TechSpot

Trojan.Agent in svchost.exe

Inactive
By sasvil9
Jan 23, 2013
  1. Hello, I did everything that was said to do in the 4 step preliminary instructions.


    I have one question when you say delete the DDS from the desktop, the only two things on the desktop are the logs, delete those?

    Logs to come in a few minutes.

    Thanks to whomever responds :)
  2. sasvil9

    sasvil9 TS Rookie Topic Starter

    Well the MBAM log only has the number 2 on it. ALL of the logs, 4 of them, have the number 2 and thats it.
  3. sasvil9

    sasvil9 TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450
    Run by st0176 at 23:39:37 on 2013-01-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2205 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Tango\Tango.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{266E4A35-7AC5-425D-AAA6-F37179191079} : DHCPNameServer = 40.6.1.100
    TCP: Interfaces\{971972E2-28FC-426D-830C-71E07DDD2ADA} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{971972E2-28FC-426D-830C-71E07DDD2ADA}\052796671636970A96370A74F6C64656E6 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{971972E2-28FC-426D-830C-71E07DDD2ADA}\C435248373 : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: PFW - <no file>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-15 52856]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-3-7 17720]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-23 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-23 370288]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/03/28 08:18:00];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2011-3-28 146928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-23 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-23 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-23 44808]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 682344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-22 1153368]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-22 24176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-7 215040]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-7 36408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-7 216576]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 tepsrv;Tracks Eraser Service;C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe [2012-9-22 32768]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-6 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-29 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-4 203264]
    S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    S4 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-5-18 5556520]
    S4 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-5-18 127784]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"
    FileExt: .ini: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-24 04:12:2954072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2013-01-24 04:12:26984144----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2013-01-24 04:12:2471600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2013-01-24 04:11:3641224----a-w-C:\Windows\avastSS.scr
    2013-01-24 04:10:58--------d-----w-C:\ProgramData\AVAST Software
    2013-01-24 04:10:58--------d-----w-C:\Program Files\AVAST Software
    2013-01-24 02:44:30--------d-----w-C:\Users\st0176\AppData\Roaming\ParetoLogic
    2013-01-24 02:44:30--------d-----w-C:\Users\st0176\AppData\Roaming\DriverCure
    2013-01-24 02:44:16--------d-----w-C:\ProgramData\ParetoLogic
    2013-01-23 17:13:57--------d-----w-C:\Users\st0176\AppData\Local\{45ADF0AF-BC06-4022-83EE-DFCFC45C8C4F}
    2013-01-23 02:23:59--------d-----w-C:\Users\st0176\AppData\Local\{09EC0AE6-C3B4-4CBE-83DE-A935208D5A26}
    2013-01-22 14:10:29--------d-----w-C:\Users\st0176\AppData\Local\{5E9F9AB6-0292-45C8-B5E3-161A247007A1}
    2013-01-22 02:59:30--------d-----w-C:\Users\st0176\AppData\Local\Programs
    2013-01-22 01:36:02--------d-----w-C:\Users\st0176\AppData\Local\{7A82C1BD-082C-4A44-8BC9-8B433FA8AE4E}
    2013-01-21 13:33:13--------d-----w-C:\Users\st0176\AppData\Local\{71E5B2D3-667B-45C5-BF77-306FFA5C6C3D}
    2013-01-20 14:52:50--------d-----w-C:\Users\st0176\AppData\Local\{9E7C00AD-56CF-4906-B93C-2991D7FA182B}
    2013-01-20 01:31:51--------d-----w-C:\Users\st0176\AppData\Local\{88A48226-ECDD-4A7E-8CD3-9859E91CAF5E}
    2013-01-19 13:21:48--------d-----w-C:\Users\st0176\AppData\Local\{473FADC0-85A1-41E0-8118-7F69CD1EE779}
    2013-01-18 19:45:12--------d-----w-C:\Users\st0176\AppData\Local\{A2A784A7-2297-4E22-86BF-CEAE6D9DDDEB}
    2013-01-17 14:43:51--------d-----w-C:\Users\st0176\AppData\Local\{6F23CBD8-579F-48C6-95B5-A5C88EC72F38}
    2013-01-17 02:43:13--------d-----w-C:\Users\st0176\AppData\Local\{FEBB783F-D0B5-4EF3-B36F-05EF4C4D8B7D}
    2013-01-16 14:23:50--------d-----w-C:\Users\st0176\AppData\Local\{0EEDF3D3-91D2-4049-A731-52A8524C60E0}
    2013-01-15 13:40:13--------d-----w-C:\Users\st0176\AppData\Local\{05B78C4E-EC62-4708-81AB-F8129C2F7664}
    2013-01-15 01:39:32--------d-----w-C:\Users\st0176\AppData\Local\{34C6C0BE-7E32-4B37-BF30-54D4DDD8FD72}
    2013-01-14 13:29:34--------d-----w-C:\Users\st0176\AppData\Local\{D5B8AB53-7F47-41E1-8142-3445588148C6}
    2013-01-13 18:03:35--------d-----w-C:\Users\st0176\AppData\Local\{5EED3847-6532-413E-B48E-C889F6D7EE58}
    2013-01-12 15:07:21--------d-----w-C:\Users\st0176\AppData\Local\{E3AF463F-008C-443E-8C66-FFAEE79A20FD}
    2013-01-12 02:52:47--------d-----w-C:\Users\st0176\AppData\Local\{AD8FE5AD-3456-486F-AC35-4D664EDCE175}
    2013-01-11 13:05:56--------d-----w-C:\Users\st0176\AppData\Local\{C3431161-F471-4734-963F-19FB372F15DC}
    2013-01-11 01:05:42--------d-----w-C:\Users\st0176\AppData\Local\{B65254D4-2AF1-4DA6-A8AD-F15EBBA8A689}
    2013-01-10 12:49:23--------d-----w-C:\Users\st0176\AppData\Local\{E20BC7D3-5208-4F23-AF75-73BE6907EF50}
    2013-01-09 15:22:26--------d-----w-C:\Users\st0176\AppData\Local\{553F803C-5DCA-44E8-8C82-0BCC0121AF72}
    2013-01-09 02:17:50--------d-----w-C:\Users\st0176\AppData\Local\{CD5F2441-C4B7-4613-86C5-1FABBBDC83A6}
    2013-01-08 13:15:50--------d-----w-C:\Users\st0176\AppData\Local\{A774DBE4-AB3A-4DEC-A3C6-312A8E138CB0}
    2013-01-08 01:15:48--------d-----w-C:\Users\st0176\AppData\Local\{E7049B55-C7D5-4972-94FD-9EE1FD33614C}
    2013-01-07 13:15:46--------d-----w-C:\Users\st0176\AppData\Local\{4FBD8B85-F947-4512-AF34-46C61F51FFA9}
    2013-01-07 01:15:44--------d-----w-C:\Users\st0176\AppData\Local\{3257F5C6-967F-476C-9257-B3ED9CE3A289}
    2013-01-06 13:15:42--------d-----w-C:\Users\st0176\AppData\Local\{A34E6C65-E0FF-4B76-948F-9FBD85B0BE41}
    2013-01-05 16:41:41--------d-----w-C:\Users\st0176\AppData\Local\{47D6987F-0B9E-4EBB-B1A5-5EE50EDF6B98}
    2013-01-05 02:16:52--------d-----w-C:\Users\st0176\AppData\Local\{54E0A138-08A4-4540-A681-5DB40AE1F486}
    2013-01-04 14:16:46--------d-----w-C:\Users\st0176\AppData\Local\{E1B6F4A5-E751-45FF-A1A1-C009FC583D73}
    2013-01-03 15:17:30--------d-----w-C:\Users\st0176\AppData\Local\{A6F3F641-3AA6-46A1-9069-6355B8BC4101}
    2013-01-03 03:12:26--------d-----w-C:\Users\st0176\AppData\Local\{B60865AA-7C10-423A-A568-0EF944C2A31C}
    2013-01-02 15:12:23--------d-----w-C:\Users\st0176\AppData\Local\{93514C8E-5887-4CAA-916C-8A89443D8CF6}
    2013-01-01 15:43:07--------d-----w-C:\Users\st0176\AppData\Local\{930B2C7B-2002-48EA-8ED4-E9CE6CCA2C82}
    2013-01-01 01:50:58--------d-----w-C:\Users\st0176\AppData\Local\{55669DAA-3A93-4987-B10C-E979930928F4}
    2012-12-31 13:17:05--------d-----w-C:\Users\st0176\AppData\Local\{51421202-13FE-4537-B474-F9F189CCE5C9}
    2012-12-30 15:45:58--------d-----w-C:\Users\st0176\AppData\Local\{CD8ED190-5B45-4A60-ABAE-8786F7E40697}
    2012-12-29 14:57:19--------d-----w-C:\Users\st0176\AppData\Local\{AEF6CA6E-2F1E-45B8-BC29-C41BB8976FB2}
    2012-12-28 15:45:39--------d-----w-C:\Users\st0176\AppData\Local\{3FE1644E-7E1B-46C0-8208-ABAFBF55DDDF}
    2012-12-28 02:43:24--------d-----w-C:\Users\st0176\AppData\Local\{B6DAE021-CE7B-4136-AEF5-3E39A62580ED}
    2012-12-27 15:28:12--------d-----w-C:\Program Files (x86)\Tango
    2012-12-27 15:28:05--------d-----w-C:\Users\st0176\AppData\Local\tango
    2012-12-27 14:19:07--------d-----w-C:\Users\st0176\AppData\Local\{7175BB7B-985C-4EB1-BF01-B32CB17C93BD}
    2012-12-27 08:50:51--------d-----w-C:\Users\st0176\AppData\Local\{4D157B3B-904A-40AE-BE01-1183A2248F24}
    2012-12-26 16:10:59--------d-----w-C:\Users\st0176\AppData\Local\{841482C1-0D95-4D3A-A3C1-71D63A871E17}
    2012-12-26 00:08:34--------d-----w-C:\Users\st0176\AppData\Local\{7488F5DA-4C61-420A-9317-71E790CC343B}
    .
    ==================== Find3M ====================
    .
    2013-01-22 01:34:0774248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-22 01:34:07697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-14 21:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-13 03:46:37916456----a-w-C:\Windows\System32\deployJava1.dll
    2012-11-13 03:46:37108008----a-w-C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-11-13 03:46:371034216----a-w-C:\Windows\System32\npDeployJava1.dll
    .
    ============= FINISH: 23:41:29.00 ===============
  4. sasvil9

    sasvil9 TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/21/2010 5:46:10 PM
    System Uptime: 1/23/2013 11:30:43 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3638
    Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 782/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 448 GiB total, 346.673 GiB free.
    D: is FIXED (NTFS) - 18 GiB total, 2.929 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP293: 10/1/2012 9:17:11 AM - Removed Corel Paint Shop Pro Photo X2.
    RP294: 10/12/2012 12:12:25 PM - Scheduled Checkpoint
    RP295: 11/12/2012 10:45:51 PM - Installed Java 7 Update 9 (64-bit)
    RP296: 1/23/2013 11:10:24 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements 7.0
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player
    Amazon Kindle
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Bamboo
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Color Efex Pro 3.0 Wacom Edition 3
    Compatibility Pack for the 2007 Office system
    Corel VideoStudio 12
    CyberLink DVD Suite
    D3DX10
    DVD Menu Pack for HP MediaSmart Video
    ENE CIR Receiver Driver
    FileHippo.com Update Checker
    GetDiz 4.5
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hallmark Card Studio 2009 Deluxe
    HP 3D DriveGuard
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart SmartMenu
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    Hulu Desktop
    Internet Explorer (Enable DEP)
    Java 7 Update 9 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 15 (64-bit)
    Java(TM) 6 Update 24
    Java(TM) SE Development Kit 6 Update 15 (64-bit)
    Junk Mail filter update
    K-Lite Codec Pack 9.3.0 (Full)
    LabelPrint
    LightScribe System Software
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MRU-Blaster v1.5 (Database 3/28/2004)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Online Backup
    PDFCreator
    PhotoNow!
    Play Pickle
    Power2Go
    PowerDirector
    QuickTime
    RadioSure
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    RocketDock 1.3.5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SereneScreen Marine Aquarium 3
    Skype™ 5.10
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    Synaptics Pointing Device Driver
    Tango
    Tracks Eraser Pro v8.8 build 1001
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VideoStudio
    Virtual DJ Pro Full - Atomix Productions
    Visual Studio 2008 x64 Redistributables
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/23/2013 11:30:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    1/23/2013 11:30:56 PM, Error: volmgr [46] - Crash dump initialization failed!
    1/21/2013 8:03:55 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/21/2013 8:03:55 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    1/20/2013 4:58:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer FREEDOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{971972E2-28FC-426D-830C-71E07DDD2ADA}. The master browser is stopping or an election is being forced.
    1/16/2013 9:23:32 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
  5. sasvil9

    sasvil9 TS Rookie Topic Starter

    Ok I figured out why the MBAM didn't create a log, I just reran the quick scan, here is the log, let me know if I have to the the Last step over. I'm VERY confused, I keep getting pop ups with malware blocked and Quarantined, and the log tells me I have noproblems. I am really sick to my stomach over this, its all confusing. Thanks.

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.24.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    st0176 :: ST0176-PC [administrator]

    Protection: Enabled

    1/24/2013 9:14:54 AM
    mbam-log-2013-01-24 (09-14-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214160
    Time elapsed: 4 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How is this going?
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.