Jump to content

Infected Rogue.Antispy


kyuube

Recommended Posts

I keep deleting this but it still coming back.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.22.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

EDWIN :: SHIE [administrator]

Protection: Enabled

12/24/2012 11:44:39 AM

mbam-log-2012-12-24 (11-44-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233788

Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\HT (Rogue.Antispy) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2

Run by EDWIN at 12:24:12 on 2012-12-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.1616 [GMT 8:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\EDWIN\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\Last.fm\LastFM.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Video Web Camera\traybar.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe

C:\Users\EDWIN\Music\stuff\leftsider103\leftsider.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Users\EDWIN\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\HEM\wmime.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Application\rockmelt.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Application\rockmelt.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Application\rockmelt.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Application\rockmelt.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Application\rockmelt.exe

C:\Users\EDWIN\AppData\Local\RockMelt\Application\rockmelt.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EDWIN\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.facemoods.com/?a=ddr

uSearch Bar = Preserve

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=3409&m=easynote_tj65&r=27360210m3b6l0310z135f48l1w25o

mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=3409&m=easynote_tj65&r=27360210m3b6l0310z135f48l1w25o

uProxyServer = 198.144.159.130:3128

uProxyOverride = 127.0.0.1:9421;<local>

mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll

BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Akamai NetSession Interface] "C:\Users\EDWIN\AppData\Local\Akamai\netsession_win.exe"

uRun: [RockMelt Update] "C:\Users\EDWIN\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [bReader] C:\Program Files (x86)\Harshal's Softwares\Birthday Reminder 5.5\remin.exe

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [wmime] C:\Program Files (x86)\HEM\wmime.exe /STARTUP

StartupFolder: C:\Users\EDWIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LASTFM~1.LNK - C:\Program Files (x86)\Last.fm\LastFM.exe

StartupFolder: C:\Users\EDWIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LEFTSI~1.LNK - C:\Users\EDWIN\Music\stuff\leftsider103\leftsider.exe

StartupFolder: C:\Users\EDWIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\proxpn.exe.log

StartupFolder: C:\Users\EDWIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TORREN~1.LNK - C:\Program Files (x86)\uTorrent\uTorrent.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx

TCP: NameServer = 192.168.254.1

TCP: Interfaces\{193590CE-B152-46D8-A972-DE06275F9FBF} : NameServer = 68.238.112.14,68.94.157.1

TCP: Interfaces\{193590CE-B152-46D8-A972-DE06275F9FBF} : DHCPNameServer = 192.168.254.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EDWIN\AppData\Roaming\Mozilla\Firefox\Profiles\6zd57bjb.default-1355418554795\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/?q=

FF - prefs.js: network.proxy.ftp - 209.141.55.22

FF - prefs.js: network.proxy.ftp_port - 3129

FF - prefs.js: network.proxy.http - 209.141.55.22

FF - prefs.js: network.proxy.http_port - 3129

FF - prefs.js: network.proxy.socks - 209.141.55.22

FF - prefs.js: network.proxy.socks_port - 3129

FF - prefs.js: network.proxy.ssl - 209.141.55.22

FF - prefs.js: network.proxy.ssl_port - 3129

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\EDWIN\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\EDWIN\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-09 00:15; wrc@avast.com; C:\Program Files\Alwil Software\Avast5\WebRep\FF

FF - ExtSQL: 2012-12-14 01:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\EDWIN\AppData\Roaming\Mozilla\Firefox\Profiles\6zd57bjb.default-1355418554795\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-14 01:14; {6bdc61ae-7b80-44a3-9476-e1d121ec2238}; C:\Users\EDWIN\AppData\Roaming\Mozilla\Firefox\Profiles\6zd57bjb.default-1355418554795\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi

FF - ExtSQL: 2012-12-14 01:16; ffextension@weheartit.com; C:\Users\EDWIN\AppData\Roaming\Mozilla\Firefox\Profiles\6zd57bjb.default-1355418554795\extensions\ffextension@weheartit.com.xpi

FF - ExtSQL: 2012-12-14 01:17; {fe62bb60-d385-11e1-9b23-0800200c9a66}; C:\Users\EDWIN\AppData\Roaming\Mozilla\Firefox\Profiles\6zd57bjb.default-1355418554795\extensions\{fe62bb60-d385-11e1-9b23-0800200c9a66}.xpi

FF - ExtSQL: 2012-12-14 01:38; jid1-ZAdIEUB7XOzOJw@jetpack; C:\Users\EDWIN\AppData\Roaming\Mozilla\Firefox\Profiles\6zd57bjb.default-1355418554795\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi

FF - ExtSQL: !HIDDEN! 2010-11-07 16:14; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-21 55856]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-5-19 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-31 370288]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-9 169312]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-31 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-31 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-1 44808]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-10-27 844320]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-13 399432]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-8-21 62720]

R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-8-16 240160]

R3 i8042HDR;Keyboard Filter Driver;C:\Windows\System32\drivers\i8042HDR.sys [2011-7-29 15920]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-10-10 139264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-6-4 1150496]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-13 676936]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-10-10 320040]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-13 25928]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-1 250984]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-10 1255736]

.

=============== File Associations ===============

.

FileExt: .scr: scrfile="%1" /S [userChoice]

FileExt: .txt: txtfile=notepad.exe %1 [userChoice]

FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-12-20 02:39:16 -------- d-----w- C:\Users\EDWIN\AppData\Roaming\File Property Edit

2012-12-20 02:39:13 -------- d-----w- C:\Users\EDWIN\AppData\Local\File Property Edit Free

2012-12-16 08:26:51 -------- d-----w- C:\ProgramData\hem

2012-12-16 08:26:47 -------- d-----w- C:\Program Files (x86)\HEM

2012-12-14 07:15:35 -------- d-----w- C:\Users\EDWIN\AppData\Roaming\VSRevoGroup

2012-12-14 07:14:33 -------- d-----w- C:\Users\EDWIN\AppData\Local\CrashDumps

2012-12-14 06:55:08 -------- d-----w- C:\Users\EDWIN\AppData\Local\ElevatedDiagnostics

2012-12-14 03:31:27 -------- d-----w- C:\Users\EDWIN\AppData\Roaming\Maxthon3

2012-12-14 03:31:17 -------- d-----w- C:\Program Files (x86)\Maxthon

2012-12-13 07:23:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-13 07:23:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-13 06:57:09 -------- d-----w- C:\Users\EDWIN\AppData\Local\MFAData

2012-12-13 06:57:09 -------- d-----w- C:\Users\EDWIN\AppData\Local\Avg2013

2012-12-13 06:57:09 -------- d-----w- C:\ProgramData\MFAData

2012-12-13 03:57:39 -------- d-----w- C:\Users\EDWIN\AppData\Roaming\Malwarebytes

2012-12-13 03:57:33 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-12 16:43:19 -------- d-----w- C:\Users\EDWIN\AppData\Local\NPE

2012-12-05 20:38:59 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{606BFD5D-AB38-4001-A1C2-76A872D33EA2}\mpengine.dll

2012-12-02 17:20:34 -------- d-----w- C:\Users\EDWIN\AppData\Roaming\Sublime Text 2

2012-12-02 17:20:22 -------- d-----w- C:\Program Files\Sublime Text 2

.

==================== Find3M ====================

.

2012-12-12 16:03:58 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-12 16:03:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-09-17 19:59:08 4096000 ----a-w- C:\Program Files (x86)\GUTE6C8.tmp

.

============= FINISH: 12:25:27.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/21/2010 5:22:57 PM

System Uptime: 12/24/2012 11:33:51 AM (1 hours ago)

.

Motherboard: Packard Bell | | SJV50MV

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 299.473 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Microsoft Teredo Tunneling Adapter

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\NET\0000

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\NET\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\NET\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\NET\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Broadcom NetLink Gigabit Ethernet

Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10\4&21BC5EAE&0&00E0

Manufacturer: Broadcom

Name: Broadcom NetLink Gigabit Ethernet

PNP Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10\4&21BC5EAE&0&00E0

Service: k57nd60a

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Atheros AR5B93 Wireless Network Adapter

Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_663211AD&REV_01\4&1BDBE2DD&0&00E1

Manufacturer: Atheros Communications Inc.

Name: Atheros AR5B93 Wireless Network Adapter

PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_663211AD&REV_01\4&1BDBE2DD&0&00E1

Service: athr

.

==== System Restore Points ===================

.

RP583: 12/20/2012 8:09:08 AM - Uniblue RegistryBooster installation

RP584: 12/20/2012 10:42:54 AM - Revo Uninstaller's restore point - File Property Edit Free

RP585: 12/20/2012 10:55:07 AM - Revo Uninstaller's restore point - SetFileDate 2.0

RP586: 12/21/2012 2:02:28 PM - Revo Uninstaller's restore point - FileZilla Server

RP587: 12/21/2012 2:08:18 PM - Revo Uninstaller's restore point - FileZilla Server

.

==== Installed Programs ======================

.

µTorrent

64 Bit HP CIO Components Installer

7-Zip 9.20

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 7.0

Adobe Reader X (10.1.4)

Advertising Center

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Mobile Device Support

avast! Free Antivirus

AviSynth 2.5

AVS Update Manager 1.0 (Update Version)

AVS4YOU Software Navigator 1.4

Backup Manager Basic

Birthday Reminder 5.5

BlueJ 3.0.2

Broadcom Gigabit NetLink Controller

BufferChm

CamStudio

CamStudio Lossless Codec

CCleaner

CoffeeCup Free HTML Editor

Copy

CustoPackTools

CyberLink PowerDVD 8

D3DX10

Destinations

DeviceDiscovery

DHTML Editing Component

DJ_AIO_06_F2400_SW_Min

DVD Shrink 3.2

F2400

FileZilla Client 3.6.0.2

FLV Player

GetFLV 9.1.0.0

Google Chrome

GPBaseService2

HandBrake 0.9.6

HP Customer Participation Program 14.0

HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6

HP Imaging Device Functions 14.0

HP Smart Web Printing 4.60

HP Solution Center 14.0

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

ICP 9.0

Identity Card

ImagXpress

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IrfanView (remove only)

iTunes

Java 7 Update 7 (64-bit)

Java 7 Update 9

Java Auto Updater

Last.fm 1.5.4.27091

Launch Manager

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Maxthon Cloud Browser

MCCI®Firmware Update Driver for MTK

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ Run Time Lib Setup

Microsoft Works

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MPC-HC 1.6.2.4902

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Norton Online Backup

Notepad++

OpenOffice.org 3.2

Packard Bell InfoCentre

Packard Bell MyBackup

Packard Bell Power Management

Packard Bell Recovery Management

Packard Bell Registration

Packard Bell Updater

PackardBell ScreenSaver

QuickTime

Realtek AC'97 Audio

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.94

RockMelt

SageThumbs 2.0.0.15

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

SpeedUpMyPC

Status

Sublime Text 2.0.1

Synaptics Pointing Device Driver

Toolbox

Topaz Clean 3

Topaz Clean 3 (64-bit)

Topaz DeNoise 5

Topaz DeNoise 5 (64-bit)

TrayApp

Uniblue RegistryBooster

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Vegas Pro 9.0

Video Web Camera

VLC media player 2.0.2

WebReg

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinRAR archiver

Wise Registry Cleaner 7.55

Yontoo Layers Client 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

12/24/2012 12:22:41 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/24/2012 11:34:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the GRegService service to connect.

12/24/2012 11:34:40 AM, Error: Service Control Manager [7000] - The GRegService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/23/2012 5:41:24 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

12/21/2012 1:52:15 PM, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.