4 replies to this topic

[sovereign110]

Earlier today I tried to get rid of it myself by running Malwarebytes, Spybot, CCleaner, and removing some suspicious things I found in HijackThis. However the problem still exists, and for some odd reason I'm having trouble connecting to certain game servers online all of a sudden (despite browsing/netflix/etc working, albeit slowly). Hopefully I didn't screw something up, but I guess getting rid of this damn BCMiner thing is a good first step.

I'm running NoScript in Firefox which seems to block any popups or redirects it tries, but my browsing is still very slow and stalls every once in awhile. Malwarebytes continuously tells me that BCMiner is there despite attempting to have the program fix it multiple times. Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Aaron at 3:04:58 on 2012-07-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4009.2047 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1682\Blizzard Launcher.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9C537B7C-9418-4257-A95C-762BC6E0637E} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\z91j0h7e.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-26 1153368]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-9 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-09 04:12:59 -------- d-----w- C:\Windows\pss
2012-07-09 04:06:42 388096 ----a-r- C:\Users\Aaron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-09 04:06:42 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-09 03:13:37 -------- d-----w- C:\Users\Aaron\AppData\Local\Google
2012-07-09 01:52:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-08 21:11:47 -------- d-----w- C:\Users\Aaron\AppData\Local\{EC004592-0BD6-4FDD-96BB-99F21DD91612}
2012-07-08 21:11:36 -------- d-----w- C:\Users\Aaron\AppData\Local\{771DC8C7-28EB-4635-B18D-354AF1BA895C}
2012-07-08 09:11:11 -------- d-----w- C:\Users\Aaron\AppData\Local\{6000A956-6448-41BB-A1F6-2DC4679F6132}
2012-07-07 21:10:48 -------- d-----w- C:\Users\Aaron\AppData\Local\{0CD06AA1-782D-49AD-B29E-E040760B0A80}
2012-07-07 21:10:38 -------- d-----w- C:\Users\Aaron\AppData\Local\{AC6A266D-10D2-4760-B129-A575E6AC73C2}
2012-07-06 20:20:57 -------- d-----w- C:\Users\Aaron\AppData\Local\{78EB1D40-7BD7-4022-83DE-0BE5DA808D4F}
2012-07-06 20:20:47 -------- d-----w- C:\Users\Aaron\AppData\Local\{ED426200-1B0F-4875-B5FD-17415D95AA52}
2012-07-06 08:20:23 -------- d-----w- C:\Users\Aaron\AppData\Local\{94DF88EA-84F9-4906-BB57-3F5B3D2FEBE0}
2012-07-06 08:20:13 -------- d-----w- C:\Users\Aaron\AppData\Local\{8228EEC2-C0E4-4EEE-A679-F101B3AD55E1}
2012-07-05 20:19:48 -------- d-----w- C:\Users\Aaron\AppData\Local\{02B6D767-599F-4A18-849B-A73FB5DFBCE7}
2012-07-05 20:19:37 -------- d-----w- C:\Users\Aaron\AppData\Local\{C55251AD-9281-4B56-A427-AC41652A5709}
2012-07-05 07:28:44 -------- d-----w- C:\Users\Aaron\AppData\Local\{90C80254-0878-4527-AC5B-5F0AA63CBDC2}
2012-07-05 07:28:34 -------- d-----w- C:\Users\Aaron\AppData\Local\{5D03B369-FEFB-45BE-A193-38C6F16BD04C}
2012-07-04 19:28:11 -------- d-----w- C:\Users\Aaron\AppData\Local\{A1D06B02-A132-4015-867A-C717E2385386}
2012-07-04 19:28:00 -------- d-----w- C:\Users\Aaron\AppData\Local\{6FC9B32D-C12F-4AFC-B2C4-7F097E3B04B3}
2012-07-04 07:27:37 -------- d-----w- C:\Users\Aaron\AppData\Local\{AC5521DC-1A46-40CC-B245-F61B2E6B5DD0}
2012-07-04 07:27:26 -------- d-----w- C:\Users\Aaron\AppData\Local\{C9972C5D-C154-4F57-A344-16C9F9336AB3}
2012-07-03 19:27:02 -------- d-----w- C:\Users\Aaron\AppData\Local\{BCFC3293-BBD8-4AF1-9D65-4CFFB77C0197}
2012-07-03 19:26:52 -------- d-----w- C:\Users\Aaron\AppData\Local\{93B43D56-C1EB-4039-9E6B-B60612263E99}
2012-07-03 07:26:28 -------- d-----w- C:\Users\Aaron\AppData\Local\{1D2496FB-D811-455A-8087-B181A04B2F7F}
2012-07-03 06:34:45 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Enterbrain
2012-07-03 06:33:08 -------- d-----w- C:\Program Files (x86)\RPG Maker VX Ace
2012-07-03 06:32:07 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain
2012-07-02 19:26:05 -------- d-----w- C:\Users\Aaron\AppData\Local\{6F94F70E-0CA2-4427-9EF1-EB1C95A3FA57}
2012-07-02 19:25:55 -------- d-----w- C:\Users\Aaron\AppData\Local\{8EBF9696-C813-4DEF-A762-6391AC671F62}
2012-07-01 23:28:13 -------- d-----w- C:\Users\Aaron\AppData\Local\{88EBCC60-03D3-4638-BE15-2EFBD66594B8}
2012-07-01 23:28:02 -------- d-----w- C:\Users\Aaron\AppData\Local\{C722A6EB-5DB6-43B8-A457-7A40B9D6AE20}
2012-07-01 09:47:15 -------- d-----w- C:\Users\Aaron\AppData\Local\{A1656A96-15F8-412F-9FB2-379CCBDDE9F4}
2012-07-01 09:46:53 -------- d-----w- C:\Users\Aaron\AppData\Local\{C028324B-D724-4946-9184-22F21056D397}
2012-06-30 20:16:21 -------- d-----w- C:\Users\Aaron\AppData\Local\{BBD40751-0507-48D8-8B20-4FF3DBE2AAE3}
2012-06-30 20:16:00 -------- d-----w- C:\Users\Aaron\AppData\Local\{138D64D1-A26E-4EE1-ACC0-3879604455A3}
2012-06-30 08:15:36 -------- d-----w- C:\Users\Aaron\AppData\Local\{1EBE1552-9834-4003-8B5A-3FE718F3B32B}
2012-06-30 08:15:15 -------- d-----w- C:\Users\Aaron\AppData\Local\{E12FAFFE-4158-4AF3-82CF-66869148023F}
2012-06-29 20:14:51 -------- d-----w- C:\Users\Aaron\AppData\Local\{02140553-D945-423B-A4F4-72503C740FB9}
2012-06-29 20:14:23 -------- d-----w- C:\Users\Aaron\AppData\Local\{5179C104-8424-4773-BDB6-DA5CBF9D9246}
2012-06-29 07:28:32 -------- d-----w- C:\Users\Aaron\AppData\Local\{6849CC48-105C-4979-AB15-C583BCDF582F}
2012-06-28 19:27:59 -------- d-----w- C:\Users\Aaron\AppData\Local\{551F0FB2-8CAB-40F9-9BF3-F4269B7B2DDC}
2012-06-28 19:27:38 -------- d-----w- C:\Users\Aaron\AppData\Local\{8D0EABA5-DCF9-4A36-B6D7-24D9BFB5C305}
2012-06-28 07:27:14 -------- d-----w- C:\Users\Aaron\AppData\Local\{4A3ACBDB-1F2B-4418-B5F0-3E78DECB8950}
2012-06-27 19:26:42 -------- d-----w- C:\Users\Aaron\AppData\Local\{F3F7DCB1-3671-4909-8F63-0A881FB14CA5}
2012-06-27 19:26:20 -------- d-----w- C:\Users\Aaron\AppData\Local\{FE07E13A-4B15-4301-B8AB-9EB08A52CAA1}
2012-06-27 07:25:56 -------- d-----w- C:\Users\Aaron\AppData\Local\{80771EC0-4DE7-4545-8C00-43FD543B56BE}
2012-06-27 07:25:35 -------- d-----w- C:\Users\Aaron\AppData\Local\{C8DEAFA0-4504-493A-9817-FC753E0C6BD4}
2012-06-26 19:25:11 -------- d-----w- C:\Users\Aaron\AppData\Local\{047F3232-1BC0-4F76-A1A9-ED91C408D10D}
2012-06-26 19:24:49 -------- d-----w- C:\Users\Aaron\AppData\Local\{E53D09E9-F103-42EA-873D-DE24249BF3F7}
2012-06-26 07:24:24 -------- d-----w- C:\Users\Aaron\AppData\Local\{BF4CAD14-C84D-4588-8ED9-B16B7703C05C}
2012-06-26 07:24:02 -------- d-----w- C:\Users\Aaron\AppData\Local\{A1BC07A6-B8E0-4DF3-B77E-773A268E1E4D}
2012-06-25 19:23:51 -------- d-----w- C:\Users\Aaron\AppData\Local\{28497EDE-B362-4509-8D06-96FFD4F3ED9A}
2012-06-25 19:23:30 -------- d-----w- C:\Users\Aaron\AppData\Local\{27909C20-190B-4EEC-8AA2-98B67F6BEEF9}
2012-06-25 07:23:06 -------- d-----w- C:\Users\Aaron\AppData\Local\{478E097D-F89E-4883-98FD-F7EAB7714287}
2012-06-25 07:22:44 -------- d-----w- C:\Users\Aaron\AppData\Local\{A7E72E41-331C-400E-B804-704BC7568692}
2012-06-24 19:22:19 -------- d-----w- C:\Users\Aaron\AppData\Local\{A9E4F8C1-CD36-4C8F-81A2-54D143C11E9D}
2012-06-24 19:22:09 -------- d-----w- C:\Users\Aaron\AppData\Local\{46BB174E-2CEB-4317-B63B-E75B3B90D5E0}
2012-06-24 06:55:42 -------- d-----w- C:\Users\Aaron\AppData\Local\{F1579034-70DD-48FD-9A1F-7DB9042050E2}
2012-06-24 06:55:20 -------- d-----w- C:\Users\Aaron\AppData\Local\{6D0EE092-F712-41CE-95FF-E05E9BAE9A9A}
2012-06-23 18:54:56 -------- d-----w- C:\Users\Aaron\AppData\Local\{D34F99CD-20D0-46D4-A583-379FB4D90E11}
2012-06-23 18:54:34 -------- d-----w- C:\Users\Aaron\AppData\Local\{55266839-087F-4900-95D3-D4E48301D452}
2012-06-23 06:54:10 -------- d-----w- C:\Users\Aaron\AppData\Local\{52D77AA5-7A6C-4271-BF3C-F11EA5C3CCE7}
2012-06-23 06:53:48 -------- d-----w- C:\Users\Aaron\AppData\Local\{9B084807-9897-4370-A081-3563DC82BEAA}
2012-06-22 18:53:24 -------- d-----w- C:\Users\Aaron\AppData\Local\{0C67BAD5-2AA1-4533-83D4-6D6150A7E724}
2012-06-22 18:53:13 -------- d-----w- C:\Users\Aaron\AppData\Local\{E523B725-0581-4B8F-AAE4-C2A19E72D878}
2012-06-21 21:18:01 -------- d-----w- C:\Users\Aaron\AppData\Local\{19891782-73CC-4438-B331-A92BFD247B80}
2012-06-21 21:17:51 -------- d-----w- C:\Users\Aaron\AppData\Local\{FB21FE84-B59C-4900-AB1A-1A4BF76F3B3F}
2012-06-21 21:12:48 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-21 21:10:50 -------- d-----w- C:\Users\Aaron\AppData\Local\Windows Live
2012-06-21 21:10:48 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-06-13 17:55:39 -------- d-----w- C:\Users\Aaron\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-06-13 17:48:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 17:48:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-26 20:04:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-26 20:04:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-05 19:10:51 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 17:44:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 3:05:29.84 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2011 7:40:05 AM
System Uptime: 7/9/2012 2:40:51 AM (1 hours ago)
.
Motherboard: ASRock | | Z68 Pro3
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 607.765 GiB free.
D: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\5&12ECD8CD&0&0100E4
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\5&12ECD8CD&0&0100E4
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_1C3A1849&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_1C3A1849&REV_04\3&11583659&0&B0
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_1C221849&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_1C221849&REV_05\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP130: 6/21/2012 4:11:19 PM - Windows Live Essentials
RP131: 6/21/2012 4:12:25 PM - WLSetup
RP132: 7/2/2012 4:11:04 AM - Removed LogMeIn Hamachi
RP133: 7/2/2012 11:43:27 PM - Installed DirectX
RP134: 7/7/2012 5:34:28 PM - Removed Adventure Tools.
RP135: 7/7/2012 5:35:43 PM - Removed Character Builder.
RP136: 7/8/2012 11:06:20 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Audiosurf
Bastion
Borderlands
Breath of Death VII
Bulletstorm
CDBurnerXP
Cthulhu Saves the World
Curse Client
D3DX10
DAEMON Tools Lite
Dark Messiah Might and Magic Multi-Player
Dark Messiah Might and Magic Single Player
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo II
Diablo III
Divinity II - The Dragon Knight Saga
DJ_AIO_05_F4400_Software_Min
DJ_SF_06_D1600_SW_Min
Dota 2
Dungeon Defenders
Dungeons of Dredmor
DX-Ball 1.09
ePSXe 1.7.0
Etron USB3.0 Host Controller
EVGA Precision 2.0.0
Fallout: New Vegas
FCEUX 2.1.5
foobar2000 v1.1.7
FrostWire 4.21.8
Gratuitous Space Battles
HiJackThis
ImgBurn
Java Auto Updater
Java™ 6 Update 31
Just Cause 2
Kega Fusion 3.64
Killing Floor
Left 4 Dead 2
LIMBO
Magic Set Editor 2.0.0
Magic Workstation 0.94f
Magic: The Gathering — Duels of the Planeswalkers 2012
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect 2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
mIRC
Mount & Blade: Warband
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTG GamePack for Magic Workstation
Nox
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NX Client for Windows 3.5.0-7
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
Penumbra: Black Plague
Penumbra: Overture
Penumbra: Requiem
Portal 2
Power Tab Editor 1.7
Prince of Persia: The Two Thrones
Prince of Persia: Warrior Within
Project64 1.6
Realtek Ethernet Controller Driver
RPG MAKER VX Ace RTP
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Spotify
Spybot - Search & Destroy
Steam
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
Titan Quest
Titan Quest Immortal Throne
Toolbox
Torchlight
Total War: SHOGUN 2
Trine
Unreal Tournament 2004
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VBA-M 1022
VLC media player 1.1.10
Warcraft III
Warcraft III: All Products
WBFS Manager 3.0
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Goo
World of Warcraft
ZSNESw 1.51
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 2:42:35 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/9/2012 2:42:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/9/2012 2:41:12 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/9/2012 2:41:09 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
7/9/2012 2:41:09 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/9/2012 2:41:09 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/9/2012 12:12:54 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/9/2012 1:16:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
7/9/2012 1:16:31 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/8/2012 11:58:20 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 11:58:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/8/2012 11:58:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/8/2012 11:54:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/8/2012 11:54:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/8/2012 11:54:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/8/2012 11:54:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/8/2012 11:54:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/8/2012 11:54:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/8/2012 11:54:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/8/2012 11:54:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/2/2012 4:12:59 AM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

[Maniac]

Hello sovereign110 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall FrostWire 4.21.8


Step 2

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[sovereign110]

In that case I think I'll just reformat. If I disconnect my PC from the internet, would it be safe to save some stuff onto a USB drive so I can still have it after the reformat? Or is it safer just to wipe everything and start clean?

[Maniac]

If you don't have anything so important in this the best practice is to start clean, but if you want to transfer some files and folders, use this tool to immunize your USB flash drive:
http://www.pandasecu...ads/usbvaccine/

Also, after format some malware prevention tips:
http://forums.malwar...=0


Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!