Jump to content

Ahm4dK1ng

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by Ahm4dK1ng

    Malware.Packer.Gen in USB Flash not getting removed

    in Resolved Malware Removal Logs

    Posted

    (Run as admin)

    Junkware Removal Tool (JRT) by Thisisu

    Version: 2.5.6 (11.03.2012)

    OS: Windows 7 Ultimate x86

    Ran by NCC on Sun 11/04/2012 at 19:09:14.24

    Blog: http://thisisudax.blogspot.com

    **************************************************************

    *** Services: 0 Detections

    *** Registry Values: 0 Detections

    *** Registry Keys: 0 Detections

    *** Files: 0 Detections

    *** Folders:

    Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\hotspot shield"

    *** Event Viewer Logs - Cleared

    **************************************************************

    Scan was completed on Sun 11/04/2012 at 19:11:31.38

    End of Report

    Malware.Packer.Gen in USB Flash not getting removed

    in Resolved Malware Removal Logs

    Posted

    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

    Run date: 2012-11-04 15:01:40

    -----------------------------

    15:01:40.476 OS Version: Windows 6.1.7600

    15:01:40.476 Number of processors: 2 586 0x1706

    15:01:40.492 ComputerName: SAED-HARDWARE UserName: NCC

    15:01:48.148 Initialize success

    15:02:02.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5

    15:02:02.588 Disk 0 Vendor: WDC_WD3200AAJS-65M0A0 01.03E01 Size: 305245MB BusType: 3

    15:02:02.604 Disk 0 MBR read successfully

    15:02:02.620 Disk 0 MBR scan

    15:02:02.620 Disk 0 Windows 7 default MBR code

    15:02:02.620 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

    15:02:02.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 101648 MB offset 206848

    15:02:02.651 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 101748 MB offset 208381952

    15:02:02.682 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 101747 MB offset 416761856

    15:02:02.682 Disk 0 scanning sectors +625139712

    15:02:02.807 Disk 0 scanning C:\Windows\system32\drivers

    15:02:12.363 Service scanning

    15:02:42.847 Modules scanning

    15:02:49.082 Disk 0 trace - called modules:

    15:02:49.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

    15:02:49.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c7d5b8]

    15:02:49.128 3 CLASSPNP.SYS[8ac0459e] -> nt!IofCallDriver -> [0x8579a918]

    15:02:49.144 5 ACPI.sys[8aa9c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-5[0x857a2908]

    15:02:49.160 Scan finished successfully

    15:02:58.910 Disk 0 MBR has been saved successfully to "C:\Users\NCC\Desktop\MBR.dat"

    15:02:58.925 The log file has been saved successfully to "C:\Users\NCC\Desktop\aswMBR.txt"

    Malware.Packer.Gen in USB Flash not getting removed

    in Resolved Malware Removal Logs

    Posted

    When I run aswMBR i get a bluescreen.

    JRT:

    Junkware Removal Tool (JRT) by Thisisu

    Version: 2.5.6 (11.03.2012)

    OS: Windows 7 Ultimate x86

    Ran by NCC on Sat 11/03/2012 at 19:38:32.22

    Blog: http://thisisudax.blogspot.com

    **************************************************************

    *** Services: 0 Detections

    *** Registry Values: 0 Detections

    *** Registry Keys:

    Successfully deleted: [KEY] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}

    Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

    Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170}

    Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170}

    Successfully deleted: [KEY] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}

    *** Files: 0 Detections

    *** Folders:

    Failed to delete: [FOLDER-LOCKED!] "C:\Users\NCC\AppData\Roaming\babylontoolbar"

    Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\hotspot shield"

    *** Event Viewer Logs - Cleared

    **************************************************************

    Scan was completed on Sat 11/03/2012

    Malwarebytes:

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000

    www.malwarebytes.org

    Database version: v2012.11.03.06

    Windows 7 x86 NTFS

    Internet Explorer 9.0.8112.16421

    NCC :: SAED-HARDWARE [administrator]

    Protection: Enabled

    03/11/2012 07:30:49 م

    mbam-log-2012-11-03 (19-30-49).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled:

    Objects scanned: 221170

    Time elapsed: 3 minute(s), 59 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 3

    HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    DDS:

    DDS (Ver_2012-10-19.01) - NTFS_x86

    Internet Explorer: 9.0.8112.16421

    Run by NCC at 14:34:01 on 2012-11-04

    Microsoft Windows 7 Ultimate 6.1.7600.0.1256.962.1033.18.2943.1968 [GMT 2:00]

    .

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Hotspot Shield\bin\openvpnas.exe

    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

    C:\Program Files\Hotspot Shield\bin\hsswd.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\mentalray\satellite\raysat_3dsmax2010_32server.exe

    C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

    C:\Program Files\Real\RealPlayer\Update\realsched.exe

    C:\Program Files\DAEMON Tools Lite\DTLite.exe

    C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

    C:\Program Files\FILSHtray\FILSHtray.exe

    C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe

    C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Panda USB Vaccine\USBVaccine.exe

    C:\Users\NCC\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Windows\system32\NOTEPAD.EXE

    C:\Windows\system32\ntvdm.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\System32\svchost.exe -k secsvcs

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com

    uWindow Title = Internet Explorer, optimized for Bing and MSN

    uSearch Bar = hxxp://www.google.com

    uSearch Page = hxxp://www.google.com

    mStart Page = hxxp://www.google.com

    uSearchAssistant = hxxp://www.google.com

    BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} -

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - c:\program files\bearshare applications\mediabar\datamngr\BrowserConnection.dll

    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -

    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

    uRun: [Google Update] "c:\users\ncc\appdata\local\google\update\GoogleUpdate.exe" /c

    uRun: [slackerElves] c:\program files\screenmates\ELVES.EXE

    uRun: [KamikazeKat] c:\program files\screenmates\KKAT.EXE

    uRun: [Dino] c:\program files\screenmates\GRANNYSM.EXE

    uRun: [AdobeBridge] <no file>

    mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE

    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\filsht~1.lnk - c:\program files\filshtray\FILSHtray.exe

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

    LSP: c:\windows\system32\imon.dll

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    TCP: NameServer = 192.168.1.1 0.0.0.0

    TCP: Interfaces\{52DAA138-A873-4583-990D-79005EBCE273} : DHCPNameServer = 192.168.1.1 0.0.0.0

    TCP: Interfaces\{7DF9E9C8-2977-4C4C-B16D-EA40C66524DF} : DHCPNameServer = 192.168.1.1 0.0.0.0

    TCP: Interfaces\{E31BDAE0-33CC-4232-A9CC-75C8C16FA630} : DHCPNameServer = 8.8.8.8

    SSODL: WebCheck - <orphaned>

    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\windows mail\WinMail.exe" OCInstallUserConfigOE

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-22 242240]

    R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]

    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-6-20 15424]

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-10-13 523632]

    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-10-12 389488]

    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-25 399432]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-25 676936]

    R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

    R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-2-23 86016]

    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-6-25 2666880]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22856]

    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-4 40776]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-22 205808]

    S2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" --> c:\program files\eset\nod32krn.exe [?]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-29 250808]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

    S3 gupdatem;خدمة Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-22 205808]

    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]

    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

    .

    =============== File Associations ===============

    .

    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"

    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"

    .

    =============== Created Last 30 ================

    .

    2012-11-04 12:30:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2012-11-03 17:22:06 -------- d--h--w- c:\windows\PIF

    2012-11-03 17:18:04 -------- d-----w- c:\windows\ERUNT

    2012-11-03 17:18:01 -------- d-----w- C:\JRT

    2012-11-03 17:15:15 -------- d-----w- c:\programdata\Panda Security

    2012-10-30 14:05:59 -------- d-----w- c:\users\ncc\appdata\roaming\Blender Foundation

    2012-10-30 13:59:06 -------- d-----w- c:\users\ncc\.thumbnails

    2012-10-29 14:19:29 20992 ----a-w- c:\windows\jestertb.dll

    2012-10-26 15:03:39 -------- d-----w- c:\users\ncc\appdata\roaming\SUPERAntiSpyware.com

    2012-10-26 15:03:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-10-26 06:22:12 -------- d-----w- c:\program files\common files\Simple Adblock

    .

    ==================== Find3M ====================

    .

    2012-10-26 06:59:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-10-26 06:59:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-09-29 17:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-09-19 06:56:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

    2012-09-19 06:56:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

    2012-09-19 06:56:41 746984 ----a-w- c:\windows\system32\deployJava1.dll

    .

    ============= FINISH: 14:34:40.76 ===============

    Attach:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-10-19.01)

    .

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume1

    Install Date: 20/06/2011 04:32:55 م

    System Uptime: 04/11/2012 02:18:53 م (0 hours ago)

    .

    Motherboard: MSI | | MS-7399

    Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 99 GiB total, 21.627 GiB free.

    D: is FIXED (NTFS) - 99 GiB total, 87.681 GiB free.

    E: is FIXED (NTFS) - 99 GiB total, 97.386 GiB free.

    F: is CDROM ()

    G: is CDROM ()

    H: is CDROM ()

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Description: AMON

    Device ID: ROOT\LEGACY_AMON\0000

    Manufacturer:

    Name: AMON

    PNP Device ID: ROOT\LEGACY_AMON\0000

    Service: AMON

    .

    Class GUID:

    Description: Coprocessor

    Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B

    Manufacturer:

    Name: Coprocessor

    PNP Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73991462&REV_A2\3&267A616A&0&1B

    Service:

    .

    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

    Description: Unknown Device

    Device ID: USB\VID_0000&PID_0000\5&D1BEDBD&0&7

    Manufacturer: (Standard USB Host Controller)

    Name: Unknown Device

    PNP Device ID: USB\VID_0000&PID_0000\5&D1BEDBD&0&7

    Service:

    .

    ==== System Restore Points ===================

    .

    RP63: 16/09/2012 04:51:42 م - Scheduled Checkpoint

    RP64: 19/09/2012 08:55:20 ص - Installed Java 7 Update 7

    RP66: 26/09/2012 03:05:43 م - Installed DirectX

    RP67: 03/10/2012 06:25:32 م - Scheduled Checkpoint

    RP68: 26/10/2012 08:20:56 ص - Installed Simple Adblock

    RP69: 26/10/2012 08:42:27 ص - Installed VirtualDJ Home FREE

    RP70: 26/10/2012 10:37:40 ص - Installed Java 7 Update 9

    RP71: 03/11/2012 07:27:25 م - Removed BabylonObjectInstaller

    .

    ==== Installed Programs ======================

    .

    Adobe Acrobat X Pro - English, Français, Deutsch

    Adobe AIR

    Adobe Community Help

    Adobe Content Viewer

    Adobe Creative Suite 5.5 Master Collection

    Adobe CSI CS4

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Illustrator CS4

    Adobe Photoshop CS4

    Adobe Search for Help

    Adobe Service Manager Extension

    Adobe Setup

    Adobe Widget Browser

    AIR iPad

    AirXonix version 1.45

    Allegorithmic Substance Designer 1.x

    Allegorithmic Substance Extra Content for 3DSMax 2012 1.x

    Allegorithmic Substance Player 1.x

    Apple Software Update

    ArchVision Dashboard

    Astroburn Lite

    Autodesk 3ds Max 2010 32-bit

    Autodesk 3ds Max 2012 32-bit - English

    Autodesk 3ds Max 2012 SDK

    Autodesk Backburner 2012.0.0

    Autodesk FBX Plug-in 2012.0 - 3ds Max 2012

    Autodesk FBX Plugin 2009.4 - 3ds Max 2010

    Autodesk Material Library 2012

    Autodesk Material Library Base Resolution Image Library 2012

    Autodesk Material Library Medium Resolution Image Library 2012

    Autodesk Mudbox 2012 32-bit - English

    Autodesk Network License Manager

    AxySnake version 1.19

    BabylonObjectInstaller

    Bing Bar

    Bing Bar Platform

    Bing Rewards Client Installer

    Bonjour

    Composite 2012

    Connect

    Coupon Printer for Windows

    DAEMON Tools Lite

    FarmVilleBot 2.2.3.7

    FILSHtray

    Fraps (remove only)

    Google Chrome

    Google Toolbar for Internet Explorer

    Google Update Helper

    Grand Theft Auto IV

    Grand Theft Auto IV v1.0 Eng

    Hotspot Shield 2.74

    HP Deskjet 1050 J410 series Basic Device Software

    HP Deskjet 1050 J410 series Help

    HP Deskjet 1050 J410 series Product Improvement Study

    HyperCam 3

    K-Lite Codec Pack 4.1.7 (Full)

    kuler

    Magic ISO Maker v5.5 (build 0281)

    Malwarebytes Anti-Malware version 1.65.1.1000

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Default Manager

    Microsoft Search Enhancement Pack

    Microsoft Silverlight

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft_VC80_ATL_x86

    Microsoft_VC80_CRT_x86

    Microsoft_VC80_MFC_x86

    Microsoft_VC80_MFCLOC_x86

    Microsoft_VC90_ATL_x86

    Microsoft_VC90_CRT_x86

    Microsoft_VC90_MFC_x86

    Microsoft_VC90_MFCLOC_x86

    Mobile Mouse Server

    MSVCRT Redists

    Panda USB Vaccine 1.0.1.4

    PDF Settings CS5

    PowerDVD

    Project Rescue Africa

    PxMergeModule

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealPlayer

    RealUpgrade 1.1

    RESIDENT EVIL 5

    ResidentEvil3

    RPC Plug-in for Autodesk 3ds Max 2012 32-bit

    San Andreas Mod Installer

    Simple Adblock

    SUPERAntiSpyware

    TeamViewer 7

    UltraISO Premium V9.52

    VC Temptresses Screen Saver

    Vegas Pro 10.0

    VideoLAN VLC media player 0.8.6b

    VirtualDJ Home FREE

    Wincore MediaBar

    Windows Movie Maker 2.6

    WinRAR 4.20 (32-bit)

    Yahoo! Messenger

    .

    ==== Event Viewer Messages From Past Week ========

    .

    04/11/2012 03:15:13 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

    04/11/2012 03:15:13 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 10:27:32 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 10:27:30 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 08:36:39 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 08:36:38 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 08:06:12 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 08:06:11 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 08:06:11 م, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110312-13609-01.

    03/11/2012 08:06:07 م, Error: EventLog [6008] - The previous system shutdown at 08:04:45 م on ‏03/‏11/‏2012 was unexpected.

    03/11/2012 07:52:01 م, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110312-18687-01.

    03/11/2012 07:51:58 م, Error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 07:51:58 م, Error: Service Control Manager [7000] - The AMON service failed to start due to the following error: The system cannot find the file specified.

    03/11/2012 07:51:57 م, Error: EventLog [6008] - The previous system shutdown at 07:49:23 م on ‏03/‏11/‏2012 was unexpected.

    .

    ==== End Of File ===========================

    Malware.Packer.Gen in USB Flash not getting removed

    in Malwarebytes for Windows Support Forum

    Posted

    When i scan my Flash memory i get Malware.Packer.Gen , when i run a complete scan and remove it,it keeps coming back to the flash memory. and it infected my other computer because i used the flash, now its in 2 PCs and cannot remove it with malwarebytes, is there a way to remove it completely?

    Log:

    Malwarebytes Anti-Malware (PRO) 1.65.1.1000 Database version: v2012.11.03.03

    Windows 7 x86 NTFS

    Internet Explorer 9.0.8112.16421

    NCC :: SAED-HARDWARE [administrator]

    Protection: Enabled

    03/11/2012 01:36:16 م

    mbam-log-2012-11-03 (13-36-16).txt

    Scan type: Full scan (I:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled:

    Objects scanned: 70595

    Time elapsed: 2 minute(s), 4 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    I:\rduqnk.pif (Malware.Packer.Gen) -> Quarantined and deleted successfully.

    (end)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.