1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive regtask infection

Discussion in 'Malware and Virus Removal Archive' started by nazahahg, 2014/03/22.

Thread Status:
Not open for further replies.
  1. 2014/03/22
    nazahahg

    nazahahg Inactive Thread Starter

    Joined:
    2014/03/22
    Messages:
    1
    Likes Received:
    0
    [Inactive] regtask infection

    Hi, I need some help with this pesky malware. Please advise. Thanks in advance.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/16/2012 2:47:19 PM
    System Uptime: 3/21/2014 10:07:41 AM (31 hours ago)
    .
    Motherboard: Dell Inc. | | 0N7J7M
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 1196/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 256.333 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP213: 3/7/2014 12:14:06 PM - Windows Update
    RP214: 3/8/2014 12:21:53 PM - Windows Update
    RP215: 3/11/2014 8:19:15 PM - Windows Update
    RP217: 3/13/2014 8:51:34 AM - Windows Modules Installer
    RP218: 3/15/2014 11:12:10 AM - Windows Update
    RP219: 3/18/2014 6:46:05 PM - Windows Update
    RP221: 3/21/2014 9:19:26 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Ad-Aware Antivirus
    AdAwareInstaller
    AdAwareUpdater
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.06)
    Adobe Shockwave Player 11.6
    Aladdin Ghostscript 6.0
    Aladdin Ghostscript Fonts
    AntimalwareEngine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Bonjour
    BufferChm
    C4700
    Coupon Printer for Windows
    CutePDF Writer 2.8
    Destinations
    DeviceDiscovery
    Google Chrome
    Google Drive
    Google Earth
    Google Update Helper
    GPBaseService2
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    iCloud
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Microsoft .NET Framework 4.5.1
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 27.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network64
    OpenOffice.org 3.4
    Picasa 3
    PS_AIO_06_C4700_SW_Min
    QuickTime 7
    QuickTransfer
    Realtek USB 2.0 Card Reader
    Scan
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    SES Driver
    Shop for HP Supplies
    Skype Click to Call
    Skypeâ„¢ 6.11
    SmartWebPrinting
    SolutionCenter
    Status
    swMSM
    Toolbox
    TrayApp
    WebReg
    Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/22/2014 4:57:30 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C4633ABC-1F4C-4699-8BE4-C5E4E2AFFC79} because another computer on the network has the same name. The server could not start.
    3/20/2014 2:57:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    3/17/2014 8:34:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    3/17/2014 10:23:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.9.2
    Run by DBurdette at 17:45:05 on 2014-03-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.700 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Program Files (x86)\RegTask\RegTask.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.search.ask.com/?tpid=BCPA1-V7&o=APN10996&pf=V7&trgb=IE&p2=%5EB3I%5Eaaa003%5EAD%5EUS&gct=hp&apn_ptnrs=%5EB3I&apn_dtid=%5Eaaa003%5EAD%5EUS&apn_dbr=iexplore.exe_6_11.0.9600.16521&apn_uid=EDBEDE07-8D48-4F3B-9C64-1642F5C29616&itbv=12.10.2.4388&doi=2014-03-14&psv=
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Ask Toolbar: {42435041-312D-5637-00A7-7A786E7484D7} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Ask Toolbar: {42435041-312D-5637-00A7-7A786E7484D7} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Ask Toolbar: {42435041-312D-5637-00A7-7A786E7484D7} -
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe "
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll ",ProcessCleanupScript
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{C4633ABC-1F4C-4699-8BE4-C5E4E2AFFC79} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C4633ABC-1F4C-4699-8BE4-C5E4E2AFFC79}\143435D27457563747 : DHCPNameServer = 4.2.2.2
    TCP: Interfaces\{C4633ABC-1F4C-4699-8BE4-C5E4E2AFFC79}\649637368684F6573756 : DHCPNameServer = 192.168.10.1
    TCP: Interfaces\{C4633ABC-1F4C-4699-8BE4-C5E4E2AFFC79}\6596E656971627464456E64716C6 : DHCPNameServer = 192.168.1.5
    TCP: Interfaces\{C4633ABC-1F4C-4699-8BE4-C5E4E2AFFC79}\E4351402C696374756E696E676023747164796F6E6021343 : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Ask Toolbar: {42435041-312D-5637-00A7-7A786E7484D7} -
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Ask Toolbar: {42435041-312D-5637-00A7-7A786E7484D7} -
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe "
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\DBurdette\AppData\Roaming\Mozilla\Firefox\Profiles\1ynde01w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://nazahahgracielareyes@yahoo.com
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: !HIDDEN! 2012-07-22 15:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-16 76912]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-22 25928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-5-16 232480]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-17 59392]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2014-03-23 00:25:26 -------- d-----w- C:\Users\DBurdette\AppData\Roaming\Malwarebytes
    2014-03-23 00:24:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-23 00:24:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-03-23 00:24:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-23 00:24:02 -------- d-----w- C:\Users\DBurdette\AppData\Local\Programs
    2014-03-23 00:19:47 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00E20AC8-ECF8-49D8-8DDA-1690D2B4227F}\mpengine.dll
    2014-03-22 04:20:51 10521840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-20 19:57:20 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5788C89-BAF9-4AA1-9441-6CC8A6880151}\gapaengine.dll
    2014-03-15 00:49:17 -------- d-----w- C:\Users\DBurdette\AppData\Local\AskPartnerNetwork
    2014-03-14 15:52:34 -------- d-----w- C:\ProgramData\AskPartnerNetwork
    2014-03-14 15:52:33 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
    2014-03-14 15:52:12 -------- d-----w- C:\ProgramData\RegTask
    2014-03-14 15:52:06 -------- d-----w- C:\ProgramData\APN
    2014-03-14 15:52:04 -------- d-----w- C:\Program Files (x86)\RegTask
    2014-03-14 15:43:58 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF3E5596-F1B8-4C36-9BE4-A9C4FEA22772}\gapaengine.dll
    2014-03-12 20:47:05 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-03-12 20:47:03 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-03-12 20:47:03 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-03-12 20:47:02 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-03-12 20:47:00 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2014-03-12 20:47:00 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-12 20:47:00 184320 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
    2014-03-11 15:43:20 -------- d-----w- C:\Program Files\iPod
    2014-03-11 15:43:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-11 15:43:11 -------- d-----w- C:\Program Files\iTunes
    2014-03-11 15:43:11 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-03-11 15:35:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-03-11 15:35:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-03-11 15:35:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-03-11 15:35:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-03-11 15:35:30 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2014-03-08 20:42:39 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13FFC7D8-B2C8-4866-AB97-0FCEDD67ADFE}\gapaengine.dll
    2014-02-26 20:44:50 -------- d-----w- C:\Windows\Migration
    .
    ==================== Find3M ====================
    .
    2014-03-12 15:24:00 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-12 15:23:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-01-17 23:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2014-01-17 23:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2009-02-13 19:02:52 80896 ----a-w- C:\Program Files\devcon_amd64.exe
    .
    ============= FINISH: 17:46:41.13 ===============
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.22.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16521
    DBurdette :: DBURDETTE-PC [administrator]

    Protection: Enabled

    3/22/2014 5:27:36 PM
    mbam-log-2014-03-22 (17-27-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217547
    Time elapsed: 8 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Users\DBurdette\AppData\Local\Temp\RegTask\PIPAskToolbar\Offercast2802_BCPA_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
    C:\Users\DBurdette\Downloads\Firefox_Setup(1).exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
    C:\Users\DBurdette\Downloads\Firefox_Setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
    C:\Users\DBurdette\Downloads\PluginInstall.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
    C:\Users\DBurdette\Downloads\RegtaskTool_Installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

    (end)
     
    nazahahg,
    #1
  2. 2014/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] You're running two AV programs, MSE and Ad-aware.
    You must uninstall one of them.
    I suggest Ad-aware goes.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...