VangX's Content - Malwarebytes Forums

Ammyy Scam

VangX replied to VangX's topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/4/2011 2:04:26 PM System Uptime: 10/17/2012 12:50:26 PM (7 hours ago) . Motherboard: Intel Corporation | | D945GCZ Processor: Intel® Pentium® D CPU 2.80GHz | J3E1 | 2799/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 49 GiB total, 24.404 GiB free. D: is FIXED (NTFS) - 137 GiB total, 137.374 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: ViXS PureTV-U1 4882 (NTSC) Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0 Manufacturer: ViXS Systems Inc. Name: ViXS PureTV-U1 4882 (NTSC) PNP Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0 Service: xcbdaNtsc . ==== System Restore Points =================== . RP198: 9/25/2012 8:58:37 AM - Windows Update RP199: 9/28/2012 2:25:23 AM - Windows Update RP200: 10/2/2012 8:52:41 AM - Windows Update RP201: 10/5/2012 9:30:42 AM - Windows Update RP202: 10/9/2012 12:05:29 PM - Windows Update RP203: 10/12/2012 10:32:24 AM - Windows Update RP204: 10/16/2012 9:31:55 AM - Windows Update RP205: 10/17/2012 10:53:47 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX AT&T Troubleshoot & Resolve Tool att.net Internet Mail Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Malwarebytes Anti-Malware version 1.65.1.1000 McAfee SiteAdvisor Microsoft .NET Framework 3.5 SP1 Microsoft Silverlight Soft Data Fax Modem with SmartCP SpywareBlaster 4.6 SUPERAntiSpyware Update for Microsoft .NET Framework 3.5 SP1 (KB963707) WinRAR 4.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 10/17/2012 7:08:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/17/2012 7:08:03 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s). 10/17/2012 7:06:33 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 10/17/2012 12:50:43 PM, Error: EventLog [6008] - The previous system shutdown at 12:48:09 PM on 10/17/2012 was unexpected. 10/17/2012 10:44:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:57:55 PM on 10/16/2012 was unexpected. 10/16/2012 6:40:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\yang\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost. 10/11/2012 3:29:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null 10/10/2012 6:55:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Null . ==== End Of File ===========================

Ammyy Scam

VangX replied to VangX's topic in Resolved Malware Removal Logs

DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 8.0.6001.18882 Run by yang at 19:27:15 on 2012-10-17 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1029 [GMT -7:00] . . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciServiceHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Windows\system32\rundll32.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 Trusted Zone: $talisma_url$ . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{62E4DD16-A2C6-4825-8EF5-35B2506DC813} : DHCPNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 676936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-10-17 95232] R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-31 315392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-17 22856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-15 250808] S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2006-11-2 139904] . =============== Created Last 30 ================ . 2012-10-18 02:20:22 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-18 02:20:16 -------- d-----w- c:\users\yang\appdata\local\temp 2012-10-18 02:07:09 98816 ----a-w- c:\windows\sed.exe 2012-10-18 02:07:09 256000 ----a-w- c:\windows\PEV.exe 2012-10-18 02:07:09 208896 ----a-w- c:\windows\MBR.exe 2012-10-17 18:05:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2012-10-17 18:05:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-10-17 18:05:58 -------- d-----w- c:\program files\SpywareBlaster 2012-10-17 18:04:51 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8db9e9ac-56ab-4f3a-adfe-87e55294c986}\mpengine.dll 2012-10-17 18:01:16 -------- d-----w- c:\users\yang\appdata\roaming\Malwarebytes 2012-10-17 18:01:07 -------- d-----w- c:\programdata\Malwarebytes 2012-10-17 18:01:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-17 18:01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-17 17:56:09 -------- d-----w- c:\program files\common files\McAfee 2012-10-17 17:55:51 -------- d-----w- c:\program files\McAfee 2012-10-17 17:47:29 -------- d-----w- c:\users\yang\appdata\roaming\SUPERAntiSpyware.com 2012-10-17 17:47:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-10-17 17:47:23 -------- d-----w- c:\program files\SUPERAntiSpyware . ==================== Find3M ==================== . 2012-10-08 18:23:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 18:23:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 19:27:46.37 ===============

Ammyy Scam

VangX replied to VangX's topic in Resolved Malware Removal Logs

ComboFix 12-10-17.05 - yang 10/17/2012 19:09:09.1.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1207 [GMT -7:00] Running from: c:\users\yang\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\AMMYY c:\programdata\AMMYY\hr c:\programdata\AMMYY\hr3 c:\programdata\AMMYY\settings3.bin . . ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))) . . 2012-10-17 18:05 . 2012-10-17 18:05 -------- d-----w- c:\program files\SpywareBlaster 2012-10-17 18:05 . 2010-01-11 02:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2012-10-17 18:05 . 2010-01-11 02:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-10-17 18:04 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB9E9AC-56AB-4F3A-ADFE-87E55294C986}\mpengine.dll 2012-10-17 18:01 . 2012-10-17 18:01 -------- d-----w- c:\users\yang\AppData\Roaming\Malwarebytes 2012-10-17 18:01 . 2012-10-17 18:01 -------- d-----w- c:\programdata\Malwarebytes 2012-10-17 18:01 . 2012-10-17 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-17 18:01 . 2012-09-30 02:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-17 17:56 . 2012-10-17 17:56 -------- d-----w- c:\program files\Common Files\McAfee 2012-10-17 17:55 . 2012-10-17 19:51 -------- d-----w- c:\program files\McAfee 2012-10-17 17:55 . 2012-10-17 17:55 -------- d-----w- c:\programdata\McAfee 2012-10-17 17:47 . 2012-10-17 17:47 -------- d-----w- c:\users\yang\AppData\Roaming\SUPERAntiSpyware.com 2012-10-17 17:47 . 2012-10-17 17:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-10-17 17:47 . 2012-10-17 17:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 18:23 . 2012-09-15 22:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 18:23 . 2011-07-04 21:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-07-07 1232896] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656] "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . Contents of the 'Scheduled Tasks' folder . 2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 18:23] . 2012-10-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9f80516c-9f3f-43e2-a047-a2c234b33a85.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-10-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d0fdf364-efaa-479b-a9be-5c3fc37f282e.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ Trusted Zone: $talisma_url$ TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-17 19:17 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-10-17 19:20:12 ComboFix-quarantined-files.txt 2012-10-18 02:20

Ammyy Scam

VangX replied to VangX's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.17.13 Windows Vista x86 NTFS Internet Explorer 8.0.6001.18882 yang :: YANG-PC [administrator] Protection: Enabled 10/17/2012 6:49:59 PM mbam-log-2012-10-17 (18-49-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 177861 Time elapsed: 3 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0

Ammyy Scam

VangX replied to VangX's topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/4/2011 2:04:26 PM System Uptime: 10/17/2012 12:50:26 PM (0 hours ago) . Motherboard: Intel Corporation | | D945GCZ Processor: Intel® Pentium® D CPU 2.80GHz | J3E1 | 2799/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 49 GiB total, 24.428 GiB free. D: is FIXED (NTFS) - 137 GiB total, 137.374 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: ViXS PureTV-U1 4882 (NTSC) Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0 Manufacturer: ViXS Systems Inc. Name: ViXS PureTV-U1 4882 (NTSC) PNP Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0 Service: xcbdaNtsc . ==== System Restore Points =================== . RP198: 9/25/2012 8:58:37 AM - Windows Update RP199: 9/28/2012 2:25:23 AM - Windows Update RP200: 10/2/2012 8:52:41 AM - Windows Update RP201: 10/5/2012 9:30:42 AM - Windows Update RP202: 10/9/2012 12:05:29 PM - Windows Update RP203: 10/12/2012 10:32:24 AM - Windows Update RP204: 10/16/2012 9:31:55 AM - Windows Update RP205: 10/17/2012 10:53:47 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX AT&T Troubleshoot & Resolve Tool att.net Internet Mail Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Malwarebytes Anti-Malware version 1.65.1.1000 McAfee SiteAdvisor Microsoft .NET Framework 3.5 SP1 Microsoft Silverlight Soft Data Fax Modem with SmartCP SpywareBlaster 4.6 SUPERAntiSpyware Update for Microsoft .NET Framework 3.5 SP1 (KB963707) WinRAR 4.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 10/17/2012 12:50:43 PM, Error: EventLog [6008] - The previous system shutdown at 12:48:09 PM on 10/17/2012 was unexpected. 10/17/2012 10:44:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:57:55 PM on 10/16/2012 was unexpected. 10/16/2012 6:40:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\yang\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost. 10/11/2012 3:29:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null 10/10/2012 6:55:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Null . ==== End Of File ===========================

Ammyy Scam

VangX posted a topic in Resolved Malware Removal Logs

This is from my follow up ammyy scam. DS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 8.0.6001.18882 Run by yang at 12:54:55 on 2012-10-17 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1228 [GMT -7:00] . . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciServiceHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\rundll32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe" Trusted Zone: $talisma_url$ . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{62E4DD16-A2C6-4825-8EF5-35B2506DC813} : DHCPNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 676936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-10-17 95232] R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-31 315392] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-17 22856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-15 250808] S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2006-11-2 139904] . =============== Created Last 30 ================ . 2012-10-17 18:05:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2012-10-17 18:05:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-10-17 18:05:58 -------- d-----w- c:\program files\SpywareBlaster 2012-10-17 18:04:51 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8db9e9ac-56ab-4f3a-adfe-87e55294c986}\mpengine.dll 2012-10-17 18:01:16 -------- d-----w- c:\users\yang\appdata\roaming\Malwarebytes 2012-10-17 18:01:07 -------- d-----w- c:\programdata\Malwarebytes 2012-10-17 18:01:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-17 18:01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-17 17:56:09 -------- d-----w- c:\program files\common files\McAfee 2012-10-17 17:55:51 -------- d-----w- c:\program files\McAfee 2012-10-17 17:47:29 -------- d-----w- c:\users\yang\appdata\roaming\SUPERAntiSpyware.com 2012-10-17 17:47:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-10-17 17:47:23 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-10-17 00:58:52 -------- d-----w- c:\programdata\AMMYY . ==================== Find3M ==================== . 2012-10-08 18:23:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 18:23:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 12:55:57.32 ===============

Ammyy Scam

VangX replied to VangX's topic in Malwarebytes for Windows Support Forum

Option 1

Ammyy Scam

VangX posted a topic in Malwarebytes for Windows Support Forum

This is my first time in here. I was just wondering if anybody could help. I got a call from a guy. He told me my computer was infected. I know it's stupid of me to go on with the direction because our computer has been slow lately. Anyway I fell for giving away the ID to that guy. I don't really know much about computer, so when I went to search Ammyy online. It was a scam. I know it's stupid of me but now I need help.

VangX

Help fell for Ammyy Scam

October 17, 2012

VangX

Help fell for Ammy Scam

October 17, 2012

Sign In

VangX

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by VangX

Ammyy Scam

Ammyy Scam

Ammyy Scam

Ammyy Scam

Ammyy Scam

Ammyy Scam

Ammyy Scam

Ammyy Scam

VangX

VangX

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information