NeoX12 Posted January 26, 2013 ID:639489 Share Posted January 26, 2013 Malwarebytes Quick Scan LogMalwarebytes Anti-Malware (PRO) 1.62.0.1300www.malwarebytes.orgDatabase version: v2013.01.22.03Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385HahaHeadshot :: HAHAHEADSHOT-PC [administrator]Protection: Enabled26-Jan-13 1:25:42 PMmbam-log-2013-01-26 (13-25-42).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 268774Time elapsed: 5 minute(s), 51 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)svchost.exe activities2013/01/26 00:29:29 +0600 HAHAHEADSHOT-PC HahaHeadshot IP-BLOCK 58.240.223.154 (Type: incoming, Port: 1433, Process: svchost.exe)2013/01/26 13:18:36 +0600 HAHAHEADSHOT-PC HahaHeadshot IP-BLOCK 178.152.0.236 (Type: incoming, Port: 20068, Process: svchost.exe)DDS logDDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1Run by HahaHeadshot at 13:34:12 on 2013-01-26Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2040.679 [GMT 6:00].AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeF:\Advanced SystemCare 6\ASCService.exeF:\COMODO\COMODO Internet Security\cmdagent.exeF:\SandBoxie FINAL\SbieSvc.exeF:\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\QUBEE WCM\GPCommonService.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files\Hotspot Shield\bin\hsswd.exeF:\Defraggg\oodag.exeC:\Windows\system32\vmnat.exeC:\Program Files\Wondershare\Wondershare Application Center\WACService.exeC:\Windows\system32\vmnetdhcp.exeF:\VMWARE INSTALLED\vmware-authd.exeC:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEF:\Advanced SystemCare 6\Monitor.exeF:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\KeyScrambler\KeyScrambler.exeF:\Avast\AvastUI.exeC:\Program Files\QUBEE WCM\QUBEE WCM.exeF:\Internet Download Manager\IDMan.exeC:\Users\HahaHeadshot\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exeF:\SandBoxie FINAL\SbieCtrl.exeF:\Internet Download Manager\IEMonitor.exeC:\Program Files\QUBEE WCM\wimax\WmMMgr.exeC:\Windows\system32\conhost.exeC:\Windows\system32\SearchIndexer.exeF:\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeF:\Acrobat\Acrobat\Acrobat.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeF:\Microsoft Office 2007\Office12\EXCEL.EXEC:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exeH:\Desktop 29-12\ReverseTethering_2.30\AndroidTool.exeH:\Desktop 29-12\ReverseTethering_2.30\adb.exeC:\Users\HahaHeadshot\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\Hotspot Shield\bin\openvpntray.exeC:\Windows\system32\taskhost.exeF:\VLC\vlc.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\HahaHeadshot\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted.============== Pseudo HJT Report ===============.uProxyServer = ftp=70.116.71.141:32420;http=180.234.110.74:8080;https=70.116.71.141:32420;socks=70.116.71.141:32420uProxyOverride = <local>BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - f:\internet download manager\IDMIECC.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\microsoft office 2007\office12\GrooveShellExtensions.dllBHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\avast\aswWebRepIE.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\avast\aswWebRepIE.dlluRun: [QUBEE WCM] "c:\program files\qubee wcm\QUBEE WCM.exe" minimizeduRun: [IDMan] f:\internet download manager\IDMan.exe /onbootuRun: [Screenpresso] "c:\users\hahaheadshot\appdata\local\learnpulse\screenpresso\Screenpresso.exe" -startupuRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZEDuRun: [SandboxieControl] f:\sandboxie final\sbiectrl.exeuRun: [Advanced SystemCare 6] "f:\advanced systemcare 6\ASCTray.exe" /AutoStartmRun: [Malwarebytes' Anti-Malware] "f:\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /amRun: [avast] "f:\avast\avastUI.exe" /noguimRun: [ShaPlus Bandwidth Meter] "c:\program files\shaplus bandwidth meter\ShaPlus Bandwidth Meter" /sdRun: [Advanced SystemCare 5] "f:\advanced systemcare 5\ASCTray.exe" /AutoStartStartupFolder: c:\users\hahahe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hahaheadshot\appdata\roaming\dropbox\bin\Dropbox.exemPolicies-Explorer: NoDriveTypeAutoRun = dword:95mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: Customize Menu - f:\roboform\RoboFormComCustomizeIEMenu.htmlIE: Download all links with IDM - f:\internet download manager\IEGetAll.htmIE: Download with IDM - f:\internet download manager\IEExt.htmIE: E&xport to Microsoft Excel - f:\micros~1\office12\EXCEL.EXE/3000IE: Fill Forms - f:\roboform\RoboFormComFillForms.htmlIE: RoboForm Toolbar - f:\roboform\RoboFormComShowToolbar.htmlIE: Save Forms - f:\roboform\RoboFormComSavePass.htmlIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\microsoft office 2007\office12\ONBttnIE.dllIE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}LSP: %windir%\system32\vsocklib.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabTCP: NameServer = 180.234.0.193 180.234.0.197TCP: Interfaces\{3EEA6427-1FE0-40C9-A24E-B98783DB4F92} : DHCPNameServer = 180.234.0.193 180.234.0.197TCP: Interfaces\{4D9B5384-F63E-43EB-81DF-79B7693D6D57} : DHCPNameServer = 180.234.0.193 180.234.0.197TCP: Interfaces\{72B120FA-B5F8-476A-9969-EA92F2EDDB8B} : DHCPNameServer = 180.234.0.193Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - f:\microsoft office 2007\office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllAppInit_DLLs= c:\windows\system32\guard32.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\microsoft office 2007\office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\FF - prefs.js: browser.startup.homepage - hxxp://us-mg4.mail.yahoo.com/neo/launch?.rand=8eg2sb9i2ju0aFF - component: c:\users\hahaheadshot\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dllFF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dllFF - plugin: c:\users\hahaheadshot\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\users\hahaheadshot\appdata\locallow\unity\webplayer\loader\npUnity3D32.dllFF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: f:\acrobat\acrobat\browser\nppdf32.dllFF - plugin: f:\java\bin\npjpi170_10.dllFF - ExtSQL: 2013-01-07 01:13; CookiesIE@yahoo.com; c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\extensions\CookiesIE@yahoo.com.xpiFF - ExtSQL: 2013-01-15 18:29; {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}; c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpiFF - ExtSQL: 2013-01-15 18:31; cookieimporter@krk; c:\users\hahaheadshot\appdata\roaming\mozilla\firefox\profiles\n9ap4412.default\extensions\cookieimporter@krk.xpi.---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falseFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: browser.xul.error_pages.enabled - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.maxtextrun - 8191FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: dom.disable_window_status_change - trueFF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: content.max.tokenizing.time - 2250000.============= SERVICES / DRIVERS ===============.R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-11 61296]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-31 738504]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-31 361032]R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 19600]R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-9 242240]R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-11 36040]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;f:\advanced systemcare 6\ASCService.exe [2013-1-18 1026432]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-31 21256]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-31 58680]R2 avast! Antivirus;avast! Antivirus;f:\avast\AvastSvc.exe [2012-11-1 44808]R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-8-5 90112]R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-11 533288]R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-11 389928]R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-8-24 97632]R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamservice.exe [2012-7-19 655944]R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-8-2 15360]R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-4-19 5120]R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-8-1 719512]R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]R2 WACService;WACService;c:\program files\wondershare\wondershare application center\WACService.exe [2012-12-7 103272]R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-6-7 173880]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-4-12 131072]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]R3 SbieDrv;SbieDrv;f:\sandboxie final\SbieDrv.sys [2010-7-4 119016]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-11 37064]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 metasploitPostgreSQL;metasploitPostgreSQL;G:/MSF_IN~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "G:/MSF_IN~1/POSTGR~1/data" --> G:/MSF_IN~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]S2 VMwareHostd;VMware Workstation Server;f:\vmware installed\vmware-hostd.exe [2012-8-15 15680000]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520].=============== Created Last 30 ================.2013-01-15 18:13:47 -------- d-----w- c:\users\hahaheadshot\appdata\local\Learnpulse2013-01-15 17:35:24 -------- d-----w- c:\program files\WinHTTrack2013-01-15 17:25:58 -------- d-----w- c:\program files\YPOPs2013-01-15 17:25:57 -------- d-----w- c:\users\hahaheadshot\YPOPs2013-01-14 17:58:58 -------- d-----w- c:\users\hahaheadshot\appdata\roaming\FFSJ2013-01-14 17:53:19 794906 ----a-w- c:\windows\unins000.exe2013-01-14 17:53:19 -------- d-----w- c:\windows\system32\FFSJ2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys2013-01-08 19:08:45 -------- d-----w- c:\users\hahaheadshot\appdata\roaming\DiskSpaceFan2013-01-02 16:14:26 -------- d-----w- C:\emailextractor142013-01-01 05:14:28 -------- d-----w- c:\users\hahaheadshot\backup2013-01-01 05:14:26 -------- d-----w- c:\users\hahaheadshot\download2012-12-31 19:10:36 -------- d-----w- c:\program files\ShaPlus Bandwidth Meter.==================== Find3M ====================.2013-01-13 16:54:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-01-13 16:54:39 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-22 09:39:34 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-12-22 09:39:34 859072 ----a-w- c:\windows\system32\npdeployJava1.dll2012-12-22 09:39:34 779704 ----a-w- c:\windows\system32\deployJava1.dll2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr.============= FINISH: 13:35:15.60 ===============DDS attach log:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 17-Apr-12 11:04:07 PMSystem Uptime: 26-Jan-13 12:52:36 AM (13 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | 945GCM-S2CProcessor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | Socket 775 | 2400/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 20 GiB total, 2.534 GiB free.D: is FIXED (NTFS) - 49 GiB total, 32.757 GiB free.E: is FIXED (NTFS) - 98 GiB total, 13.522 GiB free.F: is FIXED (NTFS) - 98 GiB total, 28.721 GiB free.G: is FIXED (NTFS) - 49 GiB total, 29.206 GiB free.H: is FIXED (NTFS) - 49 GiB total, 10.655 GiB free.I: is FIXED (NTFS) - 104 GiB total, 38.785 GiB free.J: is CDROM ()L: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Teredo Tunneling AdapterDevice ID: ROOT\*TEREDO\0000Manufacturer: MicrosoftName: Teredo Tunneling Pseudo-InterfacePNP Device ID: ROOT\*TEREDO\0000Service: tunnel.==== System Restore Points ===================.RP179: 25-Jan-13 10:40:11 AM - Scheduled Checkpoint.==== Installed Programs ======================.µTorrent7-Zip 9.10 betaAdobe Acrobat 9 Pro - English, Français, DeutschAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Shockwave Player 11.6Advanced SystemCare 6AI RoboForm (All Users)avast! Free AntivirusCamtasia Studio 7Canon ScanGear StarterCanoScan Toolbox Ver4.9CCleanerClownfish for SkypeCoffeeCup HTML EditorCOMODO Internet SecurityDAEMON Tools LiteDisk Space Fan 4 (4.1.1.79)DropboxEmail Extractor 14 1.0ESET Online Scanner v3F.luxFile Shredder 2.5File Splitter and Joiner (FFSJ v3.3)Google ChromeGoogle DriveGoogle Update HelperGyazo 1.0Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)Hotspot Shield 2.83Internet Download ManagerJava 7 Update 10Java Auto UpdaterJava(TM) 6 Update 32JavaFX 2.1.0KeyScramblerLAME v3.99.3 (for Windows)Maintenance Samsung ML-1660 SeriesMalwarebytes Anti-Malware version 1.62.0.1300Manual CanoScan LiDE 25MetasploitMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SQL Server 2008 Management ObjectsMicrosoft SQL Server Compact 3.5 SP1 Design Tools EnglishMicrosoft SQL Server Compact 3.5 SP1 EnglishMicrosoft Visual Basic 2008 Express Edition with SP1 - ENUMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enuMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Movie Studio Platinum 12.0Mozilla Firefox (3.6)Mozilla Maintenance ServiceMSVCRT RedistsO&O Defrag ProfessionalOpenVPN 2.2.2PalringoPython 2.7.3QUBEE WiMAX Connection ManagerRecuvaSandboxie 3.46ScanSoft OmniPage SE 4.0ScreenpressoSES DriverShaPlus Bandwidth Meter 1.3.1SIW version 2011.10.29Skype™ 5.10SpotfluxSQL Server System CLR TypesStreamTransport version: 1.0.2.2171Stronghold 2SUPERAntiSpywareswMSMtools-freebsdtools-linuxtools-netwaretools-solaristools-windowstools-winPre2kTotal Video Converter 3.71 100812TrueCryptUnity Web PlayerVLC media player 1.1.10VMware WorkstationWinHTTrack Website Copier 3.46-1WinPcap 4.1.2WinRAR 4.00 (32-bit)Wireshark 1.8.4 (32-bit)Wondershare Application Center 1.0.0.58Wondershare MobileGo for Android ( Version 2.1.5 )YPOPs! 0.9.7.3.==== Event Viewer Messages From Past Week ========.25-Jan-13 10:02:44 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.25-Jan-13 10:02:44 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.25-Jan-13 10:01:50 AM, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.25-Jan-13 10:01:37 AM, Error: Service Control Manager [7000] - The metasploitPostgreSQL service failed to start due to the following error: The system cannot find the file specified.25-Jan-13 10:01:36 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.24-Jan-13 2:27:29 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit..==== End Of File ===========================PC does slow down at times for no reason.Do let me know if there's anything else I need to do. Thank you so much for your help (:P.S. I can't do anything that MIGHT make my pc crash, say run combofix or anything. I can't risk it. I have very important files on board and there's no place for me to take a backup. Hope you understand.Cheers. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 26, 2013 Staff ID:639514 Share Posted January 26, 2013 Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.[*]Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.[*]Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.[*]Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo Link to post Share on other sites More sharing options...
NeoX12 Posted January 27, 2013 Author ID:639923 Share Posted January 27, 2013 I'm having my exams this week.I'll need some time for doing all these....I hope you understand! (:I'll PM you once I'm done posting Thanks Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 27, 2013 Staff ID:639961 Share Posted January 27, 2013 no problem Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 2, 2013 Staff ID:642401 Share Posted February 2, 2013 Greetings I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools Gringo Link to post Share on other sites More sharing options...
NeoX12 Posted February 2, 2013 Author ID:642455 Share Posted February 2, 2013 Alright I'll be doing all the stuff in a minute.Hold up Link to post Share on other sites More sharing options...
NeoX12 Posted February 2, 2013 Author ID:642456 Share Posted February 2, 2013 Can you guarantee that I won't be losing any personal files/crash my computer when running these apps? Link to post Share on other sites More sharing options...
NeoX12 Posted February 2, 2013 Author ID:642457 Share Posted February 2, 2013 I ran Security Check: Results of screen317's Security Check version 0.99.57 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! COMODO Antivirus (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.62.0.1300 CCleaner JavaFX 2.1.0 Java 6 Update 32 Java 7 Update 10 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Mozilla Firefox (3.6) Firefox out of Date! Google Chrome 24.0.1312.52 Google Chrome 24.0.1312.56 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Comodo Firewall cmdagent.exe AvastSvc.exe AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 2, 2013 Staff ID:642598 Share Posted February 2, 2013 Hello NeoX12I cannot not guarantee that something will not go wrong and it is unfair of you to ask this from me- please refer to my first post where I ask you to backup your files just to prevent unforeseen things could happen Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 5, 2013 Staff ID:643801 Share Posted February 5, 2013 GreetingsI have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our toolsGringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 8, 2013 Staff ID:644845 Share Posted February 8, 2013 Hello 48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
LDTate Posted February 12, 2013 ID:646464 Share Posted February 12, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts