Results 1 to 3 of 3

Thread: trojan/fbi-moneypak/beesq/bing etc

  1. #1
    Junior Member
    Join Date
    Nov 2012
    Posts
    2

    Default

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450
    Run by stammberger at 21:27:07 on 2012-11-10
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.942 [GMT -8:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    C:\Windows\system32\crypserv.exe
    C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\ProgramData\Norton\NUA.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD.exe
    C:\Users\stammberger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N06BSSX2\aswMBR.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://yahoo.com/
    uLocal Page = about:blank
    uWindow Title = Microsoft Internet Explorer
    uSearch Bar = Preserve
    mStart Page = about:blank
    mLocal Page = about:blank
    mWindow Title = Microsoft Internet Explorer
    mDefault_Page_URL = about:blank
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll
    BHO: {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Updater For Xfinity.com Toolbar 3.1: {e6d0b79e-ecac-411b-8bf6-7a574981af30} -
    BHO: AVG Rewards: {EE8BD456-055B-40ce-8A17-9B7D4600264D} - C:\Program Files (x86)\AVG Rewards\AVGRewards.dll
    TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll
    TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [AdobeBridge] <no file>
    mRun: [eRecoveryService] <no file>
    StartupFolder: C:\Users\STAMMB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\stammberger\AppData\Roaming\2YourFace\Updater.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COLORV~1.LNK - C:\Program Files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - C:\Program Files (x86)\AVG Rewards\AVGRewards.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{2B4B5822-864C-449B-8364-535D89ED51C4} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
    Notify: SDWinLogon - SDWinLogon.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0AtCyEyDyBtB0DyDtAtAtN0D0Tzu0CtAtDyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=114689588
    x64-BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
    x64-TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - LocalServer32 - <no file>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]
    R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2012-11-9 18768]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121109.001\IDSviA64.sys [2012-11-9 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]
    R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2012-11-9 23376]
    R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-8-23 686896]
    R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2012-11-9 17232]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-6 50424]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-10 838136]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-10 166528]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-8 138912]
    S2 0290821352460105mcinstcleanup;McAfee Application Installer Cleanup (0290821352460105);C:\Windows\TEMP\029082~1.EXE -cleanup -nolog --> C:\Windows\TEMP\029082~1.EXE -cleanup -nolog [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-10 1122296]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-15 1038088]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2009-3-11 15360]
    S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2012-1-4 16640]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-3 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .js: jsfile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-11-01 18:54:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-01 18:54:24 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-10 10:03:53 65309168 ----a-w- C:\Windows\System32\mrt.exe
    2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-21 20:05:36 17080 ----a-w- C:\Windows\System32\roboot64.exe
    2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 11:15:45 17810944 ----a-w- C:\Windows\System32\mshtml.dll
    2012-08-24 10:39:42 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:22:46 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:18:46 237056 ----a-w- C:\Windows\System32\url.dll
    2012-08-24 10:17:03 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:14:34 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:12:04 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-08-24 10:11:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-08-24 10:10:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 10:04:06 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-08-24 07:27:00 12319744 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-08-24 07:03:49 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:50 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:49:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-08-24 06:48:38 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-08-24 06:47:36 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:45:46 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-08-24 06:44:35 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-08-24 06:44:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-24 06:40:11 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-08-20 09:23:36 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
    2012-08-20 09:23:36 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
    2012-08-20 09:23:36 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
    .
    ============= FINISH: 21:27:43.20 ===============

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-10 20:00:02
    -----------------------------
    20:00:02.200 OS Version: Windows x64 6.0.6002 Service Pack 2
    20:00:02.200 Number of processors: 2 586 0x6B02
    20:00:02.200 ComputerName: STAMMBERGER-PC UserName: stammberger
    20:00:07.856 Initialize success
    20:01:30.332 AVAST engine defs: 12111002
    20:01:57.148 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
    20:01:57.148 Disk 0 Vendor: Size: 0MB BusType: 0
    20:01:57.164 Disk 0 MBR read successfully
    20:01:57.180 Disk 0 MBR scan
    20:01:57.195 Disk 0 unknown MBR code
    20:01:57.195 Disk 0 MBR hidden
    20:01:57.211 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18944 MB offset 2048
    20:01:57.242 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143143 MB offset 38799360
    20:01:57.273 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143156 MB offset 331956224
    20:01:57.320 Disk 0 scanning C:\Windows\system32\drivers
    20:02:11.078 Service scanning
    20:02:37.438 Modules scanning
    20:02:37.438 Disk 0 trace - called modules:
    20:02:37.454 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor64.sys
    20:02:37.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f081f0]
    20:02:37.454 3 CLASSPNP.SYS[fffffa6000edec33] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8004b67060]
    20:02:38.109 AVAST engine scan C:\Windows
    20:02:41.806 AVAST engine scan C:\Windows\system32
    20:07:12.998 AVAST engine scan C:\Windows\system32\drivers
    20:07:39.156 AVAST engine scan C:\Users\stammberger
    20:17:41.171 AVAST engine scan C:\ProgramData
    20:31:57.938 Scan finished successfully
    21:32:06.751 Disk 0 MBR has been saved successfully to "C:\Users\stammberger\Desktop\MBR.dat"
    21:32:06.767 The log file has been saved successfully to "C:\Users\stammberger\Desktop\aswMBR.txt"


    after downloading several hard drive recovery programs I got a very annoying FBI Moneypak/Trojan virus which I removed with my norton antivirus program in combination with Malwarebytes BUT I still seem to have some roots infected my search tabs discolor depending of the page which I never experienced before I got this virus, I get sometimes connected to BING and other weird search engines (some I blogged and restricted but others still enter my system) I used many good programs over the past 48h in normal and in safe mode like norton, malwarebytes, trojan killer, Anvi Smart Defender and now Spybot they all seem to detect something (except malwarebytes and anvi they don't detect anything anymore at least in the last 24h the 3-4 scans I performed with them were unsuccessful) but the BING issue and the discolored search tabs issue remains...any ideas how to KILL this entirely? help would be APPRECIATED!!

    I was not able to send the attach.txt file to a compressed folder (it works with other files just not with this one)

    attach.txt
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/29/2009 5:32:09 PM
    System Uptime: 11/11/2012 4:12:13 PM (3 hours ago)
    .
    Motherboard: Acer | | WMCP78M
    Processor: Athlon 64 Dual Core 5000+ | Socket AM2 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 44.509 GiB free.
    D: is FIXED (NTFS) - 140 GiB total, 96.635 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1045: 11/9/2012 11:23:26 AM - Removed Microsoft Visual C++ 2005 Redistributable
    RP1047: 11/9/2012 3:31:16 PM - Removed Microsoft Visual C++ 2005 Redistributable
    RP1048: 11/10/2012 10:56:29 AM - Norton Security Suite Registry
    RP1050: 11/11/2012 12:17:15 AM - Norton Security Suite Registry
    RP1051: 11/11/2012 1:02:02 AM - ARO 2012 - Before Installation
    RP1052: 11/11/2012 1:31:39 AM - ARO 2012 Sun, Nov 11, 12 01:31
    .
    ==== Installed Programs ======================
    .
    Acer Arcade Live Main Page
    Acer Assist
    Acer DV Magician
    Acer DVDivine
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer GameZone Console DTV 2.0.1.1
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer Registration
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Anchor Service x64 CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe CMaps x64 CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Connect Add-in
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Drive CS4 x64
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Fonts All x64
    Adobe Linguistics CS4
    Adobe Linguistics CS4 x64
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDF Library Files x64 CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 (64 Bit)
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.1)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Type Support x64 CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe WinSoft Linguistics Plugin x64
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Agere Systems PCI-SV92EX Soft Modem
    Alice Greenfingers
    Anvi Smart Defender 1.6
    Apple Application Support
    Apple Software Update
    ARO 2012
    Ask Toolbar
    Ask Toolbar Updater
    ATT-RC Self Support Tool
    AVG Rewards
    Canon MOV Decoder
    Canon MOV Encoder
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Comcast High-Speed Internet Install Wizard
    Connect
    Desktop Doctor
    Driver Performer
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 26
    kuler
    LightScribe 1.4.142.1
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86_x64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Suite
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PDF Settings CS4
    PDF Settings CS5
    Photoshop Camera Raw
    Photoshop Camera Raw_x64
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    SDK
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Spybot - Search & Destroy
    Spyder2express
    Suite Shared Configuration CS4
    System Requirements Lab
    Trojan Killer
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    vShare Plugin
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2012 7:11:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP cdrom eeCtrl IDSVia64 NetworkX spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
    11/9/2012 7:10:00 PM, Error: EventLog [6008] - The previous system shutdown at 7:08:40 PM on 11/9/2012 was unexpected.
    11/9/2012 7:01:59 PM, Error: EventLog [6008] - The previous system shutdown at 6:59:28 PM on 11/9/2012 was unexpected.
    11/9/2012 6:53:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/9/2012 6:40:18 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
    11/9/2012 6:19:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    11/9/2012 10:31:20 PM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    11/8/2012 9:08:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    11/8/2012 9:00:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    11/8/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/8/2012 5:17:07 PM, Error: EventLog [6008] - The previous system shutdown at 5:12:11 PM on 11/8/2012 was unexpected.
    11/8/2012 10:37:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    11/7/2012 12:39:32 AM, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/6/2012 8:03:01 PM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
    11/11/2012 12:18:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    11/11/2012 1:48:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    11/10/2012 9:53:33 AM, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
    11/10/2012 6:29:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
    11/10/2012 6:29:06 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/10/2012 4:32:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: asdrm BHDrvx64 ccHP cdrom eeCtrl IDSVia64 NetworkX spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
    11/10/2012 4:32:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 4:31:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/10/2012 4:31:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/10/2012 4:31:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/10/2012 4:31:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/10/2012 10:22:34 AM, Error: EventLog [6008] - The previous system shutdown at 10:19:49 AM on 11/10/2012 was unexpected.
    .
    ==== End Of File ===========================


    p.s. I cannot se my compressed folder anymore, sorry

  2. #2
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello and welcome to Safer Networking.

    I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

    Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

    Please be patient with me during this time.

    Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

  3. #3
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •