Jump to content

VangX

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by VangX

    Ammyy Scam

    in Resolved Malware Removal Logs

    Posted

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-10-14.05)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 7/4/2011 2:04:26 PM

    System Uptime: 10/17/2012 12:50:26 PM (7 hours ago)

    .

    Motherboard: Intel Corporation | | D945GCZ

    Processor: Intel® Pentium® D CPU 2.80GHz | J3E1 | 2799/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 49 GiB total, 24.404 GiB free.

    D: is FIXED (NTFS) - 137 GiB total, 137.374 GiB free.

    E: is CDROM ()

    G: is Removable

    H: is Removable

    I: is Removable

    J: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

    Description: ViXS PureTV-U1 4882 (NTSC)

    Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0

    Manufacturer: ViXS Systems Inc.

    Name: ViXS PureTV-U1 4882 (NTSC)

    PNP Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0

    Service: xcbdaNtsc

    .

    ==== System Restore Points ===================

    .

    RP198: 9/25/2012 8:58:37 AM - Windows Update

    RP199: 9/28/2012 2:25:23 AM - Windows Update

    RP200: 10/2/2012 8:52:41 AM - Windows Update

    RP201: 10/5/2012 9:30:42 AM - Windows Update

    RP202: 10/9/2012 12:05:29 PM - Windows Update

    RP203: 10/12/2012 10:32:24 AM - Windows Update

    RP204: 10/16/2012 9:31:55 AM - Windows Update

    RP205: 10/17/2012 10:53:47 AM - Windows Update

    .

    ==== Installed Programs ======================

    .

    Adobe Flash Player 11 ActiveX

    AT&T Troubleshoot & Resolve Tool

    att.net Internet Mail

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Intel® Graphics Media Accelerator Driver

    Malwarebytes Anti-Malware version 1.65.1.1000

    McAfee SiteAdvisor

    Microsoft .NET Framework 3.5 SP1

    Microsoft Silverlight

    Soft Data Fax Modem with SmartCP

    SpywareBlaster 4.6

    SUPERAntiSpyware

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    WinRAR 4.01 (32-bit)

    .

    ==== Event Viewer Messages From Past Week ========

    .

    10/17/2012 7:08:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    10/17/2012 7:08:03 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

    10/17/2012 7:06:33 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

    10/17/2012 12:50:43 PM, Error: EventLog [6008] - The previous system shutdown at 12:48:09 PM on 10/17/2012 was unexpected.

    10/17/2012 10:44:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:57:55 PM on 10/16/2012 was unexpected.

    10/16/2012 6:40:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\yang\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.

    10/11/2012 3:29:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null

    10/10/2012 6:55:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Null

    .

    ==== End Of File ===========================

    Ammyy Scam

    in Resolved Malware Removal Logs

    Posted

    DDS (Ver_2012-10-14.05) - NTFS_x86

    Internet Explorer: 8.0.6001.18882

    Run by yang at 19:27:15 on 2012-10-17

    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1029 [GMT -7:00]

    .

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\SLsvc.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Common Files\Motive\McciCMService.exe

    C:\Program Files\Common Files\Motive\McciServiceHost.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\ATT-SST\McciTrayApp.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\mobsync.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\explorer.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Windows\system32\rundll32.exe

    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

    uPolicies-Explorer: NoDrives = dword:0

    mPolicies-Explorer: NoDrives = dword:0

    Trusted Zone: $talisma_url$

    .

    INFO: HKCU has more than 50 listed domains.

    If you wish to scan all of them, select the 'Force scan all domains' option.

    .

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    TCP: NameServer = 192.168.1.254

    TCP: Interfaces\{62E4DD16-A2C6-4825-8EF5-35B2506DC813} : DHCPNameServer = 192.168.1.254

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 399432]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 676936]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-10-17 95232]

    R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-31 315392]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-17 22856]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-15 250808]

    S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2006-11-2 139904]

    .

    =============== Created Last 30 ================

    .

    2012-10-18 02:20:22 -------- d-sh--w- C:\$RECYCLE.BIN

    2012-10-18 02:20:16 -------- d-----w- c:\users\yang\appdata\local\temp

    2012-10-18 02:07:09 98816 ----a-w- c:\windows\sed.exe

    2012-10-18 02:07:09 256000 ----a-w- c:\windows\PEV.exe

    2012-10-18 02:07:09 208896 ----a-w- c:\windows\MBR.exe

    2012-10-17 18:05:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

    2012-10-17 18:05:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

    2012-10-17 18:05:58 -------- d-----w- c:\program files\SpywareBlaster

    2012-10-17 18:04:51 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8db9e9ac-56ab-4f3a-adfe-87e55294c986}\mpengine.dll

    2012-10-17 18:01:16 -------- d-----w- c:\users\yang\appdata\roaming\Malwarebytes

    2012-10-17 18:01:07 -------- d-----w- c:\programdata\Malwarebytes

    2012-10-17 18:01:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-10-17 18:01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-10-17 17:56:09 -------- d-----w- c:\program files\common files\McAfee

    2012-10-17 17:55:51 -------- d-----w- c:\program files\McAfee

    2012-10-17 17:47:29 -------- d-----w- c:\users\yang\appdata\roaming\SUPERAntiSpyware.com

    2012-10-17 17:47:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-10-17 17:47:23 -------- d-----w- c:\program files\SUPERAntiSpyware

    .

    ==================== Find3M ====================

    .

    2012-10-08 18:23:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-10-08 18:23:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    .

    ============= FINISH: 19:27:46.37 ===============

    Ammyy Scam

    in Resolved Malware Removal Logs

    Posted

    ComboFix 12-10-17.05 - yang 10/17/2012 19:09:09.1.1 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1207 [GMT -7:00]

    Running from: c:\users\yang\Desktop\ComboFix.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\AMMYY

    c:\programdata\AMMYY\hr

    c:\programdata\AMMYY\hr3

    c:\programdata\AMMYY\settings3.bin

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))

    .

    .

    2012-10-17 18:05 . 2012-10-17 18:05 -------- d-----w- c:\program files\SpywareBlaster

    2012-10-17 18:05 . 2010-01-11 02:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

    2012-10-17 18:05 . 2010-01-11 02:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

    2012-10-17 18:04 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB9E9AC-56AB-4F3A-ADFE-87E55294C986}\mpengine.dll

    2012-10-17 18:01 . 2012-10-17 18:01 -------- d-----w- c:\users\yang\AppData\Roaming\Malwarebytes

    2012-10-17 18:01 . 2012-10-17 18:01 -------- d-----w- c:\programdata\Malwarebytes

    2012-10-17 18:01 . 2012-10-17 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-10-17 18:01 . 2012-09-30 02:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-10-17 17:56 . 2012-10-17 17:56 -------- d-----w- c:\program files\Common Files\McAfee

    2012-10-17 17:55 . 2012-10-17 19:51 -------- d-----w- c:\program files\McAfee

    2012-10-17 17:55 . 2012-10-17 17:55 -------- d-----w- c:\programdata\McAfee

    2012-10-17 17:47 . 2012-10-17 17:47 -------- d-----w- c:\users\yang\AppData\Roaming\SUPERAntiSpyware.com

    2012-10-17 17:47 . 2012-10-17 17:47 -------- d-----w- c:\program files\SUPERAntiSpyware

    2012-10-17 17:47 . 2012-10-17 17:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-10-08 18:23 . 2012-09-15 22:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-10-08 18:23 . 2011-07-04 21:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-07-07 1232896]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]

    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    @=""

    .

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 18:23]

    .

    2012-10-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9f80516c-9f3f-43e2-a047-a2c234b33a85.job

    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

    .

    2012-10-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d0fdf364-efaa-479b-a9be-5c3fc37f282e.job

    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    Trusted Zone: $talisma_url$

    TCP: DhcpNameServer = 192.168.1.254

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2012-10-17 19:17

    Windows 6.0.6000 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2012-10-17 19:20:12

    ComboFix-quarantined-files.txt 2012-10-18 02:20

    Ammyy Scam

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.10.17.13

    Windows Vista x86 NTFS

    Internet Explorer 8.0.6001.18882

    yang :: YANG-PC [administrator]

    Protection: Enabled

    10/17/2012 6:49:59 PM

    mbam-log-2012-10-17 (18-49-59).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 177861

    Time elapsed: 3 minute(s), 37 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    Ammyy Scam

    in Resolved Malware Removal Logs

    Posted

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-10-14.05)

    .

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 7/4/2011 2:04:26 PM

    System Uptime: 10/17/2012 12:50:26 PM (0 hours ago)

    .

    Motherboard: Intel Corporation | | D945GCZ

    Processor: Intel® Pentium® D CPU 2.80GHz | J3E1 | 2799/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 49 GiB total, 24.428 GiB free.

    D: is FIXED (NTFS) - 137 GiB total, 137.374 GiB free.

    E: is CDROM ()

    G: is Removable

    H: is Removable

    I: is Removable

    J: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

    Description: ViXS PureTV-U1 4882 (NTSC)

    Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0

    Manufacturer: ViXS Systems Inc.

    Name: ViXS PureTV-U1 4882 (NTSC)

    PNP Device ID: PCI\VEN_1745&DEV_2100&SUBSYS_48821043&REV_00\4&127176C0&0&00F0

    Service: xcbdaNtsc

    .

    ==== System Restore Points ===================

    .

    RP198: 9/25/2012 8:58:37 AM - Windows Update

    RP199: 9/28/2012 2:25:23 AM - Windows Update

    RP200: 10/2/2012 8:52:41 AM - Windows Update

    RP201: 10/5/2012 9:30:42 AM - Windows Update

    RP202: 10/9/2012 12:05:29 PM - Windows Update

    RP203: 10/12/2012 10:32:24 AM - Windows Update

    RP204: 10/16/2012 9:31:55 AM - Windows Update

    RP205: 10/17/2012 10:53:47 AM - Windows Update

    .

    ==== Installed Programs ======================

    .

    Adobe Flash Player 11 ActiveX

    AT&T Troubleshoot & Resolve Tool

    att.net Internet Mail

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Intel® Graphics Media Accelerator Driver

    Malwarebytes Anti-Malware version 1.65.1.1000

    McAfee SiteAdvisor

    Microsoft .NET Framework 3.5 SP1

    Microsoft Silverlight

    Soft Data Fax Modem with SmartCP

    SpywareBlaster 4.6

    SUPERAntiSpyware

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    WinRAR 4.01 (32-bit)

    .

    ==== Event Viewer Messages From Past Week ========

    .

    10/17/2012 12:50:43 PM, Error: EventLog [6008] - The previous system shutdown at 12:48:09 PM on 10/17/2012 was unexpected.

    10/17/2012 10:44:13 AM, Error: EventLog [6008] - The previous system shutdown at 10:57:55 PM on 10/16/2012 was unexpected.

    10/16/2012 6:40:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\yang\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.

    10/11/2012 3:29:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null

    10/10/2012 6:55:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Null

    .

    ==== End Of File ===========================

    Ammyy Scam

    in Resolved Malware Removal Logs

    Posted

    This is from my follow up ammyy scam.

    DS (Ver_2012-10-14.05) - NTFS_x86

    Internet Explorer: 8.0.6001.18882

    Run by yang at 12:54:55 on 2012-10-17

    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1228 [GMT -7:00]

    .

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\SLsvc.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

    C:\Program Files\Common Files\Motive\McciCMService.exe

    C:\Program Files\Common Files\Motive\McciServiceHost.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\DRIVERS\xaudio.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\rundll32.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\ATT-SST\McciTrayApp.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\mobsync.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

    Trusted Zone: $talisma_url$

    .

    INFO: HKCU has more than 50 listed domains.

    If you wish to scan all of them, select the 'Force scan all domains' option.

    .

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    TCP: NameServer = 192.168.1.254

    TCP: Interfaces\{62E4DD16-A2C6-4825-8EF5-35B2506DC813} : DHCPNameServer = 192.168.1.254

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

    Notify: igfxcui - igfxdev.dll

    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 399432]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 676936]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-10-17 95232]

    R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-1-31 315392]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-17 22856]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-15 250808]

    S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2006-11-2 139904]

    .

    =============== Created Last 30 ================

    .

    2012-10-17 18:05:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

    2012-10-17 18:05:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

    2012-10-17 18:05:58 -------- d-----w- c:\program files\SpywareBlaster

    2012-10-17 18:04:51 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8db9e9ac-56ab-4f3a-adfe-87e55294c986}\mpengine.dll

    2012-10-17 18:01:16 -------- d-----w- c:\users\yang\appdata\roaming\Malwarebytes

    2012-10-17 18:01:07 -------- d-----w- c:\programdata\Malwarebytes

    2012-10-17 18:01:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-10-17 18:01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-10-17 17:56:09 -------- d-----w- c:\program files\common files\McAfee

    2012-10-17 17:55:51 -------- d-----w- c:\program files\McAfee

    2012-10-17 17:47:29 -------- d-----w- c:\users\yang\appdata\roaming\SUPERAntiSpyware.com

    2012-10-17 17:47:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-10-17 17:47:23 -------- d-----w- c:\program files\SUPERAntiSpyware

    2012-10-17 00:58:52 -------- d-----w- c:\programdata\AMMYY

    .

    ==================== Find3M ====================

    .

    2012-10-08 18:23:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-10-08 18:23:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    .

    ============= FINISH: 12:55:57.32 ===============

    Ammyy Scam

    in Malwarebytes for Windows Support Forum

    Posted

    This is my first time in here. I was just wondering if anybody could help. I got a call from a guy. He told me my computer was infected. I know it's stupid of me to go on with the direction because our computer has been slow lately. Anyway I fell for giving away the ID to that guy. I don't really know much about computer, so when I went to search Ammyy online. It was a scam. I know it's stupid of me but now I need help.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.