-04 14:52 - 2012-07-04 14:52 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2 copy copy.tga

2012-07-04 14:51 - 2012-07-04 14:51 - 04769850 ____A C:\Users\anyone\Desktop\CHIMERA_torso_v2.psd

2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2.tga

2012-07-04 14:51 - 2012-07-04 14:51 - 00786476 ____A C:\Users\anyone\Desktop\CHIMERA_legs_v2 copy.tga

2012-07-04 14:51 - 2012-06-07 00:42 - 04769518 ____A C:\Users\anyone\Downloads\CHIMERA_torso_v2.psd

2012-07-04 14:23 - 2012-07-04 14:23 - 01830882 ____A C:\Users\anyone\Desktop\chilly head.psd

2012-07-04 14:23 - 2012-07-04 14:23 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_beak.tga

2012-07-04 14:23 - 2012-07-04 13:48 - 00650722 ____A C:\Users\anyone\Downloads\felisgryph_beak.psd

2012-07-04 14:22 - 2012-07-04 14:22 - 01572908 ____A C:\Users\anyone\Desktop\chilly head copy.tga

2012-07-04 14:22 - 2012-07-04 14:22 - 00786476 ____A C:\Users\anyone\Desktop\felisgryph_jaw.tga

2012-07-04 14:22 - 2012-07-04 13:47 - 00637913 ____A C:\Users\anyone\Downloads\felisgryph_jaw.psd

2012-07-04 14:11 - 2012-07-04 14:11 - 01572882 ____A C:\Users\anyone\Desktop\chilly head.tga

2012-07-03 12:46 - 2012-07-05 15:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 08:21 - 2012-07-05 15:56 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-03 08:21 - 2012-07-05 15:56 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-03 08:21 - 2012-07-05 15:56 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-03 08:21 - 2012-07-05 15:56 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-03 08:21 - 2012-07-05 15:56 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-03 08:21 - 2012-07-05 15:56 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-03 08:21 - 2012-07-05 15:56 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-03 08:21 - 2012-07-05 15:56 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-03 08:21 - 2012-07-05 15:56 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-02 00:22 - 2012-05-27 08:29 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForanyone.job

2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants white.tga

2012-07-01 18:19 - 2012-07-01 18:19 - 04194348 ____A C:\Users\anyone\Desktop\pants colored.tga

2012-07-01 18:14 - 2012-07-01 18:04 - 04194348 ____A C:\Users\anyone\Desktop\pants copy.tga

2012-07-01 18:02 - 2012-07-01 18:02 - 03145746 ____A C:\Users\anyone\Desktop\pants.tga

2012-07-01 15:13 - 2012-07-01 15:11 - 03145772 ____A C:\Users\anyone\Desktop\anus.tga

2012-07-01 15:10 - 2012-07-01 15:10 - 00786450 ____A C:\Users\anyone\Desktop\lower copy.tga

2012-06-19 02:41 - 2011-04-22 15:36 - 00001867 ____A C:\Users\anyone\Documents\neopass.txt

2012-06-16 02:17 - 2012-06-15 02:26 - 00000836 ____A C:\Users\anyone\Desktop\rares.txt

2012-06-15 00:33 - 2012-06-14 16:22 - 00001024 ____A C:\Users\Public\Desktop\World of Warcraft.lnk

2012-06-15 00:30 - 2012-06-15 00:30 - 32160136 ____A C:\Users\anyone\Downloads\WoW-4.0.0-WOW-enUS-Installer.exe

2012-06-14 16:22 - 2012-06-14 16:21 - 32157120 ____A C:\Users\anyone\Downloads\WOW-4.0.0.12911-enUS-Trial.exe

2012-06-11 19:08 - 2012-07-11 02:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-10 22:52 - 2012-06-10 22:52 - 00786476 ____A C:\Users\anyone\Desktop\torso copy.tga

2012-06-10 22:49 - 2012-06-10 22:49 - 00786450 ____A C:\Users\anyone\Desktop\Space Torso.tga

2012-06-08 21:43 - 2012-07-11 01:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 01:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 05:34 - 2012-06-08 05:34 - 00786450 ____A C:\Users\anyone\Desktop\torso.tga

2012-06-07 00:42 - 2012-06-07 00:42 - 02053600 ____A C:\Users\anyone\Downloads\CHIMERA_legs_v2.psd

2012-06-05 22:06 - 2012-07-11 01:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 01:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 01:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 01:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 01:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 01:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-20 16:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-20 16:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-20 16:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-20 16:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-20 16:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:19 - 2012-06-20 16:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:15 - 2012-06-20 16:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-20 16:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-20 16:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 21:50 - 2012-07-11 01:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 01:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 01:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 01:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 01:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-11 01:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 01:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 01:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 01:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-27 08:28 - 2011-10-26 00:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-05-04 03:06 - 2012-06-12 15:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-12 15:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-12 15:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-03 01:30 - 2012-05-03 01:30 - 00025088 ____A C:\Users\anyone\Downloads\Book List.dat

2012-05-03 01:21 - 2012-04-14 09:12 - 00000113 ____A C:\Users\anyone\Desktop\tags.txt

2012-04-30 21:40 - 2012-06-12 15:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-27 19:55 - 2012-06-12 15:59 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 21:41 - 2012-06-12 16:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-12 16:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-12 16:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-24 15:06 - 2012-04-24 15:06 - 00001013 ____A C:\Users\anyone\Downloads\salem-pdx.jnlp

2012-04-23 21:37 - 2012-06-12 15:59 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-12 15:59 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-12 15:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-12 15:59 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-12 15:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-12 15:59 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-04-20 23:06 - 2012-03-26 06:54 - 00000439 ____A C:\Users\anyone\Documents\paisley.txt

2012-04-16 21:31 - 2012-06-12 16:00 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-04-16 20:34 - 2012-06-12 16:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

ZeroAccess:

C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}

C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L

C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U

ZeroAccess:

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%

Total physical RAM: 5941.61 MB

Available physical RAM: 5138.4 MB

Total Pagefile: 5939.76 MB

Available Pagefile: 5133.82 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:123.74 GB) (Free:11.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:25.01 GB) (Free:3.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

5 Drive h: () (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 Online 1886 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 123 GB 200 MB

Partition 3 Primary 25 GB 123 GB

Partition 4 Primary 102 MB 148 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 123 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 25 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1884 MB 67 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H FAT Removable 1884 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 08:13

======================= End Of Log ==========================

Share this post


Link to post
Share on other sites

OK, here you go......

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}
C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L
C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U
C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}
C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@
C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L
C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01

Ran by SYSTEM at 2012-07-14 11:27:11 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} moved successfully.

C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L not found.

C:\Windows\Installer\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U not found.

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383} moved successfully.

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\@ not found.

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\L not found.

C:\Users\Denzel\AppData\Local\{3dabc29e-8c3c-17d2-4621-c9d3900bc383}\U not found.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Looks Good...Well Done :)

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

"The scan completed successfully. No malicious items were detected."

You have been SUCH a huge help! No problems so far, thank you so much.

Share this post


Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.