Jump to content

Infected with Trojan.Dropper.BCMiner and Rootkit.0Access


Recommended Posts

Hi,

I'm infected with two kind of Malwares: Trojan.Dropper.BCMiner and Rootkit.0Access

I found out that there were some infections because Internet Explorer didn't start anymore!

After using Malware Anti-Malware Internet Explorer did work again, only Malwarebytes keeps on finding the Trojan.Dropper.BCMiner infection!

Question, how can I remove the BCMiner infection? Should I be worried about the Rootkit.0Access?

I have no idea how to forward from this point on, that is the reason I post here, I really hope you can help me??

[/size][/font][/color][color=#222222][font=Calibri][size=2]
Malwarebytes Anti-Malware 1.62.0.1300[/size][/font][/color][color=#222222][font=Calibri][size=2]
[url="http://www.malwarebytes.org/"]www.malwarebytes.org[/url][/size][/font][/color][color=#222222][font=Calibri][size=2]
Databaseversie: v2012.07.26.14[/size][/font][/color][color=#222222][font=Calibri][size=2]
Windows 7 Service Pack 1 x64 NTFS[/size][/font][/color][color=#222222][font=Calibri][size=2]
Internet Explorer 9.0.8112.16421[/size][/font][/color][color=#222222][font=Calibri][size=2]
Charl :: I7 [administrator][/size][/font][/color][color=#222222][font=Calibri][size=2]
26-7-2012 20:35:22[/size][/font][/color][color=#222222][font=Calibri][size=2]
mbam-log-2012-07-26 (20-37-23).txt[/size][/font][/color][color=#222222][font=Calibri][size=2]
Scantype: Snelle scan[/size][/font][/color][color=#222222][font=Calibri][size=2]
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM[/size][/font][/color][color=#222222][font=Calibri][size=2]
Uitgeschakelde scanopties: P2P[/size][/font][/color][color=#222222][font=Calibri][size=2]
Objecten gescand: 253177[/size][/font][/color][color=#222222][font=Calibri][size=2]
Verstreken tijd: 1 minuut/minuten, 2 seconde(n)[/size][/font][/color][color=#222222][font=Calibri][size=2]
Geheugenprocessen gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2]
(Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2]
Geheugenmodulen gedetecteerd: 1[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\Users\Charl\AppData\Roaming\mceli.dll (Trojan.Agent) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
Registersleutels gedetecteerd: 1[/size][/font][/color][color=#222222][font=Calibri][size=2]
HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
Registerwaarden gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2]
(Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2]
Registerdata gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2]
(Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2]
Mappen gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2]
(Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2]
Bestanden gedetecteerd: 8[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\Users\Charl\AppData\Roaming\mceli.dll (Trojan.Agent) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\ProgramData\Windows\msseedir.dll (Trojan.FakeMS) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\Users\Charl\AppData\Local\Temp\SonicWALL\Cache\NESetupM.exe (Rogue.Installer) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\n (Rootkit.0Access) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2]
(einde)[/size][/font][/color][color=#222222][font=Calibri][size=2]

Second scan:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.29.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Charl :: I7 [administrator]
29-7-2012 21:52:44
mbam-log-2012-07-29 (21-52-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254598
Time elapsed: 1 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)

DDS scan result:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Charl at 21:57:33 on 2012-07-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8089.5223 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
D:\Program_Files (x86)\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
D:\Program_Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Charl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Users\Charl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\SysWOW64\mdm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.nl/
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - d:\Program_Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "D:\Program_Files (x86)\Steam\steam.exe" -silent
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [SkyDrive] "C:\Users\Charl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\Charl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Charl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC30.exe
StartupFolder: C:\Users\Charl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://ssl2.uitkomst.nl/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: DhcpNameServer = 172.16.0.10 195.241.77.55 195.241.77.58
TCP: Interfaces\{3879A0CF-5B62-438C-9DDF-56BBD13EF8BD} : DhcpNameServer = 172.16.0.10 195.241.77.55 195.241.77.58
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(standaard)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2011-9-20 29568]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-9-18 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592]
R2 ftpsvc;Microsoft FTP-service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-14 20992]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-6 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-31 66560]
R2 NoIPDUCService3;No-IP DUC Service;C:\Program Files (x86)\No-IP\DUC30.exe -service --> C:\Program Files (x86)\No-IP\DUC30.exe -service [?]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2012-6-28 2169056]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-10-11 102752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys --> C:\Windows\system32\DRIVERS\lgx64gps.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program_Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;D:\Program_Files (x86)\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-29 18:41:33 -------- d-----w- C:\TDSSStarter
2012-07-29 10:34:51 -------- d-----w- C:\Users\Charl\AppData\Local\{BB4234D1-C36F-4341-BB52-EAA5ABB13416}
2012-07-29 10:34:41 -------- d-----w- C:\Users\Charl\AppData\Local\{8C544BE1-01D7-47EA-B53C-06DCE68F36AE}
2012-07-28 10:13:54 -------- d-----w- C:\Users\Charl\AppData\Local\{360FCF4E-B031-4C80-B873-511147AB6F3E}
2012-07-28 10:13:44 -------- d-----w- C:\Users\Charl\AppData\Local\{2880DB89-88A6-4569-A264-05748756D9C9}
2012-07-27 22:13:20 -------- d-----w- C:\Users\Charl\AppData\Local\{809B5FD7-7BAB-4793-BB2F-F59A50C69984}
2012-07-27 22:13:11 -------- d-----w- C:\Users\Charl\AppData\Local\{A4A376E2-8305-4120-8A36-874AFD70C93D}
2012-07-27 10:12:59 -------- d-----w- C:\Users\Charl\AppData\Local\{B7EB355C-AE43-44BB-AB4D-E708C6B7222D}
2012-07-27 10:12:50 -------- d-----w- C:\Users\Charl\AppData\Local\{EA88CCDA-8E77-4061-AFB8-8F4BB47DD424}
2012-07-26 22:12:26 -------- d-----w- C:\Users\Charl\AppData\Local\{AFCAE0CF-8EAC-4CD8-82B3-8400C16A0C37}
2012-07-26 22:12:17 -------- d-----w- C:\Users\Charl\AppData\Local\{7EE33153-9667-4EAB-AF62-587BDC609FED}
2012-07-26 18:52:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-26 18:30:04 -------- d-----w- C:\Users\Charl\AppData\Roaming\xsecva
2012-07-26 18:05:40 -------- d-----w- C:\ProgramData\Windows
2012-07-26 10:11:53 -------- d-----w- C:\Users\Charl\AppData\Local\{0E0BF657-34FF-4027-9FD3-D5E050F5003C}
2012-07-26 10:11:44 -------- d-----w- C:\Users\Charl\AppData\Local\{099B1222-672E-4892-8DAD-01D3B8C7EDF4}
2012-07-26 09:13:33 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D5334D-B9A8-4B76-9FDF-C56061115D11}\mpengine.dll
2012-07-25 22:11:19 -------- d-----w- C:\Users\Charl\AppData\Local\{DC1BB44B-1CF5-443C-B69B-0CFBC2A486AE}
2012-07-25 10:10:58 -------- d-----w- C:\Users\Charl\AppData\Local\{F87C1C42-22F4-4B6D-9C6C-5DDB9C8B9440}
2012-07-25 10:10:48 -------- d-----w- C:\Users\Charl\AppData\Local\{1488AFB1-C621-4A10-B312-2871C59181E3}
2012-07-25 08:12:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 22:10:24 -------- d-----w- C:\Users\Charl\AppData\Local\{C8F85AA5-726C-4713-873A-0B49D9B04EF1}
2012-07-24 22:10:14 -------- d-----w- C:\Users\Charl\AppData\Local\{80C90CD6-B2B3-45C4-B657-0E263890D55A}
2012-07-24 10:10:03 -------- d-----w- C:\Users\Charl\AppData\Local\{CD991D6F-2A04-4A29-8DCF-688DAA7CBCC9}
2012-07-24 10:09:53 -------- d-----w- C:\Users\Charl\AppData\Local\{114036CC-A886-4567-89FA-9AE1005845B8}
2012-07-23 22:09:29 -------- d-----w- C:\Users\Charl\AppData\Local\{DBB74D24-8CF7-438C-B28E-E6876760B615}
2012-07-23 22:09:18 -------- d-----w- C:\Users\Charl\AppData\Local\{E2631F7E-C4A3-496B-BDBD-4BDEEDBDEF5C}
2012-07-23 10:09:07 -------- d-----w- C:\Users\Charl\AppData\Local\{2185122B-F3AF-4FC4-8BBE-35A6F92C2CEF}
2012-07-23 10:08:58 -------- d-----w- C:\Users\Charl\AppData\Local\{3C757E2A-8DDC-4ED5-A321-EE16716DB721}
2012-07-22 19:21:53 -------- d-----w- C:\Users\Charl\AppData\Local\{1267BA62-4F63-495E-9E2B-E48B3681D8CF}
2012-07-22 19:21:43 -------- d-----w- C:\Users\Charl\AppData\Local\{BFAEC9E3-F2F9-46EF-A248-2AA19EB54B84}
2012-07-22 07:21:32 -------- d-----w- C:\Users\Charl\AppData\Local\{BE902197-096F-4733-82BB-54C4CABDCC3B}
2012-07-22 07:21:22 -------- d-----w- C:\Users\Charl\AppData\Local\{3C673283-C080-4AB5-B89E-647AEC2C023D}
2012-07-21 13:03:32 -------- d-----w- C:\Users\Charl\AppData\Local\{C346C9D2-4B04-4DD5-BEFC-BEDC6D6757CF}
2012-07-21 13:03:22 -------- d-----w- C:\Users\Charl\AppData\Local\{B2985F47-715A-4E7F-B579-C9D74DC5E7DE}
2012-07-18 12:55:36 -------- d-----w- C:\Users\Charl\AppData\Local\{B96EC8F7-4374-4794-AA48-E457C89B9B37}
2012-07-18 12:55:26 -------- d-----w- C:\Users\Charl\AppData\Local\{66423FF5-8859-474A-B92E-6198D773DD1A}
2012-07-17 13:27:35 -------- d-----w- C:\Users\Charl\AppData\Local\{806354A0-F71C-4966-BFE2-45225827D5BB}
2012-07-16 10:33:15 -------- d-----w- C:\Users\Charl\AppData\Local\{FE34762A-3966-4FED-9221-8AC80BECDB87}
2012-07-16 10:33:06 -------- d-----w- C:\Users\Charl\AppData\Local\{13609A86-D797-4ECE-AEA0-374CA0D52A24}
2012-07-15 04:15:11 -------- d-----w- C:\Users\Charl\AppData\Local\{317E7485-9BAA-4E08-A2DA-636113C141FE}
2012-07-15 04:15:01 -------- d-----w- C:\Users\Charl\AppData\Local\{FF246F1B-FECF-49D6-B12C-5858CC4744DD}
2012-07-14 10:27:35 -------- d-----w- C:\Users\Charl\AppData\Local\{3D75122C-2BC1-4693-B717-F70992F21CDB}
2012-07-14 10:27:25 -------- d-----w- C:\Users\Charl\AppData\Local\{640480E6-7951-4B14-A1F4-7D512D2B2D2A}
2012-07-13 21:23:23 -------- d-----w- C:\Users\Charl\AppData\Local\{08C146C7-786A-489E-AAD1-33AC126B5EB1}
2012-07-13 09:23:02 -------- d-----w- C:\Users\Charl\AppData\Local\{28830C1A-961F-4E72-AA4C-39ACB3BAE5C3}
2012-07-13 09:22:52 -------- d-----w- C:\Users\Charl\AppData\Local\{FB6E8105-FC3E-4CE9-ACAD-2EF1C8AD2F89}
2012-07-12 21:22:28 -------- d-----w- C:\Users\Charl\AppData\Local\{B8FC7D6A-10CD-4F3F-8BE9-FE3DE256643F}
2012-07-12 09:22:07 -------- d-----w- C:\Users\Charl\AppData\Local\{2C6D7EED-ADD7-4197-ADB9-C2584FFB3C8F}
2012-07-12 09:21:57 -------- d-----w- C:\Users\Charl\AppData\Local\{31743456-6941-45E5-AEC4-06364DFCE2BA}
2012-07-11 21:36:38 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 10:49:31 -------- d-----w- C:\Users\Charl\AppData\Local\{789551FB-8206-4CF4-8EF1-D82AB89B6575}
2012-07-11 10:49:20 -------- d-----w- C:\Users\Charl\AppData\Local\{CA5AD31A-F8A4-4C7E-B55E-C00E3C1E39B2}
2012-07-11 10:11:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 10:11:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 10:11:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 10:11:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 10:11:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 10:11:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-10 22:48:56 -------- d-----w- C:\Users\Charl\AppData\Local\{427DBDBF-4070-4B74-8F68-67D95FC95BA4}
2012-07-10 22:48:46 -------- d-----w- C:\Users\Charl\AppData\Local\{6375B89B-D791-457F-9DAE-0004BB1831C6}
2012-07-10 10:48:35 -------- d-----w- C:\Users\Charl\AppData\Local\{D3231C3E-968E-4D31-8D77-B11E5B5837AB}
2012-07-10 10:48:25 -------- d-----w- C:\Users\Charl\AppData\Local\{0EF418F8-153C-4F4F-A3BE-0A9FBF72CCB2}
2012-07-09 22:48:01 -------- d-----w- C:\Users\Charl\AppData\Local\{4B395D58-D578-40CB-9BF9-70C55B1FAF9E}
2012-07-09 22:47:51 -------- d-----w- C:\Users\Charl\AppData\Local\{4948BFD5-B8E8-413E-AC79-05E98FB0F9BA}
2012-07-09 10:47:40 -------- d-----w- C:\Users\Charl\AppData\Local\{A26608A1-6C19-49A4-8A54-459A3073FA98}
2012-07-09 10:47:30 -------- d-----w- C:\Users\Charl\AppData\Local\{A6CFD477-9EB8-4125-B909-44E15EA546A4}
2012-07-08 22:47:10 -------- d-----w- C:\Users\Charl\AppData\Local\{3460C609-7DB4-4846-B82A-F00C7BF014A4}
2012-07-08 22:47:00 -------- d-----w- C:\Users\Charl\AppData\Local\{D9B9B86F-2ED6-4DEF-B4CA-E6761F90C63C}
2012-07-08 10:46:48 -------- d-----w- C:\Users\Charl\AppData\Local\{4C56AC06-1A97-4976-81F0-2F39D553AD87}
2012-07-08 10:46:38 -------- d-----w- C:\Users\Charl\AppData\Local\{1E0C333B-6C2A-4422-AD54-B6561ABD5B10}
2012-07-07 12:21:49 -------- d-----w- C:\Users\Charl\AppData\Local\{CD189737-33B0-4069-A00B-39967245DDE0}
2012-07-07 12:21:39 -------- d-----w- C:\Users\Charl\AppData\Local\{A0AFBA76-3EE8-428D-8C14-50E3AABCB172}
2012-07-06 22:26:05 -------- d-----w- C:\Users\Charl\AppData\Local\{08141B20-FD22-4EC2-BB77-4E3C8BB326B7}
2012-07-06 22:25:54 -------- d-----w- C:\Users\Charl\AppData\Local\{553CD04E-5C2D-4536-8008-92A33389E290}
2012-07-06 10:25:43 -------- d-----w- C:\Users\Charl\AppData\Local\{6D70629E-DCEB-472B-967B-BAB07C5AB7E5}
2012-07-06 10:25:33 -------- d-----w- C:\Users\Charl\AppData\Local\{D0018BD2-5036-4FFB-99B9-7B60F5BD1492}
2012-07-05 22:25:09 -------- d-----w- C:\Users\Charl\AppData\Local\{782B520C-5CFD-4329-BF78-23ACF65291F6}
2012-07-05 10:24:48 -------- d-----w- C:\Users\Charl\AppData\Local\{881FE83B-F30E-499F-9C4E-DAEBDBC22211}
2012-07-05 10:24:38 -------- d-----w- C:\Users\Charl\AppData\Local\{0115ED8F-2BB1-489E-959C-19315F55F654}
2012-07-04 22:24:14 -------- d-----w- C:\Users\Charl\AppData\Local\{54B77F8D-157E-44FE-A684-CB8FB43E9CFF}
2012-07-04 22:24:04 -------- d-----w- C:\Users\Charl\AppData\Local\{084EBAEE-DB6B-4967-8F3E-6431DF0EC185}
2012-07-04 10:23:52 -------- d-----w- C:\Users\Charl\AppData\Local\{54FFACFA-3246-46FC-B089-A1A3C1A389BC}
2012-07-04 10:23:43 -------- d-----w- C:\Users\Charl\AppData\Local\{B0461553-2E31-4B44-9A31-615CF2567EAC}
2012-07-04 00:04:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-04 00:04:25 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-03 22:23:18 -------- d-----w- C:\Users\Charl\AppData\Local\{037E4043-7F9F-4B35-BE36-BFA1C1F5002F}
2012-07-03 22:23:08 -------- d-----w- C:\Users\Charl\AppData\Local\{0FAA343F-890B-4C76-9D40-720B43D70FAD}
2012-07-03 10:22:57 -------- d-----w- C:\Users\Charl\AppData\Local\{BDF5A052-6647-43F5-8840-F597516FC977}
2012-07-03 10:22:47 -------- d-----w- C:\Users\Charl\AppData\Local\{F2D53231-D63B-4EB3-B6AE-FBAB79C41D0C}
2012-07-02 22:22:22 -------- d-----w- C:\Users\Charl\AppData\Local\{AD126AE2-1D78-4B71-8E82-C51E140C2A89}
2012-07-02 22:22:12 -------- d-----w- C:\Users\Charl\AppData\Local\{0AF42034-2BCD-49C3-A212-1C3EF99EA7C9}
2012-07-02 21:32:53 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-02 20:39:31 -------- d-----w- C:\Users\Charl\AppData\Local\PunkBuster
2012-07-02 20:39:31 -------- d-----w- C:\Users\Charl\AppData\Local\CrashRpt
2012-07-02 20:38:16 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-02 20:38:16 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-02 20:38:16 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-07-02 20:38:15 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-02 10:22:01 -------- d-----w- C:\Users\Charl\AppData\Local\{9DFD863D-FE7C-48F8-8BDC-13E76F22DF22}
2012-07-02 10:21:51 -------- d-----w- C:\Users\Charl\AppData\Local\{2BE54875-5EA2-41E5-890A-5CFF618D75B0}
2012-07-01 22:21:30 -------- d-----w- C:\Users\Charl\AppData\Local\{DFA4121A-A474-4433-A906-4B8A9D7A0E04}
2012-07-01 22:21:20 -------- d-----w- C:\Users\Charl\AppData\Local\{2DB41D81-8D83-40BB-83ED-EE90FD751663}
2012-07-01 10:21:09 -------- d-----w- C:\Users\Charl\AppData\Local\{7D6A70E3-40FF-49C9-9F0F-1247C97E6BC0}
2012-07-01 10:20:59 -------- d-----w- C:\Users\Charl\AppData\Local\{5B44A6F9-94FD-4061-9C6F-4FEB7ED132C0}
2012-06-30 21:35:43 -------- d-----w- C:\Users\Charl\AppData\Local\{40FC26F8-5610-4E01-8990-83B26A103A6D}
2012-06-30 21:35:33 -------- d-----w- C:\Users\Charl\AppData\Local\{AC77BD86-A9AF-4B84-B67C-8B0EB5CC1CBF}
2012-06-30 09:35:22 -------- d-----w- C:\Users\Charl\AppData\Local\{4AE49593-5442-4539-B85D-33CC2A5C77A6}
2012-06-30 09:35:11 -------- d-----w- C:\Users\Charl\AppData\Local\{1B7E3D8B-2CAB-48A5-8635-EBCA1140C8B2}
2012-06-29 21:32:26 -------- d-----w- C:\Users\Charl\AppData\Local\{0608F0EA-F1F7-46AC-A633-45D4A69F5EC3}
2012-06-29 21:32:16 -------- d-----w- C:\Users\Charl\AppData\Local\{A52BB15E-5FE6-4F50-9BFE-84654DAD9A19}
.
==================== Find3M ====================
.
2012-07-27 21:02:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 21:02:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-14 08:56:23 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-04 22:28:01 4046560 ----a-w- C:\Windows\PE_Rom.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-29 12:15:30 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys
2012-05-29 12:15:30 26112 ----a-w- C:\Windows\System32\vncmirror.dll
2012-05-28 12:59:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-28 12:59:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 21:57:42,45 ===============

Thanks in advance!!

Link to post
Share on other sites

Welcome to the forum.

Please don't put your replies in code or quotes > just post them using the default settings!!

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

---------------------------------------

Then........

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.