Are these virus/trojan/harmful?

Inactive
By maddy smith
Jan 7, 2013
  1. 1.a hidden folder named RECYCLER.
    Inside that another hidden folder named S-1-5-21-343818398-1645522239-725345543-500.
    2.a hidden folder named $RECYCLE.BIN.
    3.a hidden folder named System volume information.

    When I try to open the above said folders it says "Access is denied".
    most of them have some sub-folders which cannot be opened at all.

    4.then there are a no-of 1kb .docx files being created whenever I open a .docx file. As soon as I close the .docx file the 1kb file also vanishes. A few times when they were still there I deleted them(and they appeared back).
    5.is svchost.exe harmful?
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome back to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. maddy smith

    maddy smith Newcomer, in training Topic Starter Posts: 25

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.08.02
    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    m.g.sastry :: MGSASTRY-PC [administrator]
    Protection: Enabled
    1/8/2013 12:18:00 PM
    mbam-log-2013-01-08 (12-18-00).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221265
    Time elapsed: 5 minute(s), 29 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  4. maddy smith

    maddy smith Newcomer, in training Topic Starter Posts: 25

    DDS.txt
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by m.g.sastry at 12:44:19 on 2013-01-08
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1973.858 [GMT 5.5:30]
    .
    AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
    C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\Windows\system32\vmnat.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Windows\system32\vmnetdhcp.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.co.in/
    BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
    TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:159
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: %SystemRoot%\system32\vsocklib.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{35569293-8DB3-4E72-A42A-C21332BE8B94} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-26 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-26 165584]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2012-11-25 353168]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-26 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-26 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-26 40384]
    R2 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2007-3-15 57344]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-8 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-8 682344]
    R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-11-29 196616]
    R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-1-6 578264]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-7-8 2320920]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
    R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-7-8 208552]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-8 21104]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-8 40776]
    S2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2012-4-30 11839488]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-26 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-26 40384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-23 77624]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-23 181432]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-7 1343400]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: KMPlayer.txt - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-08 06:46:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-01-08 06:46:22 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Malwarebytes
    2013-01-08 06:46:11 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-08 06:46:10 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-08 06:46:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-08 06:45:33 -------- d-----w- c:\users\m.g.sastry\appdata\local\Programs
    2013-01-07 17:26:38 -------- d-----w- c:\windows\system32\Wat
    2013-01-07 08:41:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-01-07 08:41:39 534528 ----a-w- c:\windows\system32\EncDec.dll
    2013-01-07 08:41:08 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2013-01-07 08:40:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2013-01-07 08:40:52 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2013-01-07 08:40:52 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2013-01-07 08:40:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2013-01-07 08:40:52 204288 ----a-w- c:\windows\system32\MSNP.ax
    2013-01-07 08:40:36 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 08:40:36 233472 ----a-w- c:\windows\system32\oleacc.dll
    2013-01-07 08:39:50 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
    2013-01-07 08:39:50 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2013-01-07 08:39:50 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2013-01-07 08:39:50 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2013-01-07 08:39:50 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2013-01-07 08:39:50 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2013-01-07 08:39:33 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2013-01-07 08:39:33 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2013-01-07 08:39:33 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2013-01-07 08:38:22 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-01-07 08:38:02 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2013-01-07 08:38:02 666624 ----a-w- c:\windows\system32\mssvp.dll
    2013-01-07 08:38:02 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2013-01-07 08:38:02 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
    2013-01-07 08:38:02 337408 ----a-w- c:\windows\system32\mssph.dll
    2013-01-07 08:38:02 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2013-01-07 08:38:02 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2013-01-07 08:38:02 1553920 ----a-w- c:\windows\system32\tquery.dll
    2013-01-07 08:38:02 1401856 ----a-w- c:\windows\system32\mssrch.dll
    2013-01-07 08:37:22 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-07 08:37:07 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2013-01-07 08:37:07 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2013-01-07 08:37:07 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2013-01-07 08:36:50 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2013-01-07 08:36:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-01-07 08:36:35 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-07 08:36:19 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2013-01-07 08:36:04 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2013-01-07 08:35:59 123904 ----a-w- c:\windows\system32\poqexec.exe
    2013-01-07 08:35:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-01-07 08:35:32 31232 ----a-w- c:\windows\system32\prevhost.exe
    2013-01-07 08:35:18 2614784 ----a-w- c:\windows\explorer.exe
    2013-01-07 08:35:02 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2013-01-07 08:35:02 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2013-01-07 08:34:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2013-01-07 08:34:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-01-07 08:34:16 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2013-01-07 08:34:16 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2013-01-07 08:34:02 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-01-07 08:33:48 802304 ----a-w- c:\windows\system32\FntCache.dll
    2013-01-07 08:33:48 739840 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-07 08:33:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2013-01-07 08:33:29 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2013-01-07 08:33:29 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2013-01-07 08:33:14 850432 ----a-w- c:\windows\system32\sbe.dll
    2013-01-07 08:33:14 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2013-01-07 08:33:14 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-07 08:31:45 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2013-01-07 08:31:45 573440 ----a-w- c:\windows\system32\odbc32.dll
    2013-01-07 08:31:45 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2013-01-07 08:31:45 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2013-01-07 08:31:45 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2013-01-07 08:31:19 109056 ----a-w- c:\windows\system32\t2embed.dll
    2013-01-07 08:31:08 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2013-01-07 08:31:08 1413632 ----a-w- c:\windows\system32\ole32.dll
    2013-01-07 08:30:54 954752 ----a-w- c:\windows\system32\mfc40.dll
    2013-01-07 08:30:54 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2013-01-07 08:30:45 530432 ----a-w- c:\windows\system32\comctl32.dll
    2013-01-07 08:30:32 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2013-01-07 08:30:11 101760 ----a-w- c:\windows\system32\consent.exe
    2013-01-07 08:29:48 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2013-01-07 08:29:48 496128 ----a-w- c:\windows\system32\taskschd.dll
    2013-01-07 08:29:48 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2013-01-07 08:29:48 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2013-01-07 08:29:48 192000 ----a-w- c:\windows\system32\taskeng.exe
    2013-01-07 08:29:48 179712 ----a-w- c:\windows\system32\schtasks.exe
    2013-01-07 08:29:30 417792 ----a-w- c:\windows\system32\msdri.dll
    2013-01-07 08:29:09 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
    2013-01-07 08:29:09 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2013-01-07 08:28:54 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2013-01-07 08:28:39 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2013-01-07 08:28:16 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2013-01-07 08:28:06 37376 ----a-w- c:\windows\system32\rtutils.dll
    2013-01-07 08:27:56 82944 ----a-w- c:\windows\system32\iccvid.dll
    2013-01-07 08:27:56 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2013-01-07 08:27:31 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2013-01-07 08:27:20 1619968 ----a-w- c:\program files\windows mail\msoe.dll
    2013-01-07 08:27:07 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-07 08:27:07 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-07 08:25:58 70656 ----a-w- c:\windows\system32\fontsub.dll
    2013-01-07 08:25:53 34816 ----a-w- c:\windows\system32\msasn1.dll
    2013-01-07 08:25:47 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2013-01-07 08:25:34 507568 ----a-w- c:\windows\system32\winload.exe
    2013-01-07 08:25:34 442920 ----a-w- c:\windows\system32\winresume.exe
    2013-01-07 08:25:34 293888 ----a-w- c:\windows\system32\atmfd.dll
    2013-01-07 08:25:34 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
    2013-01-06 07:00:49 -------- d-----w- c:\program files\PANDORA.TV
    2013-01-06 07:00:36 -------- d-----w- c:\program files\The KMPlayer
    2013-01-06 06:52:03 -------- d-----w- c:\program files\VS Revo Group
    2012-12-26 05:36:29 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-12-26 05:36:26 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-12-26 05:35:27 38848 ----a-w- c:\windows\avastSS.scr
    2012-12-24 07:34:26 701 ----a-w- c:\users\m.g.sastry\appdata\roaming\init.dll
    2012-12-24 07:34:23 701 ----a-w- c:\users\m.g.sastry\appdata\roaming\sound.dll
    2012-12-19 12:11:40 -------- d-----w- c:\program files\WinPcap
    2012-12-19 12:11:36 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Neoretix
    2012-12-17 15:27:46 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Wedding Album Maker
    2012-12-17 15:27:46 -------- d-----w- c:\programdata\Anvsoft
    2012-12-17 15:27:06 -------- d-----w- c:\program files\Wedding Album Maker Gold
    2012-12-17 14:59:07 -------- d-----w- c:\program files\Tracker Software
    2012-12-17 14:45:33 -------- d-----w- c:\program files\Image2PDF v1.8
    2012-12-15 16:52:55 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Nitro
    2012-12-15 16:52:22 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
    2012-12-15 16:52:22 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
    2012-12-15 16:52:01 -------- d-----w- c:\program files\Nitro
    2012-12-15 16:52:01 -------- d-----w- c:\program files\common files\Nitro
    2012-12-15 16:52:00 -------- d-----w- c:\programdata\Nitro
    2012-12-15 16:50:49 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Downloaded Installations
    2012-12-13 17:51:53 48 ----a-w- c:\users\m.g.sastry\appdata\roaming\tigersetting.dll
    2012-12-13 17:51:07 116736 ----a-w- c:\windows\system32\redmonnt.dll
    2012-12-13 17:51:03 94274 ----a-w- c:\windows\system32\HPBHEALR.DLL
    2012-12-13 17:51:03 58368 ----a-w- c:\windows\system32\HPDOMON.DLL
    2012-12-13 17:51:03 53248 ----a-w- c:\windows\system32\HPBMMON.DLL
    2012-12-13 17:51:02 -------- d-----w- c:\program files\qvPDF
    2012-12-13 17:51:00 -------- d-----w- c:\program files\PDFTiger
    .
    ==================== Find3M ====================
    .
    2013-01-07 08:26:56 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2013-01-06 07:31:52 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2012-10-29 03:09:28 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-10-29 03:09:26 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
    2006-02-19 07:12:26 495616 ----a-w- c:\program files\DJVU Reader.exe
    .
    ============= FINISH: 12:44:59.13 ===============
  5. maddy smith

    maddy smith Newcomer, in training Topic Starter Posts: 25

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/9/2011 8:45:49 AM
    System Uptime: 1/8/2013 10:12:22 AM (2 hours ago)
    .
    Motherboard: Intel Corporation | | DH55PJ
    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | XU1 | 2926/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 98 GiB total, 25.276 GiB free.
    D: is FIXED (NTFS) - 123 GiB total, 5.258 GiB free.
    E: is FIXED (NTFS) - 123 GiB total, 16.397 GiB free.
    F: is FIXED (NTFS) - 123 GiB total, 68.823 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: adfs
    Device ID: ROOT\LEGACY_ADFS\0000
    Manufacturer:
    Name: adfs
    PNP Device ID: ROOT\LEGACY_ADFS\0000
    Service: adfs
    .
    ==== System Restore Points ===================
    .
    RP157: 1/7/2013 1:55:00 PM - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS5.5
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Photoshop CS5.1
    Adobe Reader X
    Adobe Widget Browser
    Advanced SystemCare 4
    Amazon Kindle
    AutoUpdate
    avast! Pro Antivirus
    AVS Disc Creator version 2.1
    AVS Video Tools 5.1
    Boilsoft Video Joiner 6.22
    Boilsoft Video Splitter 6.01
    Cepstral Emily 4.2.0
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DiskRedactor
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Easy CD-DA Extractor 15
    FIFA 11
    Freemake Video Converter version 2.3.2
    GetFLV 9.1.1.1
    iFilmEdit 1.4
    Image2PDF v1.8
    Intel(R) Desktop Utilities
    Intel(R) Integrator Assistant
    Intel(R) Management Engine Components
    Intel(R) Network Connections 14.6.9.0
    Intel(R) Remote PC Assist
    IsoBuster 2.8.5
    Java Auto Updater
    Java(TM) 6 Update 31
    Laura
    Learn to Speak English Deluxe 10
    LG CyberLink LabelPrint
    LG CyberLink Power2Go
    LG CyberLink PowerBackup
    LG CyberLink PowerDVD
    LG CyberLink PowerProducer
    LG CyberLink YouCam
    LG ODD Auto Firmware Update
    LG Power Tools
    Logitech Desktop Messenger
    Logitech iTouch Software
    Logitech MouseWare 9.79.3
    Logitech Resource Center
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSI Afterburner 1.5.1
    MSVCRT Redists
    MSXML 4.0 SP2 Parser and SDK
    MyAppVerName
    MyFreeCodec
    NextUp-Acapela Brightspeech Heather22 US English Voice
    NextUp-Acapela Elan Graham22 UK English Voice
    NextUp-ScanSoft Daniel British Voice
    NextUp-ScanSoft Emily British Voice
    Nitro Pro 8
    NVIDIA Display Control Panel
    NVIDIA Drivers
    Pandora Service
    PCmover
    PDF-XChange Viewer
    PDF Settings CS5
    PDF/ePUB to Kindle Tool version 2.4.0
    PDFTiger
    PDFTiger Kernel
    PDFTigerDriver
    Photo to Cartoon
    Picasa 3
    QuickTime
    Rachel
    Rapture3D 2.4.4 Game
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Ryan
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Snagit 10
    Subtitle Workshop 2.51
    TextAloud 3.0
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    TubeHunter Ultra 4.31
    TURBO C++
    TypeFaster Typing Tutor
    Ultra Video Joiner 5.6.0801
    Ultra Video Splitter 5.4.0822
    Update for Microsoft Office 2010 (KB2494150)
    Vegas Pro 10.0
    Video Enhancer 1.9.8
    Video Fixer 3.23
    VLC media player 1.1.10
    VmciSockets
    VMware Workstation
    Wedding Album Maker Gold 3.50
    WinPcap 4.1.2
    WinRAR archiver
    WinZip
    Xilisoft Movie Maker 6
    Xilisoft Video Converter Ultimate 6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/8/2013 10:14:45 AM, Error: Service Control Manager [7023] -
    1/8/2013 10:13:24 AM, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
    1/8/2013 10:13:18 AM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    1/8/2013 10:12:44 AM, Error: volmgr [46] - Crash dump initialization failed!
    1/6/2013 8:20:42 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}. The error: "2" Happened while starting this command: E:\softwares\KMPlayerPortable\App\KMPlayer\KMPlayer.exe -Embedding
    1/6/2013 12:30:52 PM, Error: Service Control Manager [7030] - The PandoraService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/4/2013 8:03:07 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
  6. maddy smith

    maddy smith Newcomer, in training Topic Starter Posts: 25

    Not able to download 'adwcleaner'...
    asks me to update again and again.
    I've posted rest of the logs.
    thanks.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.