Inactive Trojan.Agent in svchost.exe

sasvil9

sasvil9

Hello, I did everything that was said to do in the 4 step preliminary instructions.


I have one question when you say delete the DDS from the desktop, the only two things on the desktop are the logs, delete those?

Logs to come in a few minutes.

Thanks to whomever responds :)
 
Well the MBAM log only has the number 2 on it. ALL of the logs, 4 of them, have the number 2 and thats it.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by st0176 at 23:39:37 on 2013-01-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2205 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Tango\Tango.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2009 Deluxe\Planner\PLNRnote.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{266E4A35-7AC5-425D-AAA6-F37179191079} : DHCPNameServer = 40.6.1.100
TCP: Interfaces\{971972E2-28FC-426D-830C-71E07DDD2ADA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{971972E2-28FC-426D-830C-71E07DDD2ADA}\052796671636970A96370A74F6C64656E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{971972E2-28FC-426D-830C-71E07DDD2ADA}\C435248373 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-15 52856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-3-7 17720]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-23 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-23 370288]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/03/28 08:18:00];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2011-3-28 146928]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-23 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-23 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-23 44808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 682344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-22 1153368]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-22 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-7 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-7 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-7 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 tepsrv;Tracks Eraser Service;C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe [2012-9-22 32768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-29 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-4 203264]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S4 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-5-18 5556520]
S4 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-5-18 127784]
.
=============== File Associations ===============
.
FileExt: .txt: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"
FileExt: .ini: GetDiz.Document="C:\Program Files (x86)\GetDiz\GetDiz.exe" "%1"
.
=============== Created Last 30 ================
.
2013-01-24 04:12:2954072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-01-24 04:12:26984144----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-01-24 04:12:2471600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-24 04:11:3641224----a-w-C:\Windows\avastSS.scr
2013-01-24 04:10:58--------d-----w-C:\ProgramData\AVAST Software
2013-01-24 04:10:58--------d-----w-C:\Program Files\AVAST Software
2013-01-24 02:44:30--------d-----w-C:\Users\st0176\AppData\Roaming\ParetoLogic
2013-01-24 02:44:30--------d-----w-C:\Users\st0176\AppData\Roaming\DriverCure
2013-01-24 02:44:16--------d-----w-C:\ProgramData\ParetoLogic
2013-01-23 17:13:57--------d-----w-C:\Users\st0176\AppData\Local\{45ADF0AF-BC06-4022-83EE-DFCFC45C8C4F}
2013-01-23 02:23:59--------d-----w-C:\Users\st0176\AppData\Local\{09EC0AE6-C3B4-4CBE-83DE-A935208D5A26}
2013-01-22 14:10:29--------d-----w-C:\Users\st0176\AppData\Local\{5E9F9AB6-0292-45C8-B5E3-161A247007A1}
2013-01-22 02:59:30--------d-----w-C:\Users\st0176\AppData\Local\Programs
2013-01-22 01:36:02--------d-----w-C:\Users\st0176\AppData\Local\{7A82C1BD-082C-4A44-8BC9-8B433FA8AE4E}
2013-01-21 13:33:13--------d-----w-C:\Users\st0176\AppData\Local\{71E5B2D3-667B-45C5-BF77-306FFA5C6C3D}
2013-01-20 14:52:50--------d-----w-C:\Users\st0176\AppData\Local\{9E7C00AD-56CF-4906-B93C-2991D7FA182B}
2013-01-20 01:31:51--------d-----w-C:\Users\st0176\AppData\Local\{88A48226-ECDD-4A7E-8CD3-9859E91CAF5E}
2013-01-19 13:21:48--------d-----w-C:\Users\st0176\AppData\Local\{473FADC0-85A1-41E0-8118-7F69CD1EE779}
2013-01-18 19:45:12--------d-----w-C:\Users\st0176\AppData\Local\{A2A784A7-2297-4E22-86BF-CEAE6D9DDDEB}
2013-01-17 14:43:51--------d-----w-C:\Users\st0176\AppData\Local\{6F23CBD8-579F-48C6-95B5-A5C88EC72F38}
2013-01-17 02:43:13--------d-----w-C:\Users\st0176\AppData\Local\{FEBB783F-D0B5-4EF3-B36F-05EF4C4D8B7D}
2013-01-16 14:23:50--------d-----w-C:\Users\st0176\AppData\Local\{0EEDF3D3-91D2-4049-A731-52A8524C60E0}
2013-01-15 13:40:13--------d-----w-C:\Users\st0176\AppData\Local\{05B78C4E-EC62-4708-81AB-F8129C2F7664}
2013-01-15 01:39:32--------d-----w-C:\Users\st0176\AppData\Local\{34C6C0BE-7E32-4B37-BF30-54D4DDD8FD72}
2013-01-14 13:29:34--------d-----w-C:\Users\st0176\AppData\Local\{D5B8AB53-7F47-41E1-8142-3445588148C6}
2013-01-13 18:03:35--------d-----w-C:\Users\st0176\AppData\Local\{5EED3847-6532-413E-B48E-C889F6D7EE58}
2013-01-12 15:07:21--------d-----w-C:\Users\st0176\AppData\Local\{E3AF463F-008C-443E-8C66-FFAEE79A20FD}
2013-01-12 02:52:47--------d-----w-C:\Users\st0176\AppData\Local\{AD8FE5AD-3456-486F-AC35-4D664EDCE175}
2013-01-11 13:05:56--------d-----w-C:\Users\st0176\AppData\Local\{C3431161-F471-4734-963F-19FB372F15DC}
2013-01-11 01:05:42--------d-----w-C:\Users\st0176\AppData\Local\{B65254D4-2AF1-4DA6-A8AD-F15EBBA8A689}
2013-01-10 12:49:23--------d-----w-C:\Users\st0176\AppData\Local\{E20BC7D3-5208-4F23-AF75-73BE6907EF50}
2013-01-09 15:22:26--------d-----w-C:\Users\st0176\AppData\Local\{553F803C-5DCA-44E8-8C82-0BCC0121AF72}
2013-01-09 02:17:50--------d-----w-C:\Users\st0176\AppData\Local\{CD5F2441-C4B7-4613-86C5-1FABBBDC83A6}
2013-01-08 13:15:50--------d-----w-C:\Users\st0176\AppData\Local\{A774DBE4-AB3A-4DEC-A3C6-312A8E138CB0}
2013-01-08 01:15:48--------d-----w-C:\Users\st0176\AppData\Local\{E7049B55-C7D5-4972-94FD-9EE1FD33614C}
2013-01-07 13:15:46--------d-----w-C:\Users\st0176\AppData\Local\{4FBD8B85-F947-4512-AF34-46C61F51FFA9}
2013-01-07 01:15:44--------d-----w-C:\Users\st0176\AppData\Local\{3257F5C6-967F-476C-9257-B3ED9CE3A289}
2013-01-06 13:15:42--------d-----w-C:\Users\st0176\AppData\Local\{A34E6C65-E0FF-4B76-948F-9FBD85B0BE41}
2013-01-05 16:41:41--------d-----w-C:\Users\st0176\AppData\Local\{47D6987F-0B9E-4EBB-B1A5-5EE50EDF6B98}
2013-01-05 02:16:52--------d-----w-C:\Users\st0176\AppData\Local\{54E0A138-08A4-4540-A681-5DB40AE1F486}
2013-01-04 14:16:46--------d-----w-C:\Users\st0176\AppData\Local\{E1B6F4A5-E751-45FF-A1A1-C009FC583D73}
2013-01-03 15:17:30--------d-----w-C:\Users\st0176\AppData\Local\{A6F3F641-3AA6-46A1-9069-6355B8BC4101}
2013-01-03 03:12:26--------d-----w-C:\Users\st0176\AppData\Local\{B60865AA-7C10-423A-A568-0EF944C2A31C}
2013-01-02 15:12:23--------d-----w-C:\Users\st0176\AppData\Local\{93514C8E-5887-4CAA-916C-8A89443D8CF6}
2013-01-01 15:43:07--------d-----w-C:\Users\st0176\AppData\Local\{930B2C7B-2002-48EA-8ED4-E9CE6CCA2C82}
2013-01-01 01:50:58--------d-----w-C:\Users\st0176\AppData\Local\{55669DAA-3A93-4987-B10C-E979930928F4}
2012-12-31 13:17:05--------d-----w-C:\Users\st0176\AppData\Local\{51421202-13FE-4537-B474-F9F189CCE5C9}
2012-12-30 15:45:58--------d-----w-C:\Users\st0176\AppData\Local\{CD8ED190-5B45-4A60-ABAE-8786F7E40697}
2012-12-29 14:57:19--------d-----w-C:\Users\st0176\AppData\Local\{AEF6CA6E-2F1E-45B8-BC29-C41BB8976FB2}
2012-12-28 15:45:39--------d-----w-C:\Users\st0176\AppData\Local\{3FE1644E-7E1B-46C0-8208-ABAFBF55DDDF}
2012-12-28 02:43:24--------d-----w-C:\Users\st0176\AppData\Local\{B6DAE021-CE7B-4136-AEF5-3E39A62580ED}
2012-12-27 15:28:12--------d-----w-C:\Program Files (x86)\Tango
2012-12-27 15:28:05--------d-----w-C:\Users\st0176\AppData\Local\tango
2012-12-27 14:19:07--------d-----w-C:\Users\st0176\AppData\Local\{7175BB7B-985C-4EB1-BF01-B32CB17C93BD}
2012-12-27 08:50:51--------d-----w-C:\Users\st0176\AppData\Local\{4D157B3B-904A-40AE-BE01-1183A2248F24}
2012-12-26 16:10:59--------d-----w-C:\Users\st0176\AppData\Local\{841482C1-0D95-4D3A-A3C1-71D63A871E17}
2012-12-26 00:08:34--------d-----w-C:\Users\st0176\AppData\Local\{7488F5DA-4C61-420A-9317-71E790CC343B}
.
==================== Find3M ====================
.
2013-01-22 01:34:0774248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-22 01:34:07697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-14 21:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-13 03:46:37916456----a-w-C:\Windows\System32\deployJava1.dll
2012-11-13 03:46:37108008----a-w-C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-13 03:46:371034216----a-w-C:\Windows\System32\npDeployJava1.dll
.
============= FINISH: 23:41:29.00 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2010 5:46:10 PM
System Uptime: 1/23/2013 11:30:43 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3638
Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 346.673 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 2.929 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP293: 10/1/2012 9:17:11 AM - Removed Corel Paint Shop Pro Photo X2.
RP294: 10/12/2012 12:12:25 PM - Scheduled Checkpoint
RP295: 11/12/2012 10:45:51 PM - Installed Java 7 Update 9 (64-bit)
RP296: 1/23/2013 11:10:24 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 7.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Amazon Kindle
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
avast! Free Antivirus
Bamboo
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Color Efex Pro 3.0 Wacom Edition 3
Compatibility Pack for the 2007 Office system
Corel VideoStudio 12
CyberLink DVD Suite
D3DX10
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
FileHippo.com Update Checker
GetDiz 4.5
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hallmark Card Studio 2009 Deluxe
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart SmartMenu
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
Hulu Desktop
Internet Explorer (Enable DEP)
Java 7 Update 9 (64-bit)
Java Auto Updater
Java(TM) 6 Update 15 (64-bit)
Java(TM) 6 Update 24
Java(TM) SE Development Kit 6 Update 15 (64-bit)
Junk Mail filter update
K-Lite Codec Pack 9.3.0 (Full)
LabelPrint
LightScribe System Software
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MRU-Blaster v1.5 (Database 3/28/2004)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
PDFCreator
PhotoNow!
Play Pickle
Power2Go
PowerDirector
QuickTime
RadioSure
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SereneScreen Marine Aquarium 3
Skype™ 5.10
Spybot - Search & Destroy
SpywareBlaster 4.6
Synaptics Pointing Device Driver
Tango
Tracks Eraser Pro v8.8 build 1001
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoStudio
Virtual DJ Pro Full - Atomix Productions
Visual Studio 2008 x64 Redistributables
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
1/23/2013 11:30:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
1/23/2013 11:30:56 PM, Error: volmgr [46] - Crash dump initialization failed!
1/21/2013 8:03:55 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/21/2013 8:03:55 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
1/20/2013 4:58:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer FREEDOM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{971972E2-28FC-426D-830C-71E07DDD2ADA}. The master browser is stopping or an election is being forced.
1/16/2013 9:23:32 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Ok I figured out why the MBAM didn't create a log, I just reran the quick scan, here is the log, let me know if I have to the the Last step over. I'm VERY confused, I keep getting pop ups with malware blocked and Quarantined, and the log tells me I have noproblems. I am really sick to my stomach over this, its all confusing. Thanks.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
st0176 :: ST0176-PC [administrator]

Protection: Enabled

1/24/2013 9:14:54 AM
mbam-log-2013-01-24 (09-14-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214160
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
You must log in or register to reply here.

Similar threads

midian182
OpenAI responds to Musk lawsuit by publishing his emails: Urged it to raise $1 billion,...
2
Replies
34
Views
8K
lonetac
L
midian182
Samsung receives $6.4 billion in CHIPS grants, will boost production in Texas
Replies
8
Views
87
kiwigraeme
K
midian182
Intel will receive up to $8.5 billion in funding, $11 billion in loans from the CHIPS Act
Replies
14
Views
233
Endymio
Endymio

Latest posts

Back