Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads playing in backround! Trojan.Dropper.BC.Miner


  • This topic is locked This topic is locked
2 replies to this topic

#1 nickos2250

nickos2250

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 09 June 2012 - 04:05 AM

Hi guys,

I've had this incedribly annoying problem for week now.

the symptom is that I hear sound of random ads playing in the background off and on, also my firewall is shut down and windows defender i think this has to do with my (BDE) being overrided I have used malwarebytes and it has detected a virus

(Trojan.Dropper.BC.Miner) Files Detected: 1
C:\Windows\Installer\{4dc3e749-1139-8c27-6465-ebe45b772472}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
JUMP TO LOCATION
Files relating: 80000064.@ 80000032.@ 80000000.@ 00000008.@ 00000004.@ 000000cb.@

however when i try to remove it and restart it comes right back every single time!

i am not sure how to create a new restore point but i have however taken recent files and put them on my flash drive also i already have the replacement "reg files" as follows Firewall-Repair-Windows-7, BFE-Repair-Windows-7, wscsvc and WinDefend, but have had troubles making them work.



I have run the DDS as i have seen it requested in another forum i thought it would help to make it easier
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by a at 18:34:05 on 2012-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.3764 [GMT 10:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\FlashPlayerApp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = bigprox.com:42141
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Google Update] "C:\Users\a.User-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DU Meter] "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart
uRun: [wboapi] rundll32.exe "C:\Users\a.User-PC\AppData\Roaming\wboapi.dll",SteamGameServer_RunCallbacks
uRun: [ogecs] "C:\Windows\System32\rundll32.exe" "C:\Users\a.User-PC\AppData\Roaming\ogecs.dll",LoadPRTBufferFromFileA
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\AED36~1.USE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://interpub-shepherdsbush.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{07C3CD1F-2CD3-4E99-B915-4C49F8A10906} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 wowovups;wowovups;C:\Windows\system32\DRIVERS\wowovups.sys --> C:\Windows\system32\DRIVERS\wowovups.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257224]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 NTIOLib_1_0_8;NTIOLib_1_0_8;C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-1-27 11888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-09 08:19:52 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{3CAAD3E5-5EED-4479-B314-8E69D3503934}
2012-06-09 06:08:08 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{58E14454-55F7-49ED-9E16-32894DF30218}
2012-06-09 06:07:56 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{8F789636-80BD-4E22-BF01-31E4979DF4D2}
2012-06-09 05:55:13 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{9ABAA717-054F-4076-A4DF-AC1549FC6466}
2012-06-09 05:55:02 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{56E3BCAD-8226-4464-B999-4DC5F26D3A83}
2012-06-08 15:16:09 -------- d-----w- C:\Users\a.User-PC\AppData\Roaming\EurekaLog
2012-06-08 15:15:12 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{626E7917-B6A7-4DEA-A38B-12D87D78078E}
2012-06-08 15:14:58 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{B999FD59-9383-470C-B862-849CC947D85A}
2012-06-08 15:08:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-07 22:51:29 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{4EC6292B-B0F3-11E1-8270-B8AC6F996F26}
2012-06-07 22:51:25 320512 ----a-w- C:\Users\a.User-PC\AppData\Roaming\ogecs.dll
2012-06-07 22:50:51 118272 ----a-w- C:\Users\a.User-PC\AppData\Roaming\wboapi.dll
2012-06-07 15:15:54 -------- d-----w- C:\ProgramData\Hagel Technologies
2012-06-07 15:15:52 -------- d-----w- C:\Program Files (x86)\DU Meter
2012-06-07 08:59:43 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{EC5B02B5-B3D5-4E99-ADCB-C4AC92D29978}
2012-06-05 13:25:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-05 13:25:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-05 10:55:39 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-06-05 10:54:09 -------- d-----w- C:\Users\a.User-PC\AppData\Roaming\BitTorrent
2012-05-31 16:57:47 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{6E2C759D-A73C-4A88-8543-286A4FE2ECE7}
2012-05-29 13:21:51 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{4538ED53-9B9D-45CB-A66B-1702BF2067D3}
2012-05-23 17:59:16 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{C9428982-1560-4ACE-88C4-4440BCC99D6F}
2012-05-22 11:13:18 -------- d-----w- C:\Users\a.User-PC\AppData\Local\{6FFC941D-A3D1-4A4B-B1A3-99A7CD012756}
2012-05-13 08:03:27 505104 ----a-r- C:\Windows\SysWow64\msxml.dll
2012-05-13 08:03:26 115016 ----a-r- C:\Windows\SysWow64\MSINET.OCX
2012-05-13 08:03:25 89360 ----a-r- C:\Windows\SysWow64\VB5DB.DLL
2012-05-13 08:03:25 69632 ----a-r- C:\Windows\SysWow64\xmltok.dll
2012-05-13 08:03:25 36864 ----a-r- C:\Windows\SysWow64\xmlparse.dll
2012-05-13 08:03:25 35840 ----a-r- C:\Windows\SysWow64\comdlg32.oca
2012-05-13 08:03:25 29184 ----a-r- C:\Windows\SysWow64\MSINET.oca
2012-05-13 08:03:25 28432 ----a-r- C:\Windows\SysWow64\msxmlr.dll
2012-05-13 08:03:25 26096 ----a-r- C:\Windows\SysWow64\xmlinst.exe
2012-05-13 08:03:25 24576 ----a-r- C:\Windows\SysWow64\msxml3a.dll
2012-05-13 08:03:25 140488 ----a-r- C:\Windows\SysWow64\comdlg32.ocx
2012-05-13 08:00:36 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-05-13 08:00:36 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-05-13 08:00:36 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-05-13 08:00:36 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-05-13 08:00:36 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-05-13 08:00:28 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-05-13 08:00:28 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
.
==================== Find3M ====================
.
2012-04-04 05:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-22 14:42:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-22 14:42:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
.
============= FINISH: 18:34:55.85 ===============

Also i have downloaded Rootkit Unhooker Saved it to desktop double clicked and recived following error message

Sorry, but unhandled exception has occured program will be treminated
exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

Error log generated, please report to developers



I hope we can get this sorted out and i might add i am so gratfull that there is real help out there from such a great orgaization as this.

Many many thanks will be attentivly waiting for reply!

Nick

Edited by hamluis, 09 June 2012 - 07:34 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:38 PM

Posted 09 June 2012 - 07:50 AM

Hi,

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Edited by CatByte, 09 June 2012 - 07:50 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:38 PM

Posted 12 June 2012 - 04:44 PM

user is being helped here

http://forums.malwarebytes.org/index.php?showtopic=110901&view=findpost&p=558891

this thread will be closed

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users