Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Win 7 antivirus scam
07-01-2012, 09:24 PM
Post: #1
Win 7 antivirus scam
I just got infected with the fake windows antivirus errr virus? It installs a fake 'virus scanner' that purports to show all the threats to your system which it will 'fix' if you submit your credit card details etc etc. It also stopped me acessing the internet- instead redirecting to register the phony antivirus software. I ran a malwarebytes scan after disconnecting from the internet (it wasn't possible before) which found 5 threats and successfully deleted them after a reboot.

everything seems fairly normal now but I just wanted to check that my system was in the clear- I ran a full system scan with avast after rebooting and that found nothing...

here are the dds files:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Bitey at 19:13:43 on 2012-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8099.5242 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Windows\system32\wbem\wmiprvse.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pcspecialist.co.uk/
uDefault_Page_URL = hxxp://www.pcspecialist.co.uk/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{A23E193E-F80C-4417-91CA-00A72835A680} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{A23E193E-F80C-4417-91CA-00A72835A680}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A23E193E-F80C-4417-91CA-00A72835A680}\4656661657C647 : DhcpNameServer = 194.168.4.100 192.168.123.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bitey\AppData\Roaming\Mozilla\Firefox\Profiles\9qdgkg8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDrive​r.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-25 494424]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-20 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-20 2348864]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-1-27 33792]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-8 2656280]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-19 135584]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-01-07 18:20:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C97246F-29EA-45C9-909D-25BBF7BA02F3}\offreg.dll
2012-01-07 17:23:54 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-01-07 17:22:45 -------- d-----w- C:\Users\Bitey\AppData\Roaming\BitTorrent
2012-01-05 15:41:59 -------- d-----w- C:\Users\Bitey\AppData\Local\{1F48A284-5E85-450E-99DB-14ACD544750C}
2012-01-05 15:41:47 -------- d-----w- C:\Users\Bitey\AppData\Local\{AA6EF762-DEC7-498F-8686-EDBB9C24E9C6}
2012-01-03 17:52:10 -------- d-----w- C:\Users\Bitey\AppData\Local\{08DF3F40-3841-4896-9DB3-0BAE8A8542AB}
2012-01-03 17:51:53 -------- d-----w- C:\Users\Bitey\AppData\Local\{1980ABC5-A9A4-4365-A27D-10183E6F7EE1}
2012-01-03 11:25:53 -------- d-----w- C:\Program Files (x86)\GTK2-Runtime
2012-01-03 11:11:59 -------- d-----w- C:\Users\Bitey\AppData\Roaming\deluge
2012-01-02 11:26:20 -------- d-----w- C:\Users\Bitey\AppData\Local\{D3FE32F2-481E-46F1-A007-7F171B7FF89A}
2012-01-02 11:26:04 -------- d-----w- C:\Users\Bitey\AppData\Local\{EA8474E7-9141-4688-B015-4327E9EEA056}
2011-12-31 10:49:18 -------- d-----w- C:\Users\Bitey\AppData\Local\{0BF782FC-7068-4C80-90B4-56CD2179F491}
2011-12-31 10:49:02 -------- d-----w- C:\Users\Bitey\AppData\Local\{B7B41B3B-43D1-4F98-8BA2-FD76B441EC11}
2011-12-30 11:56:02 -------- d-----w- C:\Users\Bitey\AppData\Local\{FAB131B3-1B2E-4B6A-87D5-1B84453D3886}
2011-12-30 11:55:50 -------- d-----w- C:\Users\Bitey\AppData\Local\{DF3FA54D-25C7-45D2-BC5D-BA038EB31286}
2011-12-30 11:46:41 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C97246F-29EA-45C9-909D-25BBF7BA02F3}\mpengine.dll
2011-12-29 19:33:46 -------- d-----w- C:\Users\Bitey\AppData\Local\{88AF1506-5BE6-47FE-B6A5-35447DEBB599}
2011-12-29 19:33:35 -------- d-----w- C:\Users\Bitey\AppData\Local\{70FEF605-A015-479A-95C2-6DAAC3E8982A}
2011-12-29 14:23:47 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-29 14:23:47 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-29 14:23:47 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-29 14:23:47 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-28 09:36:14 -------- d-----w- C:\Users\Bitey\AppData\Local\{06CBEDF2-5E76-4E40-B5B2-66BC6DD07C07}
2011-12-28 09:35:52 -------- d-----w- C:\Users\Bitey\AppData\Local\{8F14D8D3-825E-4FD6-AF4B-159078505D73}
2011-12-26 14:16:38 -------- d-----w- C:\Users\Bitey\AppData\Local\{DF18B29D-9995-4739-B097-75423B6966D9}
2011-12-26 14:16:20 -------- d-----w- C:\Users\Bitey\AppData\Local\{216AEFD2-F7E9-4181-85D9-953D563EF24A}
2011-12-26 10:39:16 -------- d-----w- C:\Program Files (x86)\DVD Shrink
2011-12-25 21:06:08 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2011-12-25 21:03:40 -------- d-----w- C:\Users\Bitey\AppData\Local\Ilivid Player
2011-12-25 21:03:14 -------- d-----w- C:\Program Files (x86)\iLivid
2011-12-25 21:02:53 -------- d-----w- C:\Users\Bitey\AppData\Local\PackageAware
2011-12-25 20:31:30 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-12-25 20:23:52 -------- d-----w- C:\Program Files (x86)\SlySoft
2011-12-25 18:18:28 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2011-12-25 11:55:20 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2011-12-25 11:45:11 27992 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2011-12-25 11:45:11 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2011-12-25 11:43:45 -------- d-----w- C:\Users\Bitey\AppData\Roaming\IObit
2011-12-25 11:40:49 -------- d-----w- C:\ProgramData\IObit
2011-12-25 11:40:49 -------- d-----w- C:\Program Files (x86)\IObit
2011-12-25 10:01:50 -------- d-----w- C:\Users\Bitey\AppData\Local\{BE7533B5-3769-47DB-92C3-86327EF3394E}
2011-12-25 10:01:36 -------- d-----w- C:\Users\Bitey\AppData\Local\{41BC883D-14CF-475B-B423-177E0DE04620}
2011-12-24 09:16:41 -------- d-----w- C:\Users\Bitey\AppData\Local\{63175224-73F0-4BBA-8D78-0A1FC24D5D50}
2011-12-24 09:16:21 -------- d-----w- C:\Users\Bitey\AppData\Local\{E188D8A0-7F33-474D-9C74-596C74F7188D}
2011-12-23 12:56:35 -------- d-----w- C:\Users\Bitey\AppData\Local\{1AA89AAF-288A-43A1-92C1-D00DDBEA881C}
2011-12-23 12:56:23 -------- d-----w- C:\Users\Bitey\AppData\Local\{9C74F76E-C4FA-492D-9852-4A461CE1256F}
2011-12-22 18:29:16 -------- d-----w- C:\Users\Bitey\AppData\Local\{19C039F7-6C8E-44C4-9ED9-685538A6AD3E}
2011-12-22 18:29:00 -------- d-----w- C:\Users\Bitey\AppData\Local\{FD15EEBE-5592-4714-8149-10224DDED0C0}
2011-12-21 17:41:30 -------- d-----w- C:\Program Files (x86)\Hamster Soft
2011-12-21 17:19:57 -------- d-----w- C:\Program Files (x86)\Nero
2011-12-21 10:12:24 -------- d-----w- C:\Program Files (x86)\Enterbrain
2011-12-21 09:20:34 -------- d-----w- C:\Users\Bitey\AppData\Local\{2089122D-1B73-4DB4-91D9-AA96BFB08094}
2011-12-21 09:20:20 -------- d-----w- C:\Users\Bitey\AppData\Local\{D7FC9A58-BBC8-4D56-98F3-C6A720F33481}
2011-12-20 19:59:56 -------- d-----w- C:\Users\Bitey\AppData\Local\{8F6AFA77-D5A6-4529-BCC4-50D446D03A62}
2011-12-20 19:59:44 -------- d-----w- C:\Users\Bitey\AppData\Local\{723ECBCD-5B6B-4B0C-B893-DF7FDF5B5C03}
2011-12-20 19:30:08 -------- d-----w- C:\Windows\SysWow64\NV
2011-12-20 19:30:08 -------- d-----w- C:\Windows\System32\NV
2011-12-20 19:28:06 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-12-20 19:28:06 839488 ----a-w- C:\Windows\System32\nv3dappshext.dll
2011-12-20 19:28:06 63296 ----a-w- C:\Windows\System32\nvshext.dll
2011-12-20 19:28:06 6004544 ----a-w- C:\Windows\System32\nvcpl.dll
2011-12-20 19:28:06 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2011-12-20 19:28:06 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-12-20 19:28:06 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-12-20 19:28:06 2417322 ----a-w- C:\Windows\System32\nvcoproc.bin
2011-12-20 19:28:06 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2011-12-20 19:27:26 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-12-19 22:55:48 -------- d-----w- C:\Users\Bitey\AppData\Local\{82B665DA-EA34-4A7E-BBA4-19936374D528}
2011-12-19 22:55:31 -------- d-----w- C:\Users\Bitey\AppData\Local\{51079892-F4F9-4A1D-ABBE-30EAD9D95759}
2011-12-19 17:50:11 -------- d-----w- C:\Program Files (x86)\Futuremark
2011-12-19 09:24:45 -------- d-----w- C:\Users\Bitey\AppData\Local\{0DA9A610-74BD-4554-A411-4C7DEEBDE052}
2011-12-19 09:24:25 -------- d-----w- C:\Users\Bitey\AppData\Local\{64FBAAF2-454A-44D5-BAF7-44156641CCC9}
2011-12-18 16:16:54 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain
2011-12-18 10:44:03 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-12-18 10:02:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-18 10:02:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-18 10:02:16 -------- d-----w- C:\Users\Bitey\AppData\Local\{7C1BF810-000F-411B-9EBB-19B9F7CC2592}
2011-12-18 10:01:37 -------- d-----w- C:\Users\Bitey\AppData\Local\{81ED20DB-CECB-4270-ADC2-B67400FB38CB}
.
==================== Find3M ====================
.
2011-12-19 12:59:13 88480 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2011-12-19 12:59:12 46400 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2011-12-18 12:51:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 14:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 19:15:36.56 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/05/2011 15:28:21
System Uptime: 07/01/2012 18:18:06 (1 hours ago)
.
Motherboard: CLEVO CO. | | W150HRM
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 244 GiB total, 55.841 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 454 GiB total, 365.037 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP175: 01/01/2012 17:44:14 - IObit Uninstaller restore point
RP176: 01/01/2012 18:02:30 - Windows Modules Installer
RP177: 03/01/2012 11:20:37 - IObit Uninstaller restore point
RP178: 07/01/2012 17:01:22 - IObit Uninstaller restore point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.1
Advanced SystemCare 5
Apple Application Support
Apple Software Update
avast! Free Antivirus
BBC iPlayer Desktop
BisonCam
BitTorrent
ChiconyCam
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Crysis® 2
D3DX10
Dawn of War - Soulstorm
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.1.3.8 (09/12/2011) Qt
Empire: Total War
Forsaken World
Futuremark SystemInfo
Game Booster 3
GTK2-Runtime
Hamster Free Video Converter
Hotkey 3.3023
Intel® Management Engine Components
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 26
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mount&Blade With Fire and Sword
Mozilla Firefox 8.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Napoleon: Total War
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
OLYMPUS Master 2
Portal
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Renesas Electronics USB 3.0 Host Controller Driver
RGSS-RTP Standard
RPGXP
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sid Meier's Civilization V - Demo
Smart Defrag 2
SoulSeek 157 NS 13e
Steam
System Requirements Lab
System Requirements Lab CYRI
The Witcher
Total War: SHOGUN 2 Demo
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
Waves Demo
WebCam Installer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
06/01/2012 11:01:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
06/01/2012 11:01:27, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================




thanks for any help, Ralph
Send this user an email Find all posts by this user
Quote this message in a reply
08-01-2012, 04:25 AM
Post: #2
RE: Win 7 antivirus scam
Hello Ralph! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Quote:everything seems fairly normal now but I just wanted to check that my system was in the clear

After you have internet access again you are not scanning with Malwarebytes' Anti-Malware again, right? If not:

Please read our rules for p2p software in your case BitTorrent here:
http://www.techmonkeys.co.uk/Thread-rule...g-software

Next, please run Malwarebytes' Anti-Malware, click on Update tab and then Check For Updates. Perform a full system scan and post the results in your next reply.

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
10-01-2012, 12:08 AM (This post was last modified: 10-01-2012 12:43 AM by biteyleper.)
Post: #3
RE: Win 7 antivirus scam
I had already updated after I ran the first scan (or before- can't quite remember which) so I didn't need to do that again but heres the malwarebytes logfile which suggests i'm in the clear:

Malwarebytes Anti-Malware 1.60.0.1800
http://www.malwarebytes.org

Database version: v2012.01.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bitey :: HAL [administrator]

09/01/2012 22:11:42
mbam-log-2012-01-09 (22-11-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 443868
Time elapsed: 29 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Send this user an email Find all posts by this user
Quote this message in a reply
10-01-2012, 12:12 AM
Post: #4
RE: Win 7 antivirus scam
Good! Smile

Let's do one more check:


  1. Please run a free online scan with the ESET Online Scanner

    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
10-01-2012, 09:46 PM
Post: #5
RE: Win 7 antivirus scam
Ok I did the eset scan which found 3 threats, but after it completed I was given the option of deleting the threats and uninstalling the program both of which I selected and as a result there doesn't seem to be a logfile to post.

Also when I looked at the logfile before I completed the eset process and unistalled, it didn't have anything in it apart from a couple of lines something about confirming the download/installation of eset nothing about the scan itself...
Send this user an email Find all posts by this user
Quote this message in a reply
10-01-2012, 10:09 PM
Post: #6
RE: Win 7 antivirus scam
How is your system now?

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
12-01-2012, 02:33 PM
Post: #7
RE: Win 7 antivirus scam
Seems normal I guess, but then it seemed normal before I did the eset scan too!
Send this user an email Find all posts by this user
Quote this message in a reply
12-01-2012, 09:52 PM
Post: #8
RE: Win 7 antivirus scam
Let's do one more check for this reason:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
[Image: AVPfront.gif]


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
[Image: avpsettings.gif]

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and post it in your next reply here.

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
14-01-2012, 02:27 AM
Post: #9
RE: Win 7 antivirus scam
ok then, the Kapersky scan finally finished and found no threats- I guess I don't need to post the log in this case? its 104 mb anyhow and failed to respond when I tried opening it myself...
Send this user an email Find all posts by this user
Quote this message in a reply
14-01-2012, 01:20 PM
Post: #10
RE: Win 7 antivirus scam
I don't need it in this case (found no threats). It seems clean. If you want additional scans - I could suggest something.

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: