TechSpot

Infected dell... logs

By brokensynapse
Nov 24, 2013
  1. This computer is so slow...

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.24.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Rocket & Nova :: ROCKETNOVA-PC [administrator]

    11/24/2013 6:53:47 AM
    mbam-log-2013-11-24 (06-53-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202078
    Time elapsed: 12 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\$Recycle.Bin\S-1-5-21-3362603633-3251117629-434169299-1001\$RKYY5AY.exe (PUP.Adware.MediaGet) -> Quarantined and deleted successfully.
    C:\Users\Rocket & Nova\AppData\Local\Temp\uttA18A.tmp (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Rocket & Nova\AppData\Local\Temp\Addons\A011FC5A\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
    C:\Users\Rocket & Nova\AppData\Local\Temp\RarSFX1\bin\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Rocket & Nova\Downloads\freeopener_715.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Rocket & Nova\Downloads\tm-Installer_TreasureSeekers2.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

    (end)




    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
    Run by Rocket & Nova at 7:16:16 on 2013-11-24
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.894.204 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "C:\Users\Rocket & Nova\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
    mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{EEB5CA3C-2A67-4F2C-A4D6-B8DA2283E9F0} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{EEB5CA3C-2A67-4F2C-A4D6-B8DA2283E9F0}\259434B474541425 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{EEB5CA3C-2A67-4F2C-A4D6-B8DA2283E9F0}\E4544574541425 : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-23 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-23 205320]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-12 1032416]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-12 409832]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-12 38984]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-12 84328]
    R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\System32\drivers\b44amd64.sys [2009-6-10 87552]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-12 25928]
    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-13 20992]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-16 59392]
    .
    =============== Created Last 30 ================
    .
    2013-11-24 12:24:35--------d-----w-C:\Users\Rocket & Nova\AppData\Local\Programs
    2013-11-24 12:11:52--------d-----w-C:\Users\Rocket & Nova\AppData\Roaming\AVAST Software
    2013-11-24 10:06:5989600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-11-24 09:14:52--------d-----w-C:\Windows\System32\MRT
    2013-11-24 08:54:41633856----a-w-C:\Windows\System32\comctl32.dll
    2013-11-24 08:54:40530432----a-w-C:\Windows\SysWow64\comctl32.dll
    2013-11-24 08:54:33224256----a-w-C:\Windows\System32\wintrust.dll
    2013-11-24 08:54:33175104----a-w-C:\Windows\SysWow64\wintrust.dll
    2013-11-24 08:54:101474048----a-w-C:\Windows\System32\crypt32.dll
    2013-11-24 08:54:09140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2013-11-24 08:54:091168384----a-w-C:\Windows\SysWow64\crypt32.dll
    2013-11-24 08:54:09103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2013-11-24 08:54:08184320----a-w-C:\Windows\System32\cryptsvc.dll
    2013-11-24 08:54:08139776----a-w-C:\Windows\System32\cryptnet.dll
    2013-11-24 08:53:29497152----a-w-C:\Windows\System32\drivers\afd.sys
    2013-11-24 08:53:232048----a-w-C:\Windows\System32\tzres.dll
    2013-11-24 08:53:222048----a-w-C:\Windows\SysWow64\tzres.dll
    2013-11-24 08:53:07155584----a-w-C:\Windows\System32\drivers\ataport.sys
    2013-11-24 08:51:531888768----a-w-C:\Windows\System32\WMVDECOD.DLL
    2013-11-24 08:50:22404480----a-w-C:\Windows\System32\gdi32.dll
    2013-11-24 08:50:21311808----a-w-C:\Windows\SysWow64\gdi32.dll
    2013-11-24 08:50:18102608----a-w-C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2013-11-24 08:50:17124112----a-w-C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2013-11-24 08:49:57983488----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-11-24 08:44:18859648----a-w-C:\Windows\System32\IKEEXT.DLL
    2013-11-24 08:44:17830464----a-w-C:\Windows\System32\nshwfp.dll
    2013-11-24 08:44:17324096----a-w-C:\Windows\System32\FWPUCLNT.DLL
    2013-11-24 08:44:17216576----a-w-C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-11-24 08:44:16656896----a-w-C:\Windows\SysWow64\nshwfp.dll
    2013-11-24 08:42:53461312----a-w-C:\Windows\System32\scavengeui.dll
    2013-11-24 08:15:2675888----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C7D1AEE-8C7A-4175-862B-7B60E0DA286F}\offreg.dll
    2013-11-24 08:07:0010285968----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C7D1AEE-8C7A-4175-862B-7B60E0DA286F}\mpengine.dll
    2013-11-24 03:53:36205320----a-w-C:\Windows\System32\drivers\aswVmm.sys
    2013-11-24 03:53:2865776----a-w-C:\Windows\System32\drivers\aswRvrt.sys
    2013-11-24 01:49:44--------d-----w-C:\ProgramData\Oracle
    2013-11-24 01:45:1096168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-11-24 04:08:151032416----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2013-11-24 04:08:1384328----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2013-11-24 04:08:1092544----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2013-11-24 04:07:5743152----a-w-C:\Windows\avastSS.scr
    2013-11-24 04:06:59692616----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-24 04:06:5771048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-11 11:50:16267936------w-C:\Windows\System32\MpSigStub.exe
    2013-10-12 08:45:202241536----a-w-C:\Windows\System32\wininet.dll
    2013-10-12 08:43:373959808----a-w-C:\Windows\System32\jscript9.dll
    2013-10-12 08:43:3267072----a-w-C:\Windows\System32\iesetup.dll
    2013-10-12 08:43:32136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-10-12 07:03:501767936----a-w-C:\Windows\SysWow64\wininet.dll
    2013-10-12 07:02:332877952----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-10-12 07:02:2961440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-10-12 07:02:29109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-10-12 06:35:262706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-10-12 06:08:582706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-10-12 05:15:3971680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-10-04 02:28:31190464----a-w-C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17197120----a-w-C:\Windows\System32\credui.dll
    2013-10-04 02:24:491930752----a-w-C:\Windows\System32\authui.dll
    2013-10-04 01:58:50152576----a-w-C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25168960----a-w-C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:001796096----a-w-C:\Windows\SysWow64\authui.dll
    2013-09-25 02:26:4095680----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40154560----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:3328672----a-w-C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33135680----a-w-C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:0128160----a-w-C:\Windows\System32\secur32.dll
    2013-09-25 02:22:59340992----a-w-C:\Windows\System32\schannel.dll
    2013-09-25 02:21:50307200----a-w-C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:071447936----a-w-C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:1796768----a-w-C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:2622016----a-w-C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:57:24247808----a-w-C:\Windows\SysWow64\schannel.dll
    2013-09-25 01:56:42220160----a-w-C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:2430720----a-w-C:\Windows\System32\lsass.exe
    2013-09-08 02:30:371903552----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14327168----a-w-C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58231424----a-w-C:\Windows\SysWow64\mswsock.dll
    2013-08-29 02:17:485549504----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-08-29 02:16:351732032----a-w-C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28243712----a-w-C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14859648----a-w-C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28878080----a-w-C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:453969472----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:453914176----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:315120----a-w-C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:301292192----a-w-C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16619520----a-w-C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17640512----a-w-C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:1544032----a-w-C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:5325600----a-w-C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:527680----a-w-C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:5214336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:492048----a-w-C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:063155968----a-w-C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 7:18:35.48 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...