Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiSpyware Soft + Other goodies


  • This topic is locked This topic is locked
2 replies to this topic

#1 ug-

ug-

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 01 June 2010 - 04:01 PM

AntiSpyware Soft started appearing on my computer, at random so I went ahead and did a full scan with MBAM. Problem is, Every time I quarantine and remove the infections, they keep coming back.


DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by 2 at 16:54:46.76 on Tue 06/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2853 [GMT -4:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\iexplore.exe
C:\Users\2\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: adShotHlpr Object: {8b2e46d5-817c-4f51-bbea-ac123d64c224} - c:\windows\syswow64\rdaivytv.dll
BHO: moigh Object: {8d61e4b0-7cc2-4d29-9772-e19ff3cd60e8} - c:\windows\syswow64\kficuiok.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: voguecash browser enhancer: {c8fda639-fa7a-1e5e-57c6-20e88f06bc2e} - c:\windows\syswow64\fqgqeoabkirdc.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
uRun: [mcexecwin] rundll32.exe c:\users\2\appdata\local\temp\f3sbraek.dll, RestoreWindows
uRun: [vthkdwmr] c:\users\2\appdata\local\xkbunhfpq\iorqiektssd.exe
mRun: [skb] rundll32 "rdaivytv.dll",,Run
mRun: [bhotnwjbfgqvmljtd] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\fqgqeoabkirdc.dll"
mRun: [MChk] c:\windows\system32\sdprkbmc.exe
mRun: [iexplore] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\iexplore.exe"
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
mRun-x64: [Apoint] c:\program files\apoint\Apoint.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\2\appdata\roaming\mozilla\firefox\profiles\19qtj9xn.default\
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-28 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-7-1 55280]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 27152]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-11-26 5435904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-4-20 11392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-3-1 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9fa82af7d8e3b;Google Update Service (gupdate1c9fa82af7d8e3b);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-7-1 133104]
S2 iexplore;iexplore;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\iexplore.exe [2009-10-20 340456]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-16 14112]
S2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-4-28 120832]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-2 188928]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-7-1 19968]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-20 36392]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-4-20 300032]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-4-21 51120]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-8-15 12744]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4910.tmp [2010-6-1 6144]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-12-2 20480]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl64.sys [2009-7-9 21504]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-3-25 43664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-5 1255736]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-3 202752]
S4 AODService;AODService;c:\program files (x86)\amd\overdrive\AODAssist.exe [2010-2-22 136544]
S4 AVP;Kaspersky Internet Security;"c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe" -r --> c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [?]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-3-29 1038088]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\roxio\digital home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S4 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2010-5-21 167424]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010c\RpcAgentSrv.exe [2010-3-19 93336]
S4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\common files\sony shared\sohlib\SOHCImp.exe [2009-11-26 120104]
S4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\common files\sony shared\sohlib\SOHDBSvr.exe [2009-11-26 70952]
S4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\common files\sony shared\sohlib\SOHDms.exe [2009-11-26 427304]
S4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\common files\sony shared\sohlib\SOHDs.exe [2009-11-26 75048]
S4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\common files\sony shared\sohlib\SOHPlMgr.exe [2009-11-26 91432]
S4 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
S4 TunngleService;TunngleService;c:\program files (x86)\tunngle\TnglCtrl.exe [2010-3-1 685816]
S4 uCamMonitor;CamMonitor;c:\program files (x86)\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-7-1 104960]
S4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-7-22 642920]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-11-26 468264]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper64.exe [2009-7-1 110376]

=============== Created Last 30 ================

2010-06-01 20:03:50 6144 ------w- c:\windows\system32\4910.tmp
2010-06-01 20:03:41 0 d-----w- c:\program files (x86)\Sophos
2010-06-01 19:58:56 0 d-----w- c:\users\2\appdata\roaming\SUPERAntiSpyware.com
2010-06-01 19:58:56 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-01 19:58:54 0 d-----w- c:\programdata\SASCORE
2010-06-01 19:58:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-01 19:56:31 2335270 ----a-w- c:\windows\syswow64\be79710.mht
2010-06-01 19:32:10 0 d-----w- c:\programdata\Update
2010-06-01 19:31:59 197120 ----a-w- c:\windows\Qpevob.exe
2010-06-01 19:31:57 30000 ----a-w- c:\windows\syswow64\ve709r.dll
2010-06-01 19:31:49 77312 ----a-w- c:\users\2\appdata\roaming\0ca43a72.exe
2010-06-01 19:31:35 36858 ----a-w- c:\windows\syswow64\net.net
2010-05-31 03:42:58 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-05-31 03:42:58 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-31 03:42:58 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-05-31 03:42:57 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-05-31 03:42:57 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-05-31 03:42:57 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-31 03:42:57 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-05-31 03:42:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-05-31 03:42:57 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-05-31 03:42:57 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-29 18:08:37 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-28 21:26:46 0 d-----w- c:\users\2\appdata\roaming\Malwarebytes
2010-05-28 21:26:39 0 d-----w- c:\programdata\Malwarebytes
2010-05-28 21:26:38 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-28 21:26:38 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-05-28 20:57:36 750 ---ha-w- C:\aaw7boot.cmd
2010-05-28 20:57:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-28 20:49:58 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-28 20:49:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-28 20:47:37 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-28 20:47:30 0 d-----w- c:\programdata\Lavasoft
2010-05-28 20:47:30 0 d-----w- c:\program files (x86)\Lavasoft
2010-05-28 20:34:00 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 20:34:00 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-05-28 20:16:03 691 ----a-w- c:\users\2\appdata\roaming\GetValue.vbs
2010-05-28 20:16:03 35 ----a-w- c:\users\2\appdata\roaming\SetValue.bat
2010-05-28 20:15:39 1140 ----a-w- c:\windows\syswow64\tmp.reg
2010-05-28 20:15:24 79360 ----a-w- c:\windows\syswow64\swxcacls.exe
2010-05-28 20:15:24 75776 ----a-w- c:\windows\syswow64\WS2Fix.exe
2010-05-28 20:15:24 53248 ----a-w- c:\windows\syswow64\Process.exe
2010-05-28 20:15:24 51200 ----a-w- c:\windows\syswow64\dumphive.exe
2010-05-28 20:15:24 40960 ----a-w- c:\windows\syswow64\swsc.exe
2010-05-28 20:15:24 289144 ----a-w- c:\windows\syswow64\VCCLSID.exe
2010-05-28 20:15:24 288417 ----a-w- c:\windows\syswow64\SrchSTS.exe
2010-05-28 20:15:24 135168 ----a-w- c:\windows\syswow64\swreg.exe
2010-05-28 19:59:22 50981 ----a-w- c:\windows\syswow64\coxcospzjfesldsje.exe
2010-05-28 19:59:10 179200 ----a-w- c:\windows\Qpevoa.exe
2010-05-27 11:57:10 169472 ----a-w- c:\windows\syswow64\fqgqeoabkirdc.dll
2010-05-26 23:09:57 0 d-----w- c:\program files (x86)\Speccy
2010-05-26 18:40:27 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-26 18:40:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 05:38:04 309248 ----a-w- c:\windows\syswow64\kficuiok.dll
2010-05-25 05:37:48 327680 ----a-w- c:\windows\syswow64\rdaivytv.dll
2010-05-24 16:31:20 40633 ----a-w- c:\windows\syswow64\sdprkbmc.exe
2010-05-22 17:33:00 0 d-----w- C:\SetFSB
2010-05-21 20:48:10 0 d-----w- c:\program files (x86)\Lavalys
2010-05-21 20:19:06 59178 ----a-w- C:\test.xml
2010-05-17 20:02:37 0 d-----w- c:\users\2\appdata\roaming\Wireshark
2010-05-17 19:53:43 0 d-----w- c:\program files (x86)\MetaGeek
2010-05-17 19:44:54 0 d-----w- c:\program files (x86)\WinPcap
2010-05-17 19:44:25 0 d-----w- c:\program files\Wireshark
2010-05-17 18:44:06 0 d-----w- c:\users\2\appdata\roaming\Intel
2010-05-17 18:32:57 0 d-----w- c:\program files (x86)\Network Stumbler
2010-05-16 17:32:29 0 d-----w- c:\programdata\Media Center Programs
2010-05-16 17:32:27 0 d-----w- c:\program files (x86)\common files\BioWare
2010-05-16 17:23:45 0 d-----w- c:\program files (x86)\Mass Effect
2010-05-16 15:54:55 0 d-----w- c:\users\2\appdata\roaming\TuneUp Software
2010-05-12 17:02:34 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 17:02:34 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-07 05:46:07 0 d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-05-07 05:35:01 0 d-----w- c:\programdata\ATI
2010-05-07 05:33:58 0 d-----w- C:\AMD
2010-05-07 05:30:32 0 d-----w- c:\program files\ATI Technologies
2010-05-07 05:30:11 0 d-----w- C:\ATI
2010-05-07 05:12:28 0 d-----w- c:\program files\ATI
2010-05-07 04:49:00 1105 ----a-w- c:\windows\syswow64\atipblag.dat
2010-05-07 04:49:00 1105 ----a-w- c:\windows\system32\atipblag.dat
2010-05-04 06:30:06 61491 ----a-w- c:\windows\syswow64\wbemdisp.TLB
2010-05-04 06:30:06 431616 ----a-w- c:\windows\syswow64\temp.000
2010-05-04 06:30:06 203976 ----a-w- c:\windows\syswow64\RICHTX32.OCX
2010-05-04 06:30:05 0 d-----w- c:\program files (x86)\KLC
2010-05-03 06:02:49 0 d-----w- c:\program files (x86)\Practiline Source Code Line Counter
2010-05-02 21:29:26 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-05-02 21:26:51 0 d-----w- c:\programdata\SPC
2010-05-02 21:26:51 0 d-----w- c:\program files (x86)\My-Proxy

==================== Find3M ====================

2010-05-12 15:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-04-28 13:56:12 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-28 13:56:12 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll
2010-04-07 05:05:16 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-04-07 05:05:16 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2010-04-07 05:05:16 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2010-04-07 05:05:16 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2010-04-02 21:17:52 15426200 ----a-w- c:\windows\syswow64\xlive.dll
2010-04-02 21:17:52 13642904 ----a-w- c:\windows\syswow64\xlivefnt.dll
2010-03-25 23:52:36 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-03-18 21:23:04 20832 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 20:47:22 17760 ----a-w- c:\windows\syswow64\aspnet_counters.dll
2010-03-18 18:27:14 827744 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 17:16:28 771424 ----a-w- c:\windows\syswow64\msvcr100_clr0400.dll
2010-03-14 08:16:22 26112 ----a-w- c:\windows\system32\atitmp64.dll
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-03-04 09:26:04 86016 ----a-w- c:\windows\syswow64\frapsvid.dll
2010-03-04 09:26:02 84992 ----a-w- c:\windows\system32\frapsv64.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 12:21:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4156

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

6/1/2010 6:28:03 PM
mbam-log-2010-06-01 (18-28-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 453436
Time elapsed: 1 hour(s), 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8b2e46d5-817c-4f51-bbea-ac123d64c224} (Adware.EZlife) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b2e46d5-817c-4f51-bbea-ac123d64c224} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vthkdwmr (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bhotnwjbfgqvmljtd (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\SysWOW64\rdaivytv.dll (Adware.EZlife) -> No action taken.
C:\Users\1\Documents\Downloads\Longcat\Longcat\2.3\UF.exe (HackTool.Flooder) -> No action taken.
C:\Users\2\AppData\Local\syssvc.exe (Trojan.Downloader) -> No action taken.
C:\Users\2\AppData\Roaming\0ca43a72.exe (Trojan.TDSS) -> No action taken.
C:\Windows\System32\net.net (Trojan.Downloader) -> No action taken.
C:\Windows\System32\ve709r.dll (Trojan.Ertfor) -> No action taken.
C:\Windows\SysWOW64\net.net (Trojan.Downloader) -> No action taken.
C:\Windows\SysWOW64\ve709r.dll (Trojan.Ertfor) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\2\AppData\Local\xkbunhfpq\iorqiektssd.exe (Rogue.AntivirusSuite.Gen) -> No action taken.
C:\Windows\System32\fqgqeoabkirdc.dll (Trojan.Agent) -> No action taken.

Edited by ug-, 01 June 2010 - 05:56 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 03 June 2010 - 07:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 08 June 2010 - 08:02 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users