dropper.bcminer

bmur · August 15, 2012

Seem to have some sort of Redirect Trojan. Malwarebytes detects it but is unable to remove it. I appreciate any assistance you can provide!

Roguekiller and FRST64 logs below..

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

brennan :: BRENNAN-PC [administrator]

7/24/2012 7:34:04 PM

mbam-log-2012-07-24 (19-34-04).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 188387

Time elapsed: 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by brennan at 20:07:49 on 2012-07-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6538 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ASRock\XFast LAN\cfosspeed.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\XFastUsb\XFastUsb.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [ASRockXTU]

uRun: [zASRockInstantBoot]

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Octoshape Streaming Services] "C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

uRun: [F.lux] "C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe" /noshow

mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{CCBA1BC7-03D1-4509-8F93-393E8610B531} : DhcpNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL, C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL, C:\Windows\SysWOW64\nvinit.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\

FF - prefs.js: browser.startup.homepage - www.youtube.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll

FF - plugin: C:\Users\brennan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]

R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-13 2656280]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-23 20:51:38 -------- d-----w- C:\Program Files (x86)\Desktop Restore

2012-07-20 19:29:59 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-12 21:23:23 -------- d-----w- C:\Program Files (x86)\Data Doctor Recovery - SIM Card (Demo)

2012-07-11 02:38:42 -------- d-----w- C:\ProgramData\ManiaPlanet

2012-07-11 02:38:42 -------- d-----w- C:\Program Files (x86)\ManiaPlanet

2012-07-10 05:44:17 31808 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS

2012-07-10 01:51:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-07-10 01:51:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-03 01:29:24 -------- d-----w- C:\Users\brennan\AppData\Local\Macromedia

2012-06-29 04:26:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-06-28 06:05:33 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-28 06:05:03 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-27 02:25:16 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D04860B6-F1C9-498E-8639-C3368DC29CCF}\mpengine.dll

2012-06-26 04:09:51 -------- d-----w- C:\Users\brennan\AppData\Local\Apps

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-03 00:50:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 00:50:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-11 12:34:14 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-05-05 15:20:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-05 07:27:39 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-05-05 07:27:32 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-05-05 07:27:32 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-05-05 07:23:15 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-05-05 00:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-03 23:43:56 244812 ----a-w- C:\Windows\QLPrism Uninstaller.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 20:08:17.67 ===============

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/13/2012 5:06:52 PM

System Uptime: 7/24/2012 7:50:19 PM (1 hours ago)

.

Motherboard: ASRock | | Z68 Extreme3 Gen3

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | CPUSocket | 1584/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 353.903 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP77: 7/18/2012 11:56:34 PM - Scheduled Checkpoint

RP78: 7/20/2012 2:27:21 PM - Windows Update

RP79: 7/23/2012 3:51:25 PM - Installed Desktop Restore

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9

Asmedia ASM104x USB 3.0 Host Controller Driver

ASRock eXtreme Tuner v0.1.110

ASRock InstantBoot v1.29

Battlefield 3™

Battlefield: Bad Company™ 2

Battlelog Web Plugins

Blacklight: Retribution

Call of Duty: Modern Warfare 3 - Multiplayer

Counter-Strike

Counter-Strike: Global Offensive Beta

Data Doctor Recovery - SIM Card (Demo)

Diablo III

DivX Web Player

Dota 2

ESN Sonar

F.lux

GOM Player

GOMTV Streamer

Heroes of Newerth

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java™ 6 Update 31

Java™ 7 Update 5

JavaFX 2.1.1

Killing Floor

Malwarebytes Anti-Malware version 1.62.0.1300

ManiaPlanet

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Mumble 1.2.3

Need For Speed™ World

NVIDIA PhysX

Octoshape Streaming Services

Origin

PunkBuster Services

QLPrism

Quake Live Mozilla Plugin

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Samsung Kies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.8

Spybot - Search & Destroy

StarCraft II

Steam

Super MNC Invitational

TERA

The Secret World

THX TruStudio

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.762

VLC media player 2.0.1

Winamp

Winamp Detector Plug-in

XFastUsb

.

==== Event Viewer Messages From Past Week ========

.

7/24/2012 8:02:36 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

7/24/2012 7:50:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

.

==== End Of File ===========================

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: brennan [Admin rights]

Mode: Scan -- Date: 08/14/2012 22:26:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\brennan\AppData\Local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\brennan\appdata\local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\brennan\appdata\local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\brennan\appdata\local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] b95c8cc3473f2bddc621a7319366e565

[bSP] b013177a37d549faadc3c40ef54990c7 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 14-08-2012 21:51:05

Running from F:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)

HKLM\...\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)

HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [26624 2011-05-13] (Creative Technology Ltd.)

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)

HKLM-x32\...\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2012-01-13] (FNet Co., Ltd.)

HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909824 2011-05-19] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKU\brennan\...\Run: [ASRockXTU] [x]

HKU\brennan\...\Run: [zASRockInstantBoot] [x]

HKU\brennan\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-13] (Valve Corporation)

HKU\brennan\...\Run: [Octoshape Streaming Services] "C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [70936 2009-01-08] (Octoshape ApS)

HKU\brennan\...\Run: [F.lux] "C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL,C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

2 cFosSpeedS; "C:\Program Files\ASRock\XFast LAN\spd.exe" -service [395136 2011-07-04] (cFos Software GmbH)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-25] ()

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1632128 2011-07-04] (cFos Software GmbH)

3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2012-07-09] (FNet Co., Ltd.)

1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2012-01-13] (FNet Co., Ltd.)

3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()

3 VirtuWDDM; C:\Windows\System32\Drivers\VirtuWDDM.sys [66336 2011-07-07] (Lucidlogix Inc.)

3 ALSysIO; \??\C:\Users\brennan\AppData\Local\Temp\ALSysIO64.sys [x]

4 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-08 18:20 - 2012-08-08 18:39 - 00000000 ____D C:\Users\brennan\AppData\Roaming\ImgBurn

2012-08-08 18:19 - 2012-08-08 18:19 - 00001865 ____A C:\Users\Public\Desktop\ImgBurn.lnk

2012-08-08 18:19 - 2012-08-08 18:19 - 00000000 ____D C:\Program Files (x86)\ImgBurn

2012-08-07 21:08 - 2012-08-07 21:09 - 00000000 ____D C:\Users\brennan\AppData\Roaming\Apple Computer

2012-08-07 21:08 - 2012-08-07 21:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Users\brennan\AppData\Local\Apple Computer

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Users\brennan\AppData\Local\Apple

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Users\All Users\Apple Computer

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Program Files\iTunes

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Program Files\iPod

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-08-07 21:08 - 2012-08-07 21:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2012-08-07 21:08 - 2009-05-18 10:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-08-07 21:08 - 2008-04-17 09:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2012-08-07 21:08 - 2008-04-17 09:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2012-08-07 21:07 - 2012-08-07 21:07 - 00000000 ____D C:\Users\All Users\Apple

2012-08-07 21:07 - 2012-08-07 21:07 - 00000000 ____D C:\Program Files\Common Files\Apple

2012-08-07 21:07 - 2012-08-07 21:07 - 00000000 ____D C:\Program Files\Bonjour

2012-08-07 21:07 - 2012-08-07 21:07 - 00000000 ____D C:\Program Files (x86)\Bonjour

2012-08-07 16:30 - 2012-08-14 18:30 - 00000000 ____D C:\Users\brennan\AppData\Roaming\dvdcss

2012-08-07 15:11 - 2012-08-14 11:16 - 00000000 ____D C:\dvd flick projects

2012-08-07 14:55 - 2012-08-14 12:39 - 00000000 ____D C:\Users\brennan\AppData\Roaming\DVD Flick

2012-08-07 14:55 - 2012-08-07 14:55 - 00001914 ____A C:\Users\brennan\Desktop\DVD Flick.lnk

2012-08-07 14:55 - 2012-08-07 14:55 - 00000000 ____D C:\Program Files (x86)\DVD Flick

2012-08-07 14:55 - 2008-08-31 10:27 - 00028672 ____A (-) C:\Windows\SysWOW64\mousewheel.ocx

2012-08-07 14:55 - 2007-08-31 15:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx

2012-08-07 14:55 - 2004-03-08 21:00 - 01081616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx

2012-08-07 14:55 - 2004-03-08 21:00 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx

2012-08-07 14:55 - 2004-03-08 21:00 - 00609824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx

2012-08-07 14:55 - 2004-03-08 21:00 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx

2012-08-07 14:55 - 2003-01-26 10:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll

2012-08-07 14:55 - 1998-06-23 21:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx

2012-08-06 16:53 - 2012-08-07 14:27 - 00000085 ___SH C:\Users\All Users\.zreglib

2012-08-06 16:51 - 2012-08-06 16:51 - 00001199 ____A C:\Users\Public\Desktop\CloneDVD2.lnk

2012-08-06 16:51 - 2012-08-06 16:51 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes

2012-08-02 20:07 - 2012-08-07 16:28 - 00000000 ____D C:\QLPrism

2012-08-02 20:07 - 2012-08-02 20:07 - 00250534 ____A C:\Windows\QLPrism Uninstaller.exe

2012-08-02 20:07 - 2012-08-02 20:07 - 00001567 ____A C:\Users\Public\Desktop\QLPrism Config Utility.lnk

2012-08-02 20:07 - 2012-08-02 20:07 - 00001478 ____A C:\Users\Public\Desktop\QLPrism.lnk

2012-07-30 20:49 - 2012-08-12 15:41 - 00000000 ____D C:\Music2

2012-07-26 21:49 - 2012-07-26 21:49 - 00000000 ____D C:\FRST

2012-07-25 19:13 - 2012-07-25 19:13 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-07-25 19:13 - 2012-07-24 17:14 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-07-25 00:35 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-07-25 00:35 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-07-25 00:27 - 2012-07-25 00:28 - 00000043 ____A C:\Users\brennan\Desktop\stuff to do....txt

2012-07-24 18:45 - 2012-07-24 18:45 - 01438391 ____A (Farbar) C:\Users\brennan\Downloads\FRST64.exe

2012-07-24 18:14 - 2012-07-24 18:14 - 00002647 ____A C:\Users\brennan\Desktop\RKreport[1].txt

2012-07-24 18:13 - 2012-07-24 18:14 - 00000000 ____D C:\Users\brennan\Desktop\RK_Quarantine

2012-07-24 18:13 - 2012-07-24 18:13 - 01552384 ____A C:\Users\brennan\Desktop\RogueKiller.exe

2012-07-24 16:46 - 2012-07-24 16:46 - 00607260 ____R (Swearware) C:\Users\brennan\Desktop\dds.com

2012-07-24 15:25 - 2012-08-01 10:58 - 00000293 ____A C:\Users\brennan\Desktop\car q's.txt

2012-07-23 12:51 - 2012-07-23 12:51 - 00336384 ____A C:\Users\brennan\Downloads\DeskInst64.msi

2012-07-23 12:51 - 2012-07-23 12:51 - 00000000 ____D C:\Program Files (x86)\Desktop Restore

2012-07-20 11:29 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-20 11:27 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-20 11:27 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-20 11:27 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-20 11:27 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-20 11:27 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-20 11:27 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-20 11:27 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-20 11:27 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-20 11:27 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-20 11:27 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-20 11:27 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-20 11:27 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-20 11:27 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-20 11:27 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-20 11:27 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-20 11:27 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-20 11:27 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-20 11:27 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-20 11:27 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-20 11:27 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-20 11:27 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-20 11:27 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-20 11:27 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-20 11:27 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-20 11:27 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-20 11:27 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-20 11:27 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-20 11:27 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-20 11:27 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-20 11:27 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-20 11:27 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-20 11:27 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-20 11:27 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-20 11:27 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-20 11:27 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-20 11:27 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-20 11:27 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-20 11:27 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-20 11:27 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-20 11:27 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-20 11:27 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-20 11:27 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-20 11:27 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-20 11:27 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-20 11:27 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-20 11:27 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-20 11:27 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

============ 3 Months Modified Files ========================

2012-08-14 18:44 - 2012-08-14 18:44 - 00000048 ____A C:\Windows\EE8CF7B1BCB80CF6.log

2012-08-14 18:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-14 18:43 - 2009-07-13 20:51 - 00035362 ____A C:\Windows\setupact.log

2012-08-14 18:19 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-13 12:25 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-13 12:25 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-08 18:19 - 2012-08-08 18:19 - 00001865 ____A C:\Users\Public\Desktop\ImgBurn.lnk

2012-08-07 21:08 - 2012-08-07 21:08 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-08-07 14:55 - 2012-08-07 14:55 - 00001914 ____A C:\Users\brennan\Desktop\DVD Flick.lnk

2012-08-07 14:27 - 2012-08-06 16:53 - 00000085 ___SH C:\Users\All Users\.zreglib

2012-08-06 16:51 - 2012-08-06 16:51 - 00001199 ____A C:\Users\Public\Desktop\CloneDVD2.lnk

2012-08-05 19:42 - 2012-06-12 18:07 - 00000584 ____A C:\Users\brennan\Desktop\musics.txt

2012-08-02 20:07 - 2012-08-02 20:07 - 00250534 ____A C:\Windows\QLPrism Uninstaller.exe

2012-08-02 20:07 - 2012-08-02 20:07 - 00001567 ____A C:\Users\Public\Desktop\QLPrism Config Utility.lnk

2012-08-02 20:07 - 2012-08-02 20:07 - 00001478 ____A C:\Users\Public\Desktop\QLPrism.lnk

2012-08-01 10:58 - 2012-07-24 15:25 - 00000293 ____A C:\Users\brennan\Desktop\car q's.txt

2012-07-30 12:54 - 2012-04-29 00:12 - 00000251 ____A C:\Users\brennan\Desktop\funnyshit.txt

2012-07-26 21:30 - 2012-01-13 15:06 - 01308817 ____A C:\Windows\WindowsUpdate.log

2012-07-26 21:28 - 2012-01-13 15:59 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-25 19:23 - 2012-05-04 23:23 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-25 19:23 - 2012-04-30 15:52 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-25 19:23 - 2012-04-30 15:52 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-07-25 19:14 - 2012-04-30 15:52 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-25 00:28 - 2012-07-25 00:27 - 00000043 ____A C:\Users\brennan\Desktop\stuff to do....txt

2012-07-24 18:45 - 2012-07-24 18:45 - 01438391 ____A (Farbar) C:\Users\brennan\Downloads\FRST64.exe

2012-07-24 18:14 - 2012-07-24 18:14 - 00002647 ____A C:\Users\brennan\Desktop\RKreport[1].txt

2012-07-24 18:13 - 2012-07-24 18:13 - 01552384 ____A C:\Users\brennan\Desktop\RogueKiller.exe

2012-07-24 17:14 - 2012-07-25 19:13 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-07-24 16:50 - 2012-01-13 05:03 - 00015298 ____A C:\Windows\PFRO.log

2012-07-24 16:46 - 2012-07-24 16:46 - 00607260 ____R (Swearware) C:\Users\brennan\Desktop\dds.com

2012-07-23 12:51 - 2012-07-23 12:51 - 00336384 ____A C:\Users\brennan\Downloads\DeskInst64.msi

2012-07-20 18:54 - 2009-07-13 20:45 - 00268912 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-20 18:49 - 2012-06-25 21:10 - 00001237 ____A C:\Users\brennan\Desktop\car.txt

2012-07-20 11:28 - 2012-01-13 16:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-19 19:09 - 2012-01-13 16:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-12 22:07 - 2012-01-13 15:08 - 00000721 ____A C:\Users\brennan\Desktop\passwords.txt

2012-07-12 13:23 - 2012-07-12 13:23 - 00001367 ____A C:\Users\brennan\Desktop\Data Doctor Recovery - SIM Card (Demo).lnk

2012-07-12 13:22 - 2012-07-12 13:22 - 02451224 ____A (Pro Data Doctor Pvt. Ltd.) C:\Users\brennan\Downloads\sim-card.exe

2012-07-10 18:38 - 2012-07-10 18:38 - 00001083 ____A C:\Users\Public\Desktop\ManiaPlanet.lnk

2012-07-10 18:36 - 2012-07-10 18:22 - 877373381 ____A C:\Users\brennan\Desktop\ManiaPlanet_Setup-1.bin

2012-07-10 18:22 - 2012-07-10 18:22 - 01147424 ____A (Nadeo ) C:\Users\brennan\Desktop\ManiaPlanet_Setup.exe

2012-07-09 21:44 - 2012-07-09 21:44 - 00031808 ____A (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS

2012-07-09 17:51 - 2012-07-09 17:51 - 00001258 ____A C:\Users\brennan\Desktop\Spybot - Search & Destroy.lnk

2012-07-03 10:46 - 2012-01-13 16:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-02 16:50 - 2012-04-04 04:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-02 16:50 - 2012-01-13 16:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-06-27 22:04 - 2012-03-01 22:02 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-06-27 22:04 - 2012-03-01 22:02 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-06-25 23:02 - 2011-09-16 08:54 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll

2012-06-25 23:02 - 2011-09-16 08:54 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll

2012-06-22 00:41 - 2012-06-22 00:41 - 00001203 ____A C:\Users\Public\Desktop\The Secret World.lnk

2012-06-11 19:08 - 2012-07-20 11:29 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-20 11:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-20 11:27 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-20 11:27 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-20 11:27 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-20 11:27 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-20 11:27 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-20 11:27 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-20 11:27 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-03 23:59 - 2012-07-25 00:35 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-06-03 23:59 - 2012-07-25 00:35 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2012-06-02 14:19 - 2012-06-21 13:58 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 13:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 13:58 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 13:58 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 13:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 13:58 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 13:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 12:19 - 2012-06-21 13:57 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:15 - 2012-06-21 13:57 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-20 11:27 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-20 11:27 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-20 11:27 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-20 11:27 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-20 11:27 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-20 11:27 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-20 11:27 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-20 11:27 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-20 11:27 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-20 11:27 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-20 11:27 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-20 11:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-20 11:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-20 11:27 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-20 11:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-20 11:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-20 11:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-20 11:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-20 11:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-20 11:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-20 11:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-20 11:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-20 11:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-20 11:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-20 11:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-20 11:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-20 11:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-20 11:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-20 11:27 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-20 11:27 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-20 11:27 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-20 11:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-20 11:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-20 11:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-20 11:27 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-20 11:27 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-20 11:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-29 16:26 - 2012-05-29 16:26 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk

2012-05-20 00:46 - 2012-05-20 00:46 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-05-17 19:59 - 2012-01-13 08:50 - 00189563 ____A C:\Windows\DirectX.log

ZeroAccess:

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\00000004.@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\1afb2d56

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\201d3dde

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\55490ac4

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000004.@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000008.@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\000000cb.@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000000.@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000032.@

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000064.@

ZeroAccess:

C:\Users\brennan\AppData\Local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}

C:\Users\brennan\AppData\Local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\@

C:\Users\brennan\AppData\Local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L

C:\Users\brennan\AppData\Local\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8103.53 MB

Available physical RAM: 7323.65 MB

Total Pagefile: 8101.68 MB

Available Pagefile: 7312.65 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:308.51 GB) NTFS

2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

3 Drive f: () (Removable) (Total:0.96 GB) (Free:0.54 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 980 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 980 MB 40 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 980 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 01:18

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-14 21:59:18

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

screen317 · August 15, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

bmur · August 15, 2012

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

brennan :: BRENNAN-PC [administrator]

8/15/2012 2:17:20 PM

WORK..mbam-log-2012-08-15 (14-18-17).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 195920

Time elapsed: 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\000000cb.@ (Rootkit.0Access) -> No action taken.

C:\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

ComboFix 12-08-15.01 - brennan 08/15/2012 14:55:47.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6950 [GMT -5:00]

Running from: c:\users\brennan\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\00000004.@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\1afb2d56

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\201d3dde

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\L\55490ac4

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000004.@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000008.@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\000000cb.@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000000.@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000032.@

c:\windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000064.@

c:\windows\SysWow64\muzapp.exe

.

Infected copy of c:\windows\system32\services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))

.

2012-08-15 20:02 . 2012-08-15 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 02:20 . 2012-08-09 02:39 -------- d-----w- c:\users\brennan\AppData\Roaming\ImgBurn

2012-08-09 02:19 . 2012-08-09 02:19 -------- d-----w- c:\program files (x86)\ImgBurn

2012-08-08 05:07 . 2012-08-08 05:07 -------- d-----w- c:\program files\Common Files\Apple

2012-08-08 05:07 . 2012-08-08 05:07 -------- d-----w- c:\program files\Bonjour

2012-08-08 05:07 . 2012-08-08 05:07 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-08 05:07 . 2012-08-08 05:08 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-08 05:07 . 2012-08-08 05:07 -------- d-----w- c:\programdata\Apple

2012-08-08 00:30 . 2012-08-15 02:30 -------- d-----w- c:\users\brennan\AppData\Roaming\dvdcss

2012-08-07 23:11 . 2012-08-14 19:16 -------- d-----w- C:\dvd flick projects

2012-08-07 22:55 . 2012-08-14 20:39 -------- d-----w- c:\users\brennan\AppData\Roaming\DVD Flick

2012-08-07 22:55 . 2012-08-07 22:55 -------- d-----w- c:\program files (x86)\DVD Flick

2012-08-07 22:55 . 2008-08-31 18:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx

2012-08-07 22:55 . 2007-08-31 23:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx

2012-08-07 22:55 . 2004-03-09 05:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx

2012-08-07 22:55 . 2004-03-09 05:00 609824 ----a-w- c:\windows\SysWow64\comctl32.ocx

2012-08-07 22:55 . 2004-03-09 05:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx

2012-08-07 22:55 . 2004-03-09 05:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx

2012-08-07 22:55 . 2003-01-26 18:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll

2012-08-07 22:55 . 1998-06-24 05:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx

2012-08-07 00:51 . 2012-08-07 00:51 -------- d-----w- c:\program files (x86)\Elaborate Bytes

2012-08-03 04:07 . 2012-08-03 04:07 250534 ----a-w- c:\windows\QLPrism Uninstaller.exe

2012-08-03 04:07 . 2012-08-08 00:28 -------- d-----w- C:\QLPrism

2012-07-31 04:49 . 2012-08-12 23:41 -------- d-----w- C:\Music2

2012-07-27 05:49 . 2012-07-27 05:49 -------- d-----w- C:\FRST

2012-07-27 05:28 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2012-07-26 03:13 . 2012-07-25 01:14 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-07-26 03:13 . 2012-07-26 03:13 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-07-25 08:35 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-07-25 08:35 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-23 20:51 . 2012-07-23 20:51 -------- d-----w- c:\program files (x86)\Desktop Restore

2012-07-20 19:29 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-26 03:23 . 2012-04-30 23:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-26 03:23 . 2012-05-05 07:23 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-26 03:23 . 2012-04-30 23:52 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-26 03:14 . 2012-04-30 23:52 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-20 19:28 . 2012-01-14 00:40 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-10 05:44 . 2012-07-10 05:44 31808 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS

2012-07-03 18:46 . 2012-01-14 00:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 00:50 . 2012-04-04 12:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-03 00:50 . 2012-01-14 00:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-26 07:02 . 2011-09-16 16:54 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 07:02 . 2011-09-16 16:54 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-06-02 22:19 . 2012-06-21 21:58 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 21:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 21:58 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 21:58 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 21:58 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 21:58 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 21:58 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 21:57 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 21:57 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 04:04 . 2012-06-27 02:25 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D04860B6-F1C9-498E-8639-C3368DC29CCF}\mpengine.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-13 1353080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Octoshape Streaming Services"="c:\users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"F.lux"="c:\users\brennan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-01-13 4942336]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]

R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-07-10 31808]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-13 1255736]

R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-01-13 15936]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 ALSysIO;ALSysIO;c:\users\brennan\AppData\Local\Temp\ALSysIO64.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-05 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-05 390632]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-08 66336]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\

FF - prefs.js: browser.startup.homepage - www.youtube.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-ASRockXTU - (no file)

Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-15 16:22:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-15 21:22

.

Pre-Run: 360,928,673,792 bytes free

Post-Run: 361,089,310,720 bytes free

.

- - End Of File - - 16C86363F417590A853686782851E187

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by brennan at 16:25:33 on 2012-08-15

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6434 [GMT -5:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ASRock\XFast LAN\cfosspeed.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\XFastUsb\XFastUsb.exe

C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Octoshape Streaming Services] "C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [F.lux] "C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe" /noshow

mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{CCBA1BC7-03D1-4509-8F93-393E8610B531} : DhcpNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll