Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Josh :: JOSHSCOMPUTER [administrator]

4/10/2012 7:33:26 PM
mbam-log-2012-04-10 (19-33-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 574315
Time elapsed: 3 hour(s), 19 minute(s), 10 second(s)

Memory Processes Detected: 4
C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe (Trojan.RemoteAccess) -> 3104 -> Delete on reboot.
C:\Users\Josh\Documents\DCSCMIN\5s5DJNGCQjwC\IMDCSC.exe (Trojan.RemoteAccess) -> 3132 -> Delete on reboot.
C:\Users\Josh\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> 7004 -> Delete on reboot.
C:\Users\Josh\AppData\Local\Temp\System\igfpers.exe (Trojan.Agent) -> 3900 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DarkComet RAT (Trojan.RemoteAccess) -> Data: C:\Users\Josh\Documents\DCSCMIN\5s5DJNGCQjwC\IMDCSC.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NVIDIA User Experience Driver Component (Trojan.Agent) -> Data: C:\Users\Josh\AppData\Local\Temp\System\igfpers.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Essentials (Trojan.Agent) -> Data: C:\Users\Josh\AppData\Roaming\MsMpEng.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows32 (Trojan.Agent) -> Data: C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\dEdn9jg1imf3\IMDCSC.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) -> Data: C:\Users\Josh\AppData\Roaming\install\server.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Josh\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Users\Josh\AppData\Local\Temp\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Users\Josh\AppData\Local\Temp\HyperCam.exe (PUP.BundleInstaller.BI) -> No action taken.
C:\Users\Josh\Downloads\PCPerformer_GMD_Setup.exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Users\Josh\Downloads\SoftonicDownloader_for_hypercam.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\Josh\Dropbox\Public\RuneDDoS_v1.exe (Trojan.MSIL.Gen) -> No action taken.
C:\Users\Josh\Dropbox\Public\Server.exe (Trojan.Agent) -> No action taken.
C:\Users\Josh\Dropbox\Public\server2.exe (Trojan.MSIL.Gen) -> No action taken.
C:\Users\Josh\Dropbox\Public\Test3.exe (Backdoor.MSIL.PGen) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe (Trojan.RemoteAccess) -> Delete on reboot.
C:\Users\Josh\Documents\DCSCMIN\5s5DJNGCQjwC\IMDCSC.exe (Trojan.RemoteAccess) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$R7N7NDP.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$R91HM9R.exe (Backdoor.Daromec) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RPZG8HQ.exe (Riskware.Tool.BK) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RQUJKAQ.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RZD80AJ.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3286413883-1214276327-3053457543-1001\$RZFFRA8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\RuneDDoS_v1.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Server - Copy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\KayleeSexyphoto - Copy‮gpj.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\KayleeSexyphoto.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\SexyPICCY.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\client.exe (Riskware.Tool.BK) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\data\station.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\Blackshades_4.8\Blackshades_4.8\data\stub.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\HellaIcons\mysexyphoto.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
C:\Users\Josh\Desktop\New Accident Clone Pack\MyPhoto.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
C:\Users\Josh\Documents\DCSCMIN\IMDCSC.exe (Trojan.RemoteAccess) -> Quarantined and deleted successfully.
C:\Users\Josh\Downloads\bot.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\Downloads\FastDownload.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Josh\Downloads\RuneDDoS_v1.exe (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
C:\Users\Josh\Downloads\Unconfirmed 42336.crdownload (Trojan.MSIL.Gen) -> Quarantined and deleted successfully.
C:\Users\Josh\Templates\explorer.exe (Backdoor.MSIL) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Josh\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Local\Temp\System\igfpers.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Josh\AppData\Roaming\MsMpEng.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-03-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-03-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-03-27-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-03-28-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-03-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-04-01-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-04-03-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-04-08-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\dclogs\2012-04-10-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\install\server.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

(end)